我想知道正在执行AES加密的进程的pid。我编写了以下函数挂钩代码:
#include <stdio.h>
#include <unistd.h>
#include <dlfcn.h>
#include <openssl/aes.h>
void AES_encrypt(const unsigned char *in_var, unsigned char *out_var,
const AES_KEY *key_var)
{
void (*new_aes_encrypt)(const unsigned char *in_var, unsigned char *out_var,
const AES_KEY *key_var);
new_aes_encrypt = dlsym(RTLD_NEXT, "AES_encrypt");
FILE *logfile = fopen("logfile", "a+");
fprintf(logfile, "Process %d:nn%snnn", getpid(), (char *)in_var);
fclose(logfile);
new_aes_encrypt(in_var, out_var, key_var);
}
然后在终端我做了以下事情:
#gcc aes_hook.c -o aes_hook.so -fPIC -shared -lssl -D_GNU_SOURCE
#export LD_PRELOAD="/<directory location>/aes_hook.so"
但是,当我启动AES加密(通过虚拟进程)时,我无法在日志文件中获取它的pid。为什么这个钩子不起作用?
* P.S。:以下是AES_encrypt(在OpenSSL的aes.h中)声明执行AES加密的声明。
void AES_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key)