aes_encrypt()函数挂钩

时间:2016-01-20 09:45:53

标签: aes reverse-engineering

我想知道正在执行AES加密的进程的pid。我编写了以下函数挂钩代码:

#include <stdio.h>
#include <unistd.h>
#include <dlfcn.h>
#include <openssl/aes.h>

void AES_encrypt(const unsigned char *in_var, unsigned char *out_var,
const AES_KEY *key_var)
{
  void (*new_aes_encrypt)(const unsigned char *in_var, unsigned char *out_var,
  const AES_KEY *key_var);

  new_aes_encrypt = dlsym(RTLD_NEXT, "AES_encrypt");
  FILE *logfile = fopen("logfile", "a+");
  fprintf(logfile, "Process %d:nn%snnn", getpid(), (char *)in_var);
  fclose(logfile);
  new_aes_encrypt(in_var, out_var, key_var);
}

然后在终端我做了以下事情:

#gcc aes_hook.c -o aes_hook.so -fPIC -shared -lssl -D_GNU_SOURCE 
#export LD_PRELOAD="/<directory location>/aes_hook.so"

但是,当我启动AES加密(通过虚拟进程)时,我无法在日志文件中获取它的pid。为什么这个钩子不起作用?

* P.S。:以下是AES_encrypt(在OpenSSL的aes.h中)声明执行AES加密的声明。

void AES_encrypt(const unsigned char *in, unsigned char *out,
    const AES_KEY *key)

0 个答案:

没有答案