内联挂钩后,在'mkdir()'系统调用中'pathname'参数的内容不可读

时间:2018-11-03 12:48:09

标签: c linux-kernel hook system-calls

我正在尝试内联挂钩系统调用。挂钩函数是这样的:

asmlinkage long hooked_mkdir(const char __user *pathname, umode_t mode) {
        static char *msg = "hooked sys_mkdir(), mkdir name: ";
        printk("%s%s", msg, pathname);

        //print hex content to check bug.
        int i;
        for (i = 0; pathname[i] != '\0'; i++) {
            printk("\\x%x", pathname[i]);
        }

        return old_mkdir(pathname, mode);
}

现在我mkdir 3个目录分别命名为 111 222 333 。系统调用已成功完成。但是,pathname不可读:

[ 4856.148778] hooked sys_mkdir(), mkdir name: `\xd0\xf1
                                                        \xfe
[ 4856.148779] \x60
[ 4856.148780] \xffffffd0
[ 4856.148780] \xfffffff1
[ 4856.148780] \xc
[ 4856.148781] \xfffffffe
[ 4856.148781] \x7f
[ 4859.028686] hooked sys_mkdir(), mkdir name: \xd0
                                                   \xad\xac\xfd
[ 4859.028687] \xffffffd0
[ 4859.028688] \xb
[ 4859.028688] \xffffffad
[ 4859.028688] \xffffffac
[ 4859.028688] \xfffffffd
[ 4859.028689] \x7f
[ 4861.413464] hooked sys_mkdir(), mkdir name: \x90|\xb1\xf3\xff
[ 4861.413465] \xffffff90
[ 4861.413465] \x7c
[ 4861.413465] \xffffffb1
[ 4861.413466] \xfffffff3
[ 4861.413466] \xffffffff

我不清楚如何解释pathname参数的内容。

1 个答案:

答案 0 :(得分:1)

请注意,您是通过__user指针进行打印的。为了实际访问此数据,您必须首先对已知大小的结构/缓冲区使用strncpy_from_usercopy_from_user之类的东西。

相关问题
最新问题