我想覆盖netstat-Tunap的读取函数,当我为netstat-Tunap运行strace时,我感兴趣的覆盖部分就是这里的这一部分,
openat(AT_FDCWD, "/proc/net/tcp", O_RDONLY) = 3
read(3, " sl local_address rem_address "..., 4096) = 300
write(1, "tcp 0 0 192.168.32.1"..., 101tcp 0 0 192.168.32.128:59904 192.168.32.129:9001 ESTABLISHED 17186/python ) = 101
read(3, "", 4096) = 0
close(3)
我想要的是在这里查看这行缓冲区的内容
read(3, " sl local_address rem_address "..., 4096) = 300
但是我LD_PREALOADING的读取库只给我打印文件描述符为5的读取缓冲区,文件描述符为5的读取是这样的
read(5, "unconfined\n", 4095) = 11
我如何修复它,让它也打印文件描述符为3的缓冲区?
这是我在图书馆使用的程序,
#define _GNU_SOURCE
#include <stdio.h>
#include <dlfcn.h>
#include <unistd.h>
static ssize_t (*read_original)(int fd, void *buf, size_t count) = NULL;
ssize_t read(int fd, void *buf, size_t count) {
ssize_t result;
// Initialize the original read function if it hasn't been already
if (!read_original) {
read_original = dlsym(RTLD_NEXT, "read");
if (!read_original) {
fprintf(stderr, "Error: Unable to load the original read function\n");
return -1;
}
}
// Call the original read function
result = read_original(fd, buf, count);
// Print the buffer's contents for non-zero reads
if (result > 0 && (fd == 3 || fd == 4 || fd == 5)) {
printf("Read from fd %d, %zd bytes: ", fd, result);
for (ssize_t i = 0; i < result; ++i) {
printf("%02x ", ((unsigned char *)buf)[i]);
}
printf("\n");
}
return result;
}
我创建的库如下所示
gcc -shared -fPIC -o hider.so hide_read4.c -ldl个
我就是这样经营的
LD_PRELOAD=/path/to/lib/hider.so netstat -tunap个
这是我运行此命令时的输出
Read from fd 5, 11 bytes: 75 6e 63 6f 6e 66 69 6e 65 64 0a
Read from fd 5, 11 bytes: 75 6e 63 6f 6e 66 69 6e 65 64 0a
Read from fd 5, 11 bytes: 75 6e 63 6f 6e 66 69 6e 65 64 0a
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 ip1:59904 ip2:9001 ESTABLISHED 17186/python
udp 0 0 ip1:68 ip3:67 ESTABLISHED -