admin管理员组

文章数量:1277403

I have written this following code:

#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <dlfcn.h>
#include <time.h>

// Log file location
#define LOG_FILE "/home/maifee/cmd-log.log"

// Function to get the process name
void get_process_name(pid_t pid, char *name, size_t len) {
    char path[256];
    snprintf(path, sizeof(path), "/proc/%d/comm", pid);
    FILE *file = fopen(path, "r");
    if (file) {
        fgets(name, len, file);
        name[strcspn(name, "\n")] = 0; // Remove newline character
        fclose(file);
    } else {
        strncpy(name, "unknown", len);
    }
}

// Override execve
int execve(const char *filename, char *const argv[], char *const envp[]) {
    // Get the original execve function
    int (*original_execve)(const char *, char *const[], char *const[]) = dlsym(RTLD_NEXT, "execve");

    // Log the command to a file
    FILE *log_file = fopen(LOG_FILE, "a");
    if (log_file) {
        pid_t pid = getpid();
        pid_t ppid = getppid();
        char pname[256], ppname[256];
        get_process_name(pid, pname, sizeof(pname));
        get_process_name(ppid, ppname, sizeof(ppname));
        // print time [2025.12.30 23:59:59]
        time_t t = time(NULL);
        struct tm tm = *localtime(&t);
        fprintf(log_file, "[%d.%d.%d %d:%d:%d] ", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec);
        fprintf(log_file, "PID: %d (%s), PPID: %d (%s), Command: ", pid, pname, ppid, ppname);
        for (int i = 0; argv[i]; i++) {
            fprintf(log_file, "%s ", argv[i]);
        }
        fprintf(log_file, "\n");
        fclose(log_file);
    }

    // NEVER call execve directly, it will cause an infinite loop
    // NEVER remove this line
    return original_execve(filename, argv, envp);
}

And I compile it using the following command:

gcc -shared -fPIC -o ld_preload_hook.so ld_preload_hook.c -ldl

And then I set the LD_PRELOAD environment variable to the path of the shared object file:

export LD_PRELOAD=$PWD/ld_preload_hook.so

And then I reload the shell:

source ~/.zshrc
source ~/.bashrc

And it generates the log file, which is great. But the issue is it just generate these few specific commands:

[2025.2.25 1:30:43] PID: 8062 (lesspipe), PPID: 8061 (lesspipe), Command: basename /usr/bin/lesspipe 
[2025.2.25 1:30:43] PID: 8064 (lesspipe), PPID: 8063 (lesspipe), Command: dirname /usr/bin/lesspipe 
[2025.2.25 1:32:39] PID: 9658 (lesspipe), PPID: 9657 (lesspipe), Command: basename /usr/bin/lesspipe 
[2025.2.25 1:32:39] PID: 9660 (lesspipe), PPID: 9659 (lesspipe), Command: dirname /usr/bin/lesspipe

That's all I tried restarting my device, restarting the shell again. Nothing works. Tried ls, dir and many other commands.

But the result stays the same. I am using Ubuntu 20.04.3 LTS. I am not sure what I am doing wrong. Can anyone help me with this? I am just learning hooks by implementing, right now.

本文标签: cLDPRELOAD Hook only logging a few commands on Ubuntu 20043 LTSStack Overflow

版权声明:本文标题:c - LD_PRELOAD Hook only logging a few commands on Ubuntu 20.04.3 LTS - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741244672a2364645.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。