做了一些优化

Author: AndroidReverser-Test

README.md

@@ -3,15 +3,15 @@
 
 
 # 如何使用
-在成功加载本项目的kpm模块后(可通过**dmesg | grep +Test-Log+**命令查看详细日志)，再使用项目user目录下的uprobe_trace_user.h文件提供的用户层接口进行编程即可。
+在成功加载本项目的kpm模块后，可通过 **dmesg | grep +Test-Log+** 命令查看模块日志，再使用项目user目录下的uprobe_trace_user.h文件提供的用户层接口进行编程即可。trace的输出结果在tracefs文件系统下，可通过 **mount | grep tracefs** 命令查看tracefs所在位置，一般都是在/sys/kernel/tracing，通过 **echo "1" >> /sys/kernel/tracing/tracing_on** 开启日志后通过 **cat /sys/kernel/tracing/trace_pipe | grep +Test-Log+** 查看trace的结果。
 
 **set_module_base**函数用于设置要hook so的基址(打印函数偏移需要用到)。
 
 **set_target_uid**函数用于设置要hook的app的uid(过滤输出需要)。
 
 **set_target_file**函数用于设置要hook so的路径(必须是完整路径)。
 
-**set_fun_offset**函数用于在so文件的指定偏移处设置uprobe挂载点，并可传递指定函数名。
+**set_fun_info**函数用于在so文件的指定偏移处设置uprobe挂载点，并可传递指定函数名。
 
 **clear_all_uprobes**函数用于清除所有的uprobe挂载点。
 

kernel_trace.c

@@ -1,6 +1,7 @@
 #include <log.h>
 #include <compiler.h>
 #include <kpmodule.h>
+#include <linux/printk.h>
 #include <linux/cred.h>
 #include <taskext.h>
 #include <linux/printk.h>
@@ -12,7 +13,7 @@
 #include "kernel_trace.h"
 
 KPM_NAME("kernel_trace");
-KPM_VERSION("1.0.0");
+KPM_VERSION("2.0.0");
 KPM_LICENSE("GPL v2");
 KPM_AUTHOR("Test");
 KPM_DESCRIPTION("use uprobe trace some fun in kpm");
@@ -24,7 +25,7 @@ int (*kern_path)(const char *name, unsigned int flags, struct path *path) = 0;
 struct inode *(*igrab)(struct inode *inode) = 0;
 void (*path_put)(const struct path *path) = 0;
 void (*rcu_read_unlock)(void) = 0;
-unsigned long (*perf_instruction_pointer)(struct pt_regs *regs) = 0;
+int (*trace_printk)(unsigned long ip, const char *fmt, ...) = 0;
 
 
 char file_name[MAX_PATH_LEN];
@@ -43,7 +44,7 @@ void before_mincore(hook_fargs3_t *args, void *udata){
     }
 
     int trace_info = trace_flag-TRACE_FLAG;
-    if(trace_info==SET_MODULE_OFFSET){
+    if(trace_info==SET_FUN_INFO){
         if(unlikely(hook_num==MAX_HOOK_NUM)){
             logke("+Test-Log+ MAX_HOOK_NUM:%d\n",MAX_HOOK_NUM);
             goto error_out;
@@ -126,19 +127,38 @@ void before_mincore(hook_fargs3_t *args, void *udata){
 }
 
 
-static int trace_handler(struct uprobe_consumer *self, struct pt_regs *regs){
+static int trace_handler(struct uprobe_consumer *self, struct mpt_regs *regs){
     struct task_struct *task = current;
     struct cred* cred = *(struct cred**)((uintptr_t)task + task_struct_offset.cred_offset);
     uid_t uid = *(uid_t*)((uintptr_t)cred + cred_offset.uid_offset);
+    struct my_key_value *tfun;
+    unsigned long fun_offset;
     if(uid==target_uid){
-        unsigned long fun_offset = perf_instruction_pointer(regs)-module_base;
-        struct my_key_value *tfun = search_key_value(&fun_info_tree,fun_offset);
-        if(likely(tfun)){
-            logkd("+Test-Log+ fun_name:%s,fun_offset:0x%llx calling\n",tfun->value,fun_offset);
+        fun_offset = regs->pc-module_base;
+        tfun = search_key_value(&fun_info_tree,fun_offset);
+        if(tfun){
+            goto target_out;
+        }else{
+            fun_offset = fun_offset - 0x1000;
+            tfun = search_key_value(&fun_info_tree,fun_offset);
+            if(likely(tfun)){
+                goto target_out;
+            }
         }
-//        logkd("+Test-Log+ fun_offset:%llx\n",perf_instruction_pointer(regs)-module_base);
+    }else{
+        goto no_target_out;
+    }
+    
+target_out:
+    logkd("+Test-Log+ fun_name:%s,fun_offset:0x%llx calling\n",tfun->value,fun_offset);
+    int trace_printk_ret = trace_printk(_THIS_IP_,"+Test-Log+ fun_name:%s,fun_offset:0x%llx calling\n",tfun->value,fun_offset);
+    if(unlikely(trace_printk_ret<0)){
+        logke("+Test-Log+ trace_printk error\n");
     }
     return 0;
+    
+no_target_out:
+    return 0;
 }
 
 
@@ -152,14 +172,15 @@ static long kernel_trace_init(const char *args, const char *event, void *__user
     igrab = (typeof(igrab))kallsyms_lookup_name("igrab");
     path_put = (typeof(path_put))kallsyms_lookup_name("path_put");
     rcu_read_unlock = (typeof(rcu_read_unlock))kallsyms_lookup_name("rcu_read_unlock");
-    perf_instruction_pointer = (typeof(perf_instruction_pointer))kallsyms_lookup_name("perf_instruction_pointer");
 
 
     rb_erase = (typeof(rb_erase))kallsyms_lookup_name("rb_erase");
     rb_insert_color = (typeof(rb_insert_color))kallsyms_lookup_name("rb_insert_color");
     rb_first = (typeof(rb_first))kallsyms_lookup_name("rb_first");
     kmalloc = (typeof(kmalloc))kallsyms_lookup_name("__kmalloc");
     kfree = (typeof(kfree))kallsyms_lookup_name("kfree");
+    
+    trace_printk = (typeof(trace_printk))kallsyms_lookup_name("__trace_printk");
 
     logkd("+Test-Log+ mtask_pid_nr_ns:%llx\n",mtask_pid_nr_ns);
     logkd("+Test-Log+ uprobe_register:%llx\n",uprobe_register);
@@ -174,10 +195,12 @@ static long kernel_trace_init(const char *args, const char *event, void *__user
     logkd("+Test-Log+ rb_first:%llx\n",rb_first);
     logkd("+Test-Log+ kmalloc:%llx\n",kmalloc);
     logkd("+Test-Log+ kfree:%llx\n",kfree);
+    
+    logkd("+Test-Log+ trace_printk:%llx\n",trace_printk);
 
     if(!(mtask_pid_nr_ns && uprobe_register && uprobe_unregister
     && kern_path && igrab && path_put && rcu_read_unlock
-    && rb_erase && rb_insert_color && rb_first)){
+    && rb_erase && rb_insert_color && rb_first && trace_printk)){
         logke("+Test-Log+ can not find some fun addr\n");
         return -1;
     }
@@ -186,7 +209,7 @@ static long kernel_trace_init(const char *args, const char *event, void *__user
 
     hook_err_t err = inline_hook_syscalln(__NR_mincore, 3, before_mincore, 0, 0);
     if(err){
-        logke("+Test-Log+ hook __NR_kexec_file_load error\n");
+        logke("+Test-Log+ hook __NR_mincore error\n");
         return -1;
     }
 

kernel_trace.h

@@ -3,6 +3,7 @@
 #include "uprobe_trace.h"
 #include "mrbtree.h"
 
+#define _THIS_IP_  ({ __label__ __here; __here: (unsigned long)&&__here; })
 #define MAX_PATH_LEN 300
 #define MAX_FUN_NAME 150
 #define LOOKUP_FOLLOW		0x0001
@@ -48,23 +49,23 @@ enum uprobe_filter_ctx {
     UPROBE_FILTER_MMAP,
 };
 
-//struct mpt_regs {
-//	union {
-//		struct user_pt_regs user_regs;
-//		struct {
-//			u64 regs[31];
-//			u64 sp;
-//			u64 pc;
-//			u64 pstate;
-//		};
-//	};
-//};
+struct mpt_regs {
+	union {
+		struct user_pt_regs user_regs;
+		struct {
+			u64 regs[31];
+			u64 sp;
+			u64 pc;
+			u64 pstate;
+		};
+	};
+};
 
 struct uprobe_consumer {
-    int (*handler)(struct uprobe_consumer *self, struct pt_regs *regs);
+    int (*handler)(struct uprobe_consumer *self, struct mpt_regs *regs);
     int (*ret_handler)(struct uprobe_consumer *self,
                        unsigned long func,
-                       struct pt_regs *regs);
+                       struct mpt_regs *regs);
     bool (*filter)(struct uprobe_consumer *self,
                    enum uprobe_filter_ctx ctx,
                    struct mm_struct *mm);

uprobe_trace.h

@@ -6,7 +6,7 @@
 enum trace_info {
     SET_TARGET_FILE,
     SET_MODULE_BASE,
-    SET_MODULE_OFFSET,
+    SET_FUN_INFO,
     SET_TARGET_UID,
     CLEAR_UPROBE,
 };

user/uprobe_trace_user.h

@@ -10,7 +10,7 @@
 enum trace_info {
     SET_TARGET_FILE,
     SET_MODULE_BASE,
-    SET_MODULE_OFFSET,
+    SET_FUN_INFO,
     SET_TARGET_UID,
     CLEAR_UPROBE,
 };
@@ -32,8 +32,8 @@ int set_target_file(char* file_name){
     return ret;
 }
 
-int set_fun_offset(unsigned long fun_offset,char *fun_name){
-    int ret = syscall(__NR_mincore,fun_offset,TRACE_FLAG+SET_MODULE_OFFSET,fun_name);
+int set_fun_info(unsigned long fun_offset,char *fun_name){
+    int ret = syscall(__NR_mincore,fun_offset,TRACE_FLAG+SET_FUN_INFO,fun_name);
     return ret;
 }