Get the path that fd points to in the linux kernel module

is currently completing a simple kernel module coding job that simulates the rootkit hidden process. According to the observation of strace ps , the ps program traverses the directory through open / proc opening fd, and getdents < fd > .

The function prototype of

sys_getdents is as follows:

// linux/syscalls.h
asmlinkage long (*sys_getdents) (unsigned int fd, struct linux_dirent __user *dirent, unsigned int count);

The structure of

struct linux_dirent is as follows:

// linux/fs/readdir.c
struct linux_dirent {
    unsigned long   d_ino;
    unsigned long   d_off;
    unsigned short  d_reclen;
    char            d_name[1];
};

because you don"t want to pollute your access to other directories, you want to determine the path that fd points to when you add hooks to sys_getdents .

when programming in user mode, we can use readlink / proc/self/fd/ < fd > to get it, but is there any good way to do this in kernel state? I hope you will not hesitate to give me your advice, thank you!

Linux-kernel

Mar.02,2021

idea: get the path through fd-> struct file-> struct path-> path

fget (fd) get struct file
d_path (file.path) get the path

= the above is the original text of the answer, and the following is the main supplement =

uses current- > files instead of fget,. The code is as follows:

struct files_struct *files;
struct file *file;

int buflen = 256;
char buf[buflen];
char *path;

files = current->files;
spin_lock(&files->file_lock);
file = fcheck_files(files, fd);
path = d_path(&file->f_path, buf, buflen);
spin_unlock(&files->file_lock);

Previous: Ask for a java regular expression

Next: On the problem that css mask layers can be scrolled

Missing nl80211 in ubuntu
ubuntu-12.04, uses usb network card rtl8192eu, installed linux driver installed hostapd, and configured hostapd.conf wifi to connect normally in sta mode. but use hostapd to do wifi hotspots, and convert them to AP, prompts that nl80211 is missing ...

Embedded linux-kernel wifi ubuntu12.04

Mar.01,2021
Undefined reference to `le32toh'
when cross-compiling radiotap, there is no `le32toh definition: https: github.com radiotap r. take a look, in the header file endian.h defined, and then can not find out where the header file endian.h, kernel include does not contain is defi...

Embedded-programming linux-programming linux-kernel

Mar.01,2021
What is the layout of physical memory after the Linux system starts?
in the 32-bit case, the Linux kernel virtual address starts from 0xc0000000, and 3GB+896MB belongs to kernel space. 896MB to 4GB is high-end memory, not to mention. The information I found on the Internet shows that kernel image starts from 3GB+16MB. Si...

Operating-system linux-kernel linux

Mar.04,2021
When wifi is connected for the first time, the driver reports an error.
1. Development environment Qualcomm 9377wifi chip kernel-4.1.15 android6.0 question: the kernel reported an error when connecting to AP for the first time: R0: wlan: [584csrSendJoinReqMsg: E: SME] csrSendJoinReqMsg: 14463: Connecting to ssid:Public_5...

Linux-kernel

Mar.09,2021
On the resolution of DNS domain names in the process of wget and curl requests
for work reasons, I used the strace command to track the whole process of curl and wget requests, and the conclusion about DNS domain name resolution is as follows. Some of them do not understand, and the source code does not understand (operation and m...

Linux-kernel linux-operation-and-maintenance linux

Mar.13,2021
When you create a module in linux and call do_fork, to insert the module, the display fails.
the code is as follows: -sharpinclude <linux init.h> -sharpinclude <linux module.h> -sharpinclude <asm pgalloc.h> -sharpinclude <asm pgtable.h> -sharpinclude <linux thread_info.h> -sharpinclude <linux slab.h> -sharpi...

Linux-compiles-and-installs linux linux-kernel linux-programming linux-kernel-module

Mar.19,2021
When the linux kernel is compiled, warning, appears in the environment of ubuntu,x86, and then ubuntu cannot be started.
enter: make ARCH=x86 modules_install on the command line INSTALL fs ext3 ext3.ko INSTALL fs jbd jbd.ko INSTALL kernel configs.ko INSTALL sound core oss snd-pcm-oss.ko INSTALL sound core snd-page-alloc.ko INSTALL soun...

Linux-kernel-module linux-compiles-and-installs

Mar.19,2021
Strange problems encountered in adding vlan under linux Nic
1. Recently, I encountered a strange thing when I configured adsl dialing on linux. When adding vlan to linux, the VLAN Dev name of vlan normally ends with [network card .xx]. As a result, mine ends with [renamexx], which is directly above the figure. ...

Linux-kernel linux-operation-and-maintenance linux

Mar.21,2021
In this configuration, can the ping package be handled by the ndo_start_xmit function of oai0?
the case is that there is a device: on server A oai0 Link encap:AMPR NET ROM HWaddr inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 ov...

Network-programming linux-kernel-module linux-kernel

Mar.28,2021
What is the difference between semaphores placed in shared memory through mmap and semaphores directly in kernel space?
in the code on page 253 of the second edition of Unix Network programming Volume II: interprocess Communication (Chinese version), the author stores the semaphore in a shared memory through mmap, and then the parent and child processes can directly manip...

Linux-kernel operating-system linux c

Jul.22,2021
What is the reason why the Android parent process is forced to kill, the child process? How to solve it at the system level?
on Android 4.4, the child process is created by the parent process. According to the process id, the child process manually kill the parent process, but the child process is still running and is not killed. As a result, the child process is not re-create...

Linux-kernel linux system android

Mar.27,2022
Linux kernel mode
weak to ask you prawns, 1. Is the kernel compiled after downloading from the kernel website preemptive or non-preemptive? 2. If it is preemptive, how to compile non-preemptive? If it is non-preemptive, how to compile it? 3. By patching? Where can I do...

Linux-kernel linux

May.17,2022
How to customize the Ubuntu system
now the company has a need to get rid of Ubuntu s desktop system and make it simple, leaving only some basic services. There are two ways of thinking: one is to subtract from an off-the-shelf Ubuntu system to remove some off-the-shelf services, and the ...

Linux-kernel ubuntu

Jul.07,2022