写一个注入进程后监视其文件写出操作的代码 用c语言
#include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <errno.h> #include <signal.h>
#define MAX_BUF_SIZE 1024
int fd; char buf[MAX_BUF_SIZE];
void handle_signal(int sig) { close(fd); exit(0); }
int main(int argc, char *argv[]) { if (argc < 2) { printf("Usage: %s <target_process_pid>\n", argv[0]); exit(1); }
pid_t pid = atoi(argv[1]);
if (pid <= 0) {
printf("Invalid pid.\n");
exit(1);
}
snprintf(buf, MAX_BUF_SIZE, "/proc/%d/mem", pid);
fd = open(buf, O_RDONLY);
if (fd < 0) {
printf("Failed to open /proc/%d/mem: %s\n", pid, strerror(errno));
exit(1);
}
signal(SIGINT, handle_signal);
signal(SIGTERM, handle_signal);
while (1) {
// read the target process's memory to get the file descriptor
lseek(fd, 0x12345678, SEEK_SET); // replace with actual address
int target_fd;
ssize_t n = read(fd, &target_fd, sizeof(target_fd));
if (n != sizeof(target_fd)) {
printf("Failed to read target process's memory: %s\n", strerror(errno));
continue;
}
// check if the file descriptor is valid
struct stat statbuf;
if (fstat(target_fd, &statbuf) < 0) {
printf("Failed to fstat target file descriptor: %s\n", strerror(errno));
continue;
}
// check if the file descriptor is a regular file
if (!S_ISREG(statbuf.st_mode)) {
continue;
}
// read the file content from target process's memory
lseek(fd, 0x12345678, SEEK_SET); // replace with actual address
ssize_t count = 0;
while (count < statbuf.st_size) {
ssize_t n = read(fd, buf, sizeof(buf));
if (n < 0) {
printf("Failed to read target process's memory: %s\n", strerror(errno));
break;
} else if (n == 0) {
break;
} else {
ssize_t m = write(STDOUT_FILENO, buf, n);
if (m < 0) {
printf("Failed to write to stdout: %s\n", strerror(errno));
break;
}
count += n;
}
}
}
return 0;
}
原文地址: https://www.cveoy.top/t/topic/JWJ 著作权归作者所有。请勿转载和采集!