41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
From 7db0bbb70c7b4148eafa9d44b8b04c80e6b7e78e Mon Sep 17 00:00:00 2001
|
|
From: zcfsite <zhchf2010@126.com>
|
|
Date: Sat, 25 Nov 2023 17:58:26 +0800
|
|
Subject: [PATCH 4/4] fix register kpobe mutiple times
|
|
|
|
---
|
|
kerneldriver/core/hook_unit/secDetector_hook_kprobe.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/kerneldriver/core/hook_unit/secDetector_hook_kprobe.c b/kerneldriver/core/hook_unit/secDetector_hook_kprobe.c
|
|
index fb6de05..5acce03 100644
|
|
--- a/kerneldriver/core/hook_unit/secDetector_hook_kprobe.c
|
|
+++ b/kerneldriver/core/hook_unit/secDetector_hook_kprobe.c
|
|
@@ -77,6 +77,8 @@ int insert_kprobe_hook(struct secDetector_workflow *workflow)
|
|
int delete_kprobe_hook(struct secDetector_workflow *workflow)
|
|
{
|
|
struct kprobe *kp = NULL;
|
|
+ const char *tmp_sym = NULL;
|
|
+ kprobe_pre_handler_t tmp_handler;
|
|
|
|
if (workflow == NULL)
|
|
return -1;
|
|
@@ -94,7 +96,14 @@ int delete_kprobe_hook(struct secDetector_workflow *workflow)
|
|
if (!kp)
|
|
return -1;
|
|
|
|
+ tmp_sym = kp->symbol_name;
|
|
+ tmp_handler = kp->pre_handler;
|
|
+
|
|
unregister_kprobe(kp);
|
|
+ //register mutiple times
|
|
+ memset(kp, 0, sizeof(struct kprobe));
|
|
+ kp->symbol_name = tmp_sym;
|
|
+ kp->pre_handler = tmp_handler;
|
|
}
|
|
|
|
return 0;
|
|
--
|
|
2.33.0
|
|
|