Giters

k1rh4 / Linux-Global-hooker

Global hooker file access api via ld.so.preload

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

FileNotification

FileNotification FileNotification is one of the File access tracker.

Why?

It's similer to inotifiy but inotify don't know who access file. So, I made file notification for know who access files.

What?

$ sudo ./run.sh 
[sudo] password for k1rh4: 
[!] removing /tmp/file_log.txt.
[!] Making /tmp/hook.ini
[!] Saving argv1 into /tmp/hook.ini
[!] Creating /tmp/file_log.txt
[!] Set authrization to /tmp/file_log.txt
[!] Inject libhook.so into /etc/ld.so.preload.
[!] Must be off KUEP so that remount,rw /
[!] Monitoring /tmp/file_log.txt
[+] Caller->ppName:[sh]:[4131],pName:[tail]:[4142]->/tmp/file_log.txt
[+] Caller->ppName:[-zsh]:[4175],pName:[touch]:[4208]->/tmp/testFile

$ sudo ./clean.sh

How?

git clone https://github.com/k1rh4/FileNotification.git
$make
$sudo ./ruh.sh

$sudo ./clean.sh

##Contact. k1rh4.lee@gmail.com

About

Global hooker file access api via ld.so.preload

Languages

Language:C 64.8%Language:Shell 23.5%Language:Makefile 11.7%