fix code for 24-27

src/25-signal/.gitignore

@@ -6,4 +6,4 @@ package.json
 package.yaml
 ecli
 bootstrap
-textreplace2
+bpfdos

src/25-signal/Makefile

@@ -24,7 +24,7 @@ INCLUDES := -I$(OUTPUT) -I../../libbpf/include/uapi -I$(dir $(VMLINUX))
 CFLAGS := -g -Wall
 ALL_LDFLAGS := $(LDFLAGS) $(EXTRA_LDFLAGS)
 
-APPS = textreplace2 # minimal minimal_legacy uprobe kprobe fentry usdt sockfilter tc ksyscall
+APPS = bpfdos # minimal minimal_legacy uprobe kprobe fentry usdt sockfilter tc ksyscall
 
 CARGO ?= $(shell which cargo)
 ifeq ($(strip $(CARGO)),)

src/25-signal/README.md

@@ -1,2 +1,24 @@
-# signal
+# 用 bpf_send_signal 发送信号终止恶意进程
 
+编译：
+
+```bash
+make
+```
+
+使用方式：
+
+```bash
+sudo ./bpfdos
+```
+
+这个程序会对任何试图使用 `ptrace` 系统调用的程序，例如 `strace`，发出 `SIG_KILL` 信号。
+一旦 bpf-dos 开始运行，你可以通过运行以下命令进行测试：
+
+```bash
+strace /bin/whoami
+```
+
+## 参考资料
+
+- <https://github.com/pathtofile/bad-bpf>

src/25-signal/common.h

@@ -2,17 +2,6 @@
 #ifndef BAD_BPF_COMMON_H
 #define BAD_BPF_COMMON_H
 
-// These are used by a number of
-// different programs to sync eBPF Tail Call
-// login between user space and kernel
-#define PROG_00 0
-#define PROG_01 1
-#define PROG_02 2
-
-// Used when replacing text
-#define FILENAME_LEN_MAX 50
-#define TEXT_LEN_MAX 20
-
 // Simple message structure to get events from eBPF Programs
 // in the kernel to user spcae
 #define TASK_COMM_LEN 16
@@ -22,14 +11,4 @@ struct event {
     bool success;
 };
 
-struct tr_file {
-    char filename[FILENAME_LEN_MAX];
-    unsigned int filename_len;
-};
-
-struct tr_text {
-    char text[TEXT_LEN_MAX];
-    unsigned int text_len;
-};
-
 #endif  // BAD_BPF_COMMON_H