我实验过得办法:
拦截服务器给xorg发送的执行信息,并修改。
1.自己写一个GTK生成窗口
2.hook writev系统调用,运行GTK可执行文件(当writev发送长度为916时,打印信息)。
3.打印信息如下
iovstack[0].iov_base+8 = UTF8_STRING
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+28 = WM_CLIENT_LEADER^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+52 = WM_DELETE_WINDOW^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+76 = WM_LOCALE_NAME
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+100 = WM_PROTOCOLS^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+120 = WM_TAKE_FOCUS
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+144 = WM_WINDOW_ROLE
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+168 = _NET_ACTIVE_WINDOW
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+196 = _NET_CURRENT_DESKTOP^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+224 = _NET_FRAME_EXTENTS
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+252 = _NET_STARTUP_ID
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+276 = _NET_WM_CM_S0
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+300 = _NET_WM_DESKTOP
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+324 = _NET_WM_ICON^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+344 = _NET_WM_ICON_NAME
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+372 = _NET_WM_NAME^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+392 = _NET_WM_PID
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+412 = _NET_WM_PING^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+432 = _NET_WM_STATE
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+456 = _NET_WM_STATE_ABOVE
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+484 = _NET_WM_STATE_BELOW
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+512 = _NET_WM_STATE_FULLSCREEN^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+544 = _NET_WM_STATE_MODAL
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+572 = _NET_WM_STATE_MAXIMIZED_VERT
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+608 = _NET_WM_STATE_MAXIMIZED_HORZ^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+644 = _NET_WM_STATE_SKIP_TASKBAR
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+680 = _NET_WM_STATE_SKIP_PAGER^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+712 = _NET_WM_STATE_STICKY^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+740 = _NET_WM_SYNC_REQUEST^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+768 = _NET_WM_SYNC_REQUEST_COUNTER^P
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+804 = _NET_WM_WINDOW_TYPE
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+832 = _NET_WM_WINDOW_TYPE_NORMAL
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+868 = _NET_WM_USER_TIME
May 18 03:04:32 localhost kernel: iovstack[0].iov_base+896 = _NET_VIRTUAL_ROOTS
网上找了上面的关键词,是请求根窗口的参数,但是没有涉及到图像或者水印。
各位大神有没有好一点的想法!