https://github.com/gwillgues/BPFDoor/blob/main/bpfdoor.c
pid_path[0] = 0x2f; pid_path[1] = 0x76; pid_path[2] = 0x61;
pid_path[3] = 0x72; pid_path[4] = 0x2f; pid_path[5] = 0x72;
pid_path[6] = 0x75; pid_path[7] = 0x6e; pid_path[8] = 0x2f;
pid_path[9] = 0x68; pid_path[10] = 0x61; pid_path[11] = 0x6c;
pid_path[12] = 0x64; pid_path[13] = 0x72; pid_path[14] = 0x75;
pid_path[15] = 0x6e; pid_path[16] = 0x64; pid_path[17] = 0x2e;
pid_path[18] = 0x70; pid_path[19] = 0x69; pid_path[20] = 0x64;
pid_path[21] = 0x00; // /var/run/haldrund.pid
if (access(pid_path, R_OK) == 0) {
exit(0);
}
...
close(open(pid_path, O_CREAT|O_WRONLY, 0644));
/var/run/haldrund.pid를 뮤텍스로 사용하여 중복 실행을 방지한다
뮤텍스 이름은 변종에 따라 달라진다