QueryData genPlatformInfo(QueryContext& context) {
auto rom = IORegistryEntryFromPath(kIOMasterPortDefault, "IODeviceTree:/rom");
if (rom == 0) {
return {};
}
CFMutableDictionaryRef details = nullptr;
IORegistryEntryCreateCFProperties(
rom, &details, kCFAllocatorDefault, kNilOptions);
IOObjectRelease(rom);
// Success is determined by the details dictionary existence.
if (details == nullptr) {
return {};
}
Row r;
r["vendor"] = getIOKitProperty(details, "vendor");
r["volume_size"] = getIOKitProperty(details, "fv-main-size");
r["size"] = getIOKitProperty(details, "rom-size");
r["date"] = getIOKitProperty(details, "release-date");
r["version"] = getIOKitProperty(details, "version");
{
auto address = getIOKitProperty(details, "fv-main-address");
auto value = boost::lexical_cast<size_t>(address);
std::stringstream hex_id;
hex_id << std::hex << std::setw(8) << std::setfill('0') << value;
r["address"] = "0x" + hex_id.str();
}
{
std::vector<std::string> extra_items;
auto info = getIOKitProperty(details, "apple-rom-info");
std::vector<std::string> info_lines;
iter_split(info_lines, info, boost::algorithm::first_finder("%0a"));
for (const auto& line : info_lines) {
std::vector<std::string> details;
iter_split(details, line, boost::algorithm::first_finder(": "));
if (details.size() > 1) {
boost::trim(details[1]);
if (details[0].find("Revision") != std::string::npos) {
r["revision"] = details[1];
}
extra_items.push_back(details[1]);
}
}
r["extra"] = osquery::join(extra_items, "; ");
}
CFRelease(details);
return {r};
}
inline SequenceSequenceT& split(
SequenceSequenceT& Result,
RangeT& Input,
PredicateT Pred,
token_compress_mode_type eCompress=token_compress_off )
{
return iter_split(
Result,
Input,
token_finder( Pred, eCompress ) );
}
inline SequenceSequenceT& split_regex(
SequenceSequenceT& Result,
const RangeT& Input,
const basic_regex<CharT, RegexTraitsT>& Rx,
match_flag_type Flags=match_default )
{
return iter_split(
Result,
Input,
regex_finder(Rx,Flags) );
}