/* Parse configuration file */
void check_ini(char *path_ini)
{
struct cnfnode *cn_root;
struct cnfmodule *mod_ini;
struct cnfresult *cnf_res;
register_ini(NULL);
mod_ini = find_cnfmodule("ini");
cn_root = cnfmodule_parse_file(mod_ini, path_ini);
if (cn_root == NULL) {
term_printf ("Could not find INI file: %s\n", path_ini);
return;
}
/* Parse configuration flags */
set_bool_from_ini(cn_root, "general/trace_only_after_first_taint",
&conf_trace_only_after_first_taint);
set_bool_from_ini(cn_root, "general/log_external_calls",
&conf_log_external_calls);
set_bool_from_ini(cn_root, "general/write_ops_at_insn_end",
&conf_write_ops_at_insn_end);
set_bool_from_ini(cn_root, "general/save_state_at_trace_stop",
&conf_save_state_at_trace_stop);
set_bool_from_ini(cn_root, "tracing/tracing_table_lookup",
&tracing_table_lookup);
set_bool_from_ini(cn_root, "tracing/tracing_tainted_only",
&conf_tainted_only);
set_bool_from_ini(cn_root, "tracing/tracing_kernel",
&conf_tracing_kernel_all);
set_bool_from_ini(cn_root, "tracing/tracing_kernel_tainted",
&conf_tracing_kernel_tainted);
set_bool_from_ini(cn_root, "tracing/tracing_kernel_partial",
&conf_tracing_kernel_partial);
/* Parse network configuration */
set_bool_from_ini(cn_root, "network/ignore_dns",
&conf_ignore_dns);
check_filter_conf(cn_root);
print_nic_filter();
/* Find hook configuration file */
cnf_res = cnf_find_entry(cn_root, "function hooks/plugin_ini");
if (cnf_res)
strncpy(hook_plugins_filename, cnf_res->cnfnode->value, 255);
hook_plugins_filename[255] = '\0';
term_printf("Loading plugin options from: %s\n", hook_plugins_filename);
/* Find hooks directory */
cnf_res = cnf_find_entry(cn_root, "function hooks/plugin_directory");
if (cnf_res) {
strncpy(hook_dirname, cnf_res->cnfnode->value, 255);
hook_dirname[255] = '\0';
}
term_printf("Loading plugins from: %s\n", hook_dirname);
destroy_cnftree(cn_root);
}
/* Param format
<pid>:<traceFilename>:<pidToSignal>:<processName>
*/
void tracing_after_loadvm(const char*param)
{
char buf[256];
strncpy(buf, param, sizeof(buf) - 1);
buf[255] = '\0';
int pid_to_signal = 0;
char *pid_str = strtok(buf, ":");
if (!pid_str)
return;
char *trace_filename = strtok(0, ":");
if (!trace_filename)
return;
char *pid_to_signal_str = strtok(0, ":");
char *process_name = strtok(0, ":");
char *end = pid_str;
int pid = (int) strtol (pid_str, &end, 10);
if (end == pid_str) {
pid = -1;
}
/* If no PID or Process_name, return */
if ((process_name == NULL) && (pid == -1)) {
monitor_printf(default_mon, "PARAM: %s\n", param);
monitor_printf(default_mon, "START: %p END: %p\n", pid_str, end);
monitor_printf(default_mon, "No PID or Process_name provided\n");
return;
}
if (pid_to_signal_str) {
end = pid_to_signal_str;
pid_to_signal = (int) strtol (pid_to_signal_str, &end, 10);
if (end == pid_to_signal_str) {
pid_to_signal = 0;
}
}
monitor_printf (default_mon,
"PID: %d PID2SIGNAL: %d PROCESS_NAME: %s\n",
pid, pid_to_signal, process_name);
#ifdef TAINT_ENABLED
/* Taint the network */
do_taint_nic_internal(1);
/* Filter traffic (read from ini configuration file) */
print_nic_filter();
#endif // #ifdef TAINT_ENABLED
/* OS dependant initialization */
if (0 == taskaddr)
init_kernel_offsets();
if (0xC0000000 == kernel_mem_start) /* linux */
update_proc(0);
/* Load hooks */
do_load_hooks_internal("","");
/* Start trace */
if (process_name == NULL)
do_tracing_internal(pid, trace_filename);
else
do_tracing_by_name_internal(process_name,trace_filename);
/* Send signal to notify that trace is ready */
//if (pid_to_signal != 0) kill(pid_to_signal,SIGUSR1);
int pipe_fd = open("/tmp/tfd.pipe",O_WRONLY);
size_t num_written = write(pipe_fd,"OK",2);
if (num_written != 2) {
monitor_printf (default_mon, "Error writing to /tmp/tfd.pipe\n");
}
close(pipe_fd);
}
