bool xen_init_interface(xen_interface_t **xen) { *xen = g_malloc0(sizeof(xen_interface_t)); /* We create an xc interface to test connection to it */ (*xen)->xc = xc_interface_open(0, 0, 0); if ((*xen)->xc == NULL) { fprintf(stderr, "xc_interface_open() failed!\n"); xen_free_interface(*xen); return 0; } /* We don't need this at the moment, but just in case */ //xen->xsh=xs_open(XS_OPEN_READONLY); (*xen)->xl_logger = (xentoollog_logger *) xtl_createlogger_stdiostream( stderr, XTL_PROGRESS, 0); if (!(*xen)->xl_logger) return 0; if (0 != libxl_ctx_alloc(&(*xen)->xl_ctx, LIBXL_VERSION, 0, (*xen)->xl_logger)) { fprintf(stderr, "libxl_ctx_alloc() failed!\n"); xen_free_interface(*xen); return 0; } return 1; }
void drakvuf_close(drakvuf_t drakvuf) { if (!drakvuf) return; if (drakvuf->vmi) close_vmi(drakvuf); if (drakvuf->xen) xen_free_interface(drakvuf->xen); g_mutex_clear(&drakvuf->vmi_lock); free(drakvuf->dom_name); free(drakvuf->rekall_profile); free(drakvuf); }
int main(int argc, char** argv) { DIR* dir; struct dirent* ent; unsigned int i; unsigned int processed = 0; unsigned int total_processed = 0; int ret = 0; struct sigaction act; shutting_down = 0; if (argc!=15) { printf("Not enough arguments: %i!\n", argc); printf("%s <loop (0) or poll (1)> <origin domain name> <domain config> <rekall_profile> <injection pid> <watch folder> <serve folder> <output folder> <max clones> <clone_script> <config_script> <drakvuf_script> <cleanup_script> <tcpdump_script>\n", argv[0]); return 1; } /* for a clean exit */ act.sa_handler = close_handler; act.sa_flags = 0; sigemptyset(&act.sa_mask); sigaction(SIGHUP, &act, NULL); sigaction(SIGTERM, &act, NULL); sigaction(SIGINT, &act, NULL); sigaction(SIGALRM, &act, NULL); xen_init_interface(&xen); int do_poll = atoi(argv[1]); domain_name = argv[2]; domain_config = argv[3]; rekall_profile = argv[4]; injection_pid = atoi(argv[5]); in_folder = argv[6]; run_folder = argv[7]; out_folder = argv[8]; threads = atoi(argv[9]); clone_script = argv[10]; config_script = argv[11]; drakvuf_script = argv[12]; cleanup_script = argv[13]; tcpdump_script = argv[14]; if (threads > 128) { printf("Too many clones requested (max 128 is specified right now)\n"); return 1; } for (i=0; i<threads; i++) g_mutex_init(&locks[i]); pool = g_thread_pool_new(run_drakvuf, NULL, threads, TRUE, NULL); int fd = inotify_init(); int wd = inotify_add_watch(fd, in_folder, IN_CLOSE_WRITE); char buffer[sizeof(struct inotify_event) + NAME_MAX + 1]; struct pollfd pollfd = { .fd = fd, .events = POLLIN }; int threadid = -1; do { processed = 0; while (threadid<0 && !shutting_down) { sleep(1); threadid = find_thread(); } if ((dir = opendir (in_folder)) != NULL) { while ((ent = readdir (dir)) != NULL && !shutting_down) { if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, "..")) continue; char* command; command = g_strdup_printf("mv %s/%s %s/%s", in_folder, ent->d_name, run_folder, ent->d_name); printf("** MOVING FILE FOR PROCESSING: %s\n", command); g_spawn_command_line_sync(command, NULL, NULL, NULL, NULL); g_free(command); struct start_drakvuf* _start = prepare(NULL, threadid); start(_start, ent->d_name); threadid = -1; processed++; } closedir (dir); } else { printf("Failed to open target folder!\n"); ret = 1; break; } if ( processed ) { total_processed += processed; printf("Batch processing started %u samples (total %u)\n", processed, total_processed); } if ( !processed && !shutting_down ) { if ( do_poll ) { do { int rv = poll (&pollfd, 1, 1000); if ( rv < 0 ) { printf("Error polling\n"); ret = 1; break; } if ( rv > 0 && pollfd.revents & POLLIN ) { if ( read( fd, buffer, sizeof(struct inotify_event) + NAME_MAX + 1 ) < 0 ) { printf("Error reading inotify event\n"); ret = 1; } break; } } while (!shutting_down && !ret); } else sleep(1); } } while (!shutting_down && !ret); inotify_rm_watch( fd, wd ); close(fd); g_thread_pool_free(pool, FALSE, TRUE); if ( threadid >= 0 ) g_mutex_unlock(&locks[threadid]); for (i=0; i<threads; i++) g_mutex_clear(&locks[i]); xen_free_interface(xen); printf("Finished processing %u samples\n", total_processed); return ret; }
int main(int argc, char** argv) { DIR *dir; struct dirent *ent; unsigned int i, processed = 0; int ret = 0; if(argc!=14) { printf("Not enough arguments: %i!\n", argc); printf("%s <origin domain name> <domain config> <rekall_profile> <injection pid> <watch folder> <serve folder> <output folder> <max clones> <clone_script> <config_script> <drakvuf_script> <cleanup_script> <tcpdump_script>\n", argv[0]); return 1; } xen_init_interface(&xen); domain_name = argv[1]; domain_config = argv[2]; rekall_profile = argv[3]; injection_pid = atoi(argv[4]); in_folder = argv[5]; run_folder = argv[6]; out_folder = argv[7]; threads = atoi(argv[8]); clone_script = argv[9]; config_script = argv[10]; drakvuf_script = argv[11]; cleanup_script = argv[12]; tcpdump_script = argv[13]; if (threads > 128) { printf("Too many clones requested (max 128 is specified right now)\n"); return 1; } g_mutex_init(&prepare_lock); for(i=0;i<threads;i++) g_mutex_init(&locks[i]); pool = g_thread_pool_new(run_drakvuf, NULL, threads, TRUE, NULL); char buffer[sizeof(struct inotify_event) + NAME_MAX + 1]; int fd = inotify_init(); int wd = inotify_add_watch( fd, in_folder, IN_CLOSE_WRITE ); do { processed = 0; if ((dir = opendir (in_folder)) != NULL) { while ((ent = readdir (dir)) != NULL) { if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, "..")) continue; char *command = g_malloc0(snprintf(NULL, 0, "mv %s/%s %s/%s", in_folder, ent->d_name, run_folder, ent->d_name) + 1); sprintf(command, "mv %s/%s %s/%s", in_folder, ent->d_name, run_folder, ent->d_name); printf("** MOVING FILE FOR PROCESSING: %s\n", command); g_spawn_command_line_sync(command, NULL, NULL, NULL, NULL); g_free(command); prepare(g_strdup(ent->d_name), NULL); processed++; } closedir (dir); } else { printf("Failed to open target folder!\n"); ret = 1; break; } if (!processed) { printf("Run folder is empty, waiting for file creation\n"); int l = read( fd, buffer, sizeof(struct inotify_event) + NAME_MAX + 1 ); if ( l <= 0 ) { ret = 1; break; } } } while(1); inotify_rm_watch( fd, wd ); close(fd); g_thread_pool_free(pool, FALSE, TRUE); g_mutex_clear(&prepare_lock); for(i=0;i<threads;i++) g_mutex_clear(&locks[i]); xen_free_interface(xen); printf("Finished processing this batch\n"); return ret; }