bool xen_init_interface(xen_interface_t **xen) {
*xen = g_malloc0(sizeof(xen_interface_t));
/* We create an xc interface to test connection to it */
(*xen)->xc = xc_interface_open(0, 0, 0);
if ((*xen)->xc == NULL) {
fprintf(stderr, "xc_interface_open() failed!\n");
xen_free_interface(*xen);
return 0;
}
/* We don't need this at the moment, but just in case */
//xen->xsh=xs_open(XS_OPEN_READONLY);
(*xen)->xl_logger = (xentoollog_logger *) xtl_createlogger_stdiostream(
stderr, XTL_PROGRESS, 0);
if (!(*xen)->xl_logger)
return 0;
if (0
!= libxl_ctx_alloc(&(*xen)->xl_ctx, LIBXL_VERSION, 0,
(*xen)->xl_logger)) {
fprintf(stderr, "libxl_ctx_alloc() failed!\n");
xen_free_interface(*xen);
return 0;
}
return 1;
}
void drakvuf_close(drakvuf_t drakvuf) {
if (!drakvuf)
return;
if (drakvuf->vmi)
close_vmi(drakvuf);
if (drakvuf->xen)
xen_free_interface(drakvuf->xen);
g_mutex_clear(&drakvuf->vmi_lock);
free(drakvuf->dom_name);
free(drakvuf->rekall_profile);
free(drakvuf);
}
int main(int argc, char** argv)
{
DIR* dir;
struct dirent* ent;
unsigned int i;
unsigned int processed = 0;
unsigned int total_processed = 0;
int ret = 0;
struct sigaction act;
shutting_down = 0;
if (argc!=15)
{
printf("Not enough arguments: %i!\n", argc);
printf("%s <loop (0) or poll (1)> <origin domain name> <domain config> <rekall_profile> <injection pid> <watch folder> <serve folder> <output folder> <max clones> <clone_script> <config_script> <drakvuf_script> <cleanup_script> <tcpdump_script>\n", argv[0]);
return 1;
}
/* for a clean exit */
act.sa_handler = close_handler;
act.sa_flags = 0;
sigemptyset(&act.sa_mask);
sigaction(SIGHUP, &act, NULL);
sigaction(SIGTERM, &act, NULL);
sigaction(SIGINT, &act, NULL);
sigaction(SIGALRM, &act, NULL);
xen_init_interface(&xen);
int do_poll = atoi(argv[1]);
domain_name = argv[2];
domain_config = argv[3];
rekall_profile = argv[4];
injection_pid = atoi(argv[5]);
in_folder = argv[6];
run_folder = argv[7];
out_folder = argv[8];
threads = atoi(argv[9]);
clone_script = argv[10];
config_script = argv[11];
drakvuf_script = argv[12];
cleanup_script = argv[13];
tcpdump_script = argv[14];
if (threads > 128)
{
printf("Too many clones requested (max 128 is specified right now)\n");
return 1;
}
for (i=0; i<threads; i++)
g_mutex_init(&locks[i]);
pool = g_thread_pool_new(run_drakvuf, NULL, threads, TRUE, NULL);
int fd = inotify_init();
int wd = inotify_add_watch(fd, in_folder, IN_CLOSE_WRITE);
char buffer[sizeof(struct inotify_event) + NAME_MAX + 1];
struct pollfd pollfd =
{
.fd = fd,
.events = POLLIN
};
int threadid = -1;
do
{
processed = 0;
while (threadid<0 && !shutting_down)
{
sleep(1);
threadid = find_thread();
}
if ((dir = opendir (in_folder)) != NULL)
{
while ((ent = readdir (dir)) != NULL && !shutting_down)
{
if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, ".."))
continue;
char* command;
command = g_strdup_printf("mv %s/%s %s/%s", in_folder, ent->d_name, run_folder, ent->d_name);
printf("** MOVING FILE FOR PROCESSING: %s\n", command);
g_spawn_command_line_sync(command, NULL, NULL, NULL, NULL);
g_free(command);
struct start_drakvuf* _start = prepare(NULL, threadid);
start(_start, ent->d_name);
threadid = -1;
processed++;
}
closedir (dir);
}
else
{
printf("Failed to open target folder!\n");
ret = 1;
break;
}
if ( processed )
{
total_processed += processed;
printf("Batch processing started %u samples (total %u)\n", processed, total_processed);
}
if ( !processed && !shutting_down )
{
if ( do_poll )
{
do
{
int rv = poll (&pollfd, 1, 1000);
if ( rv < 0 )
{
printf("Error polling\n");
ret = 1;
break;
}
if ( rv > 0 && pollfd.revents & POLLIN )
{
if ( read( fd, buffer, sizeof(struct inotify_event) + NAME_MAX + 1 ) < 0 )
{
printf("Error reading inotify event\n");
ret = 1;
}
break;
}
}
while (!shutting_down && !ret);
}
else
sleep(1);
}
}
while (!shutting_down && !ret);
inotify_rm_watch( fd, wd );
close(fd);
g_thread_pool_free(pool, FALSE, TRUE);
if ( threadid >= 0 )
g_mutex_unlock(&locks[threadid]);
for (i=0; i<threads; i++)
g_mutex_clear(&locks[i]);
xen_free_interface(xen);
printf("Finished processing %u samples\n", total_processed);
return ret;
}
int main(int argc, char** argv)
{
DIR *dir;
struct dirent *ent;
unsigned int i, processed = 0;
int ret = 0;
if(argc!=14) {
printf("Not enough arguments: %i!\n", argc);
printf("%s <origin domain name> <domain config> <rekall_profile> <injection pid> <watch folder> <serve folder> <output folder> <max clones> <clone_script> <config_script> <drakvuf_script> <cleanup_script> <tcpdump_script>\n", argv[0]);
return 1;
}
xen_init_interface(&xen);
domain_name = argv[1];
domain_config = argv[2];
rekall_profile = argv[3];
injection_pid = atoi(argv[4]);
in_folder = argv[5];
run_folder = argv[6];
out_folder = argv[7];
threads = atoi(argv[8]);
clone_script = argv[9];
config_script = argv[10];
drakvuf_script = argv[11];
cleanup_script = argv[12];
tcpdump_script = argv[13];
if (threads > 128) {
printf("Too many clones requested (max 128 is specified right now)\n");
return 1;
}
g_mutex_init(&prepare_lock);
for(i=0;i<threads;i++)
g_mutex_init(&locks[i]);
pool = g_thread_pool_new(run_drakvuf, NULL, threads, TRUE, NULL);
char buffer[sizeof(struct inotify_event) + NAME_MAX + 1];
int fd = inotify_init();
int wd = inotify_add_watch( fd, in_folder, IN_CLOSE_WRITE );
do {
processed = 0;
if ((dir = opendir (in_folder)) != NULL) {
while ((ent = readdir (dir)) != NULL) {
if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, ".."))
continue;
char *command = g_malloc0(snprintf(NULL, 0, "mv %s/%s %s/%s", in_folder, ent->d_name, run_folder, ent->d_name) + 1);
sprintf(command, "mv %s/%s %s/%s", in_folder, ent->d_name, run_folder, ent->d_name);
printf("** MOVING FILE FOR PROCESSING: %s\n", command);
g_spawn_command_line_sync(command, NULL, NULL, NULL, NULL);
g_free(command);
prepare(g_strdup(ent->d_name), NULL);
processed++;
}
closedir (dir);
} else {
printf("Failed to open target folder!\n");
ret = 1;
break;
}
if (!processed) {
printf("Run folder is empty, waiting for file creation\n");
int l = read( fd, buffer, sizeof(struct inotify_event) + NAME_MAX + 1 );
if ( l <= 0 ) {
ret = 1;
break;
}
}
} while(1);
inotify_rm_watch( fd, wd );
close(fd);
g_thread_pool_free(pool, FALSE, TRUE);
g_mutex_clear(&prepare_lock);
for(i=0;i<threads;i++)
g_mutex_clear(&locks[i]);
xen_free_interface(xen);
printf("Finished processing this batch\n");
return ret;
}
