static int hookapitests_init(void)
{
DECAF_output_init(NULL);
DECAF_printf("Hello World\n");
//register for process create and process remove events
processbegin_handle = VMI_register_callback(VMI_CREATEPROC_CB,
&createproc_callback, NULL);
removeproc_handle = VMI_register_callback(VMI_REMOVEPROC_CB,
&removeproc_callback, NULL);
if ((processbegin_handle == DECAF_NULL_HANDLE)
|| (removeproc_handle == DECAF_NULL_HANDLE)) {
DECAF_printf(
"Could not register for the create or remove proc events\n");
}
return (0);
}
plugin_interface_t * init_plugin() {
if (0x80000000 == VMI_guest_kernel_base)
comparestring = strcasecmp;
else
comparestring = strcmp;
tracing_interface.plugin_cleanup = tracing_cleanup;
tracing_interface.mon_cmds = tracing_term_cmds;
tracing_interface.info_cmds = tracing_info_cmds;
//for now, receive block begin callback globally
DECAF_stop_vm();
// register for insn begin/end
insn_begin_cb_handle = DECAF_register_callback(DECAF_INSN_BEGIN_CB,
tracing_insn_begin, &should_monitor);
insn_end_cb_handle = DECAF_register_callback(DECAF_INSN_END_CB,
tracing_insn_end, &should_monitor);
#ifdef CONFIG_TCG_TAINT
// //register taint nic callback
nic_rec_cb_handle = DECAF_register_callback(DECAF_NIC_REC_CB,
tracing_nic_recv, NULL);
nic_send_cb_handle = DECAF_register_callback(DECAF_NIC_SEND_CB,
tracing_nic_send, NULL);
printf("register nic callback \n");
//check EIP tainted
check_eip_handle = DECAF_register_callback(DECAF_EIP_CHECK_CB, check_eip, NULL);
printf("register eip check callback\n");
#endif /*CONFIG_TCG_TAINT*/
DECAF_start_vm();
removeproc_handle = VMI_register_callback(VMI_REMOVEPROC_CB,
my_removeproc_notify, NULL);
loadmainmodule_handle = VMI_register_callback(VMI_CREATEPROC_CB,
my_loadmainmodule_notify, NULL);
loadmodule_handle = VMI_register_callback(VMI_LOADMODULE_CB,
my_loadmodule_notify, NULL);
tracing_init();
return &tracing_interface;
}
static int instruction_tracer_init(void)
{
DECAF_printf("initializing instruction tracer...\n");
processbegin_handle = VMI_register_callback(VMI_CREATEPROC_CB,
&instruction_tracer_load_main_module_callback, NULL);
if (processbegin_handle == DECAF_NULL_HANDLE) {
DECAF_printf("Could not register initial callback\n");
}
return 0;
}
static void instruction_tracer_load_main_module_callback(VMI_Callback_Params* params)
{
if (target_cr3 != 0) {
return;
}
if (params->cp.name == NULL) {
return;
}
if (strncmp(params->cp.name, target_name, target_name_len) == 0) {
DECAF_printf("Process %s(cr3: %d, pid: %d) you specified starts\n", params->cp.name, params->cp.cr3, params->cp.pid);
target_cr3 = params->cp.cr3;
instruction_tracer_cpu_exec_handle
= DECAF_register_callback(DECAF_CPU_EXEC_CB, &instruction_tracer_cpu_exec_callback, NULL);
processfinish_handle
= VMI_register_callback(VMI_REMOVEPROC_CB, &instruction_tracer_process_finished_callback, NULL);
if ((disas_logfile = fopen(LOGFILE_PATH, "w+")) == NULL) {
DECAF_printf("log file open error!\n");
}
}
}
