int vmi_pgd_changed(CPUState *env, target_ulong oldval, target_ulong newval) {
uint32_t i;
OsiProcs *ps, *in, *out;
ps = in = out = NULL;
/* update process state */
ps = get_processes(env);
procstate_update(ps, &in, &out);
/* invoke callbacks for finished processes */
if (out != NULL) {
for (i=0; i<out->num; i++) {
PPP_RUN_CB(on_finished_process, env, &out->proc[i]);
}
free_osiprocs(out);
}
/* invoke callbacks for new processes */
if (in != NULL) {
for (i=0; i<in->num; i++) {
PPP_RUN_CB(on_new_process, env, &in->proc[i]);
}
free_osiprocs(in);
}
return 0;
}
bool ProcessList::any_of_process_is_running(const list<wstring> & processes)
{
auto running_processes = get_processes();
return any_of(processes.cbegin(), processes.cend(),
[&](auto process) { return find(running_processes.cbegin(), running_processes.cend(), process) != running_processes.cend(); });
}
int vmi_pgd_changed(CPUState *cpu, target_ulong oldval, target_ulong newval) {
uint32_t i;
OsiProcs *ps, *in, *out;
ps = in = out = NULL;
/* some callback has to be registered for retrieving processes */
assert(PPP_CHECK_CB(on_get_processes) != 0);
/* update process state */
ps = get_processes(cpu);
procstate_update(ps, &in, &out);
/* invoke callbacks for finished processes */
if (out != NULL) {
for (i=0; i<out->num; i++) {
PPP_RUN_CB(on_finished_process, cpu, &out->proc[i]);
}
free_osiprocs(out);
}
/* invoke callbacks for new processes */
if (in != NULL) {
for (i=0; i<in->num; i++) {
PPP_RUN_CB(on_new_process, cpu, &in->proc[i]);
}
free_osiprocs(in);
}
return 0;
}
int main(int argc, char **argv)
{
int passwd = 0, nprocs, nuids;
struct process *plist;
uid_t *approved;
if (argc == 2 && strcmp(argv[1], "-passwd") == 0)
passwd = 1;
else if (argc != 1 && (argc != 2 || strcmp(argv[1], "-loggedin") != 0))
{
fprintf(stderr, "Usage: %s [-passwd]\n", argv[0]);
return 1;
}
/* Fetch the process list and list of approved uids. Also cleans up
* sessions if -passwd not specified. */
plist = get_processes(&nprocs);
if (passwd)
approved = get_passwd_uids(&nuids);
else
approved = get_logged_in_uids(&nuids, plist, nprocs);
/* Sort the approved uid list for fast search. */
qsort(approved, nuids, sizeof(uid_t), uidcomp);
kill_processes(plist, nprocs, approved, nuids);
return 0;
}
int before_block_exec(CPUState *env, TranslationBlock *tb) {
int i;
OsiProc *current = get_current_process(env);
printf("Current process: %s PID:" TARGET_FMT_ld " PPID:" TARGET_FMT_ld "\n", current->name, current->pid, current->ppid);
OsiModules *ms = get_libraries(env, current);
if (ms == NULL) {
printf("No mapped dynamic libraries.\n");
}
else {
printf("Dynamic libraries list (%d libs):\n", ms->num);
for (i = 0; i < ms->num; i++)
printf("\t0x" TARGET_FMT_lx "\t" TARGET_FMT_ld "\t%-24s %s\n", ms->module[i].base, ms->module[i].size, ms->module[i].name, ms->module[i].file);
}
printf("\n");
OsiProcs *ps = get_processes(env);
if (ps == NULL) {
printf("Process list not available.\n");
}
else {
printf("Process list (%d procs):\n", ps->num);
for (i = 0; i < ps->num; i++)
printf(" %-16s\t" TARGET_FMT_ld "\t" TARGET_FMT_ld "\n", ps->proc[i].name, ps->proc[i].pid, ps->proc[i].ppid);
}
printf("\n");
OsiModules *kms = get_modules(env);
if (kms == NULL) {
printf("No mapped kernel modules.\n");
}
else {
printf("Kernel module list (%d modules):\n", kms->num);
for (i = 0; i < kms->num; i++)
printf("\t0x" TARGET_FMT_lx "\t" TARGET_FMT_ld "\t%-24s %s\n", kms->module[i].base, kms->module[i].size, kms->module[i].name, kms->module[i].file);
}
printf("\n-------------------------------------------------\n\n");
// Cleanup
free_osiproc(current);
free_osiprocs(ps);
free_osimodules(ms);
return 0;
}
/*
* Emit JSON data for the current and parent processes. Individual
* trace2 targets can decide how to actually print it.
*/
static void get_ancestry(void)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != INVALID_HANDLE_VALUE) {
struct json_writer jw = JSON_WRITER_INIT;
jw_array_begin(&jw, 0);
get_processes(&jw, hSnapshot);
jw_end(&jw);
trace2_data_json("process", the_repository, "windows/ancestry",
&jw);
jw_release(&jw);
CloseHandle(hSnapshot);
}
}
int top(int argc, char *argv){
Task_t* processes = get_processes();
int i;
printfcolor(MARINE_COLOR,"********************************************************************************\n");
printfcolor(COMMAND_COLOR, "PID\t\t\tName\t\t\t\tStatus\t\t\tPriority\n\n");
for(i = 0; i<MAX_PROCESSES; i++)
{
if(processes[i].state != TaskEmpty)
{
printfcolor(((processes[i].state == TaskReady)?COMMAND_COLOR:
(processes[i].state == TaskTerminated)?ERROR_COLOR:MARINE_COLOR),
"%d\t\t\t%s\t\t\t\t%s\t\t\t%d\n", processes[i].pid, processes[i].name,
((processes[i].state == TaskReady)?"Ready":
(processes[i].state == TaskTerminated)?"Terminated":"Suspended"), processes[i].priority);
}
}
printfcolor(MARINE_COLOR,"\n********************************************************************************\n");
return EXIT_SUCCESS;
}
void main ( void )
{
List black_list_checks;
List black_list;
List processes;
List uptimes;
unsigned int cont;
/* Intro message */
printf ( "\n*** Embarcadero-Workaround PoC ***\n" );
printf ( "Created by Nicolas A. Economou\n" );
printf ( "Special thanks to Marcos Accossatto\n" );
printf ( "Core Security Technologies, Buenos Aires, Argentina (2014)\n" );
printf ( "\n" );
Sleep ( 2000 );
/* Monitoreo la lista de procesos todo el tiempo */
for ( cont = 0 ; cont < 0xffffffff ; cont ++ )
{
/* Getting processes */
get_processes ( processes , uptimes );
/* Merging list */
refresh_processes ( black_list , black_list_checks , processes );
/* Looking for new vulnerable programs */
protect_processes ( black_list , black_list_checks , processes , uptimes );
/* If it's the first time */
if ( cont == 0 )
{
/* No more scannings for black listed processes */
block_processes ( black_list , black_list_checks );
}
/* A delay for the next try */
Sleep ( 1000 );
}
}
void processes_reporting(POOL_CONNECTION *frontend, POOL_CONNECTION_POOL *backend)
{
static short num_fields = 6;
static char *field_names[] = {"pool_pid", "start_time", "database", "username", "create_time", "pool_counter"};
short s;
int len;
int nrows;
int size;
int hsize;
int i;
static unsigned char nullmap[2] = {0xff, 0xff};
int nbytes = (num_fields + 7)/8;
POOL_REPORT_PROCESSES *processes = get_processes(&nrows);
send_row_description(frontend, backend, num_fields, field_names);
if (MAJOR(backend) == PROTO_MAJOR_V2)
{
/* ascii row */
for (i=0;i<nrows;i++)
{
pool_write(frontend, "D", 1);
pool_write_and_flush(frontend, nullmap, nbytes);
size = strlen(processes[i].pool_pid);
hsize = htonl(size+4);
pool_write(frontend, &hsize, sizeof(hsize));
pool_write(frontend, processes[i].pool_pid, size);
size = strlen(processes[i].start_time);
hsize = htonl(size+4);
pool_write(frontend, &hsize, sizeof(hsize));
pool_write(frontend, processes[i].start_time, size);
size = strlen(processes[i].database);
hsize = htonl(size+4);
pool_write(frontend, &hsize, sizeof(hsize));
pool_write(frontend, processes[i].database, size);
size = strlen(processes[i].username);
hsize = htonl(size+4);
pool_write(frontend, &hsize, sizeof(hsize));
pool_write(frontend, processes[i].username, size);
size = strlen(processes[i].create_time);
hsize = htonl(size+4);
pool_write(frontend, &hsize, sizeof(hsize));
pool_write(frontend, processes[i].create_time, size);
size = strlen(processes[i].pool_counter);
hsize = htonl(size+4);
pool_write(frontend, &hsize, sizeof(hsize));
pool_write(frontend, processes[i].pool_counter, size);
}
}
else
{
/* data row */
for (i=0;i<nrows;i++)
{
pool_write(frontend, "D", 1);
len = 6; /* int32 + int16; */
len += 4 + strlen(processes[i].pool_pid); /* int32 + data */
len += 4 + strlen(processes[i].start_time); /* int32 + data */
len += 4 + strlen(processes[i].database); /* int32 + data */
len += 4 + strlen(processes[i].username); /* int32 + data */
len += 4 + strlen(processes[i].create_time); /* int32 + data */
len += 4 + strlen(processes[i].pool_counter); /* int32 + data */
len = htonl(len);
pool_write(frontend, &len, sizeof(len));
s = htons(num_fields);
pool_write(frontend, &s, sizeof(s));
len = htonl(strlen(processes[i].pool_pid));
pool_write(frontend, &len, sizeof(len));
pool_write(frontend, processes[i].pool_pid, strlen(processes[i].pool_pid));
len = htonl(strlen(processes[i].start_time));
pool_write(frontend, &len, sizeof(len));
pool_write(frontend, processes[i].start_time, strlen(processes[i].start_time));
len = htonl(strlen(processes[i].database));
pool_write(frontend, &len, sizeof(len));
pool_write(frontend, processes[i].database, strlen(processes[i].database));
len = htonl(strlen(processes[i].username));
pool_write(frontend, &len, sizeof(len));
pool_write(frontend, processes[i].username, strlen(processes[i].username));
len = htonl(strlen(processes[i].create_time));
pool_write(frontend, &len, sizeof(len));
pool_write(frontend, processes[i].create_time, strlen(processes[i].create_time));
len = htonl(strlen(processes[i].pool_counter));
pool_write(frontend, &len, sizeof(len));
pool_write(frontend, processes[i].pool_counter, strlen(processes[i].pool_counter));
}
}
send_complete_and_ready(frontend, backend, nrows);
free(processes);
}
int main(int argc, char **argv)
{
const char **searchwords;
int nsearchwords;
int all = 0, all_uids = 0;
int doing_opts = 1;
/*
* Allocate enough space in 'searchwords' that we could shovel the
* whole of our argv into it if we had to. Then we won't have to
* worry about it later.
*/
searchwords = (const char **)malloc((argc+1) * sizeof(const char *));
nsearchwords = 0;
/*
* Parse the command line.
*/
while (--argc > 0) {
char *p = *++argv;
if (doing_opts && *p == '-') {
if (!strcmp(p, "-a") || !strcmp(p, "--all")) {
all = 1;
} else if (!strcmp(p, "-U") || !strcmp(p, "--all-uids")) {
all_uids = 1;
} else if (!strcmp(p, "--version")) {
version();
return 0;
} else if (!strcmp(p, "--help")) {
usage();
return 0;
} else if (!strcmp(p, "--licence") || !strcmp(p, "--license")) {
licence();
return 0;
} else if (!strcmp(p, "--")) {
doing_opts = 0;
} else {
fprintf(stderr, "pid: unrecognised option '%s'\n", p);
return 1;
}
} else {
searchwords[nsearchwords++] = p;
doing_opts = 0; /* further optionlike args become search terms */
}
}
if (!nsearchwords) {
fprintf(stderr, "pid: expected a command to search for; "
"type 'pid --help' for help\n");
return 1;
}
searchwords[nsearchwords] = NULL; /* terminate list */
{
struct pidset procs;
int uid, pid, npids;
/*
* Construct our list of processes.
*/
procs = get_processes();
uid = getuid();
if (uid > 0 && !all_uids)
procs = filter_by_uid(procs, uid);
procs = filter_out_self(procs);
procs = filter_by_command(procs, searchwords);
if (!all)
procs = filter_out_forks(procs);
/*
* Output.
*/
npids = pidset_size(&procs);
if (npids == 0) {
printf("NONE\n");
} else if (all) {
const char *sep = "";
for (pid = pidset_first(&procs); pid >= 0;
pid = pidset_next(&procs)) {
printf("%s%d", sep, pid);
sep = " ";
}
putchar('\n');
} else {
if (npids == 1) {
printf("%d\n", pidset_first(&procs));
} else {
printf("MULTIPLE\n");
}
}
}
return 0;
}