static int filehash_cb (const char *p, const char *f, void *ptr, const SEXP_t *filters) { SEXP_t *itm, *r0, *r1; SEXP_t *cobj = (SEXP_t *) ptr; char pbuf[PATH_MAX+1]; size_t plen, flen; int fd; if (f == NULL) return (0); /* * Prepare path */ plen = strlen (p); flen = strlen (f); if (plen + flen + 1 > PATH_MAX) return (-1); memcpy (pbuf, p, sizeof (char) * plen); if (p[plen - 1] != FILE_SEPARATOR) { pbuf[plen] = FILE_SEPARATOR; ++plen; } memcpy (pbuf + plen, f, sizeof (char) * flen); pbuf[plen+flen] = '\0'; /* * Open the file */ fd = open (pbuf, O_RDONLY); if (fd < 0) { itm = probe_item_create(OVAL_INDEPENDENT_FILE_MD5, NULL, "filepath", OVAL_DATATYPE_STRING, pbuf, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, NULL); probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "Can't get context for %s: %s\n", pbuf, strerror(errno)); probe_item_setstatus(itm, SYSCHAR_STATUS_ERROR); } else { uint8_t md5_dst[16]; size_t md5_dstlen = sizeof md5_dst; char md5_str[32+1]; /* * Compute hash values */ if (crapi_digest_fd (fd, CRAPI_DIGEST_MD5, &md5_dst, &md5_dstlen) != 0) { close (fd); return (-1); } close (fd); mem2hex (md5_dst, sizeof md5_dst, md5_str, sizeof md5_str); /* * Create and add the item */ itm = probe_item_create(OVAL_INDEPENDENT_FILE_MD5, NULL, "filepath", OVAL_DATATYPE_STRING, pbuf, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, "md5", OVAL_DATATYPE_STRING, md5_str, NULL); } probe_cobj_add_item(cobj, itm, filters); SEXP_free (itm); return (0); }
static void handle_exception (int exceptionVector) { int sigval; int addr, length, reg; char *ptr; gdb_i386vector = exceptionVector; if (remote_debug) printf ("vector=%d, sr=0x%x, pc=0x%x\n", exceptionVector, registers[PS], registers[PC]); /* Reply to host that an exception has occurred. Always return the PC, SP, and FP, since gdb always wants them. */ ptr = remcomOutBuffer; *ptr++ = 'T'; sigval = computeSignal (exceptionVector); *ptr++ = hexchars[sigval >> 4]; *ptr++ = hexchars[sigval % 16]; *ptr++ = hexchars[ESP]; *ptr++ = ':'; mem2hex ((char *) ®isters[ESP], ptr, REGBYTES, 0); ptr += REGBYTES * 2; *ptr++ = ';'; *ptr++ = hexchars[EBP]; *ptr++ = ':'; mem2hex ((char *) ®isters[EBP], ptr, REGBYTES, 0); ptr += REGBYTES * 2; *ptr++ = ';'; *ptr++ = hexchars[PC]; *ptr++ = ':'; mem2hex ((char *) ®isters[PC], ptr, REGBYTES, 0); ptr += REGBYTES * 2; *ptr++ = ';'; *ptr = '\0'; putpacket (remcomOutBuffer); while (1 == 1) { error = 0; remcomOutBuffer[0] = 0; getpacket (remcomInBuffer); switch (remcomInBuffer[0]) { case '?': remcomOutBuffer[0] = 'S'; remcomOutBuffer[1] = hexchars[sigval >> 4]; remcomOutBuffer[2] = hexchars[sigval % 16]; remcomOutBuffer[3] = 0; break; case 'd': remote_debug = !(remote_debug); /* toggle debug flag */ break; case 'g': /* return the value of the CPU registers */ mem2hex ((char *) registers, remcomOutBuffer, NUMREGBYTES, 0); break; case 'G': /* set the value of the CPU registers - return OK */ hex2mem (&remcomInBuffer[1], (char *) registers, NUMREGBYTES, 0); strcpy (remcomOutBuffer, "OK"); break; case 'P': /* Set specific register */ ptr = &remcomInBuffer[1]; if (hexToInt (&ptr, ®) && *ptr++ == '=') { hex2mem (ptr, (char *) ®isters[reg], REGBYTES, 0); strcpy (remcomOutBuffer, "OK"); } else { strcpy (remcomOutBuffer, "E01"); debug_error ("malformed register set command; %s", remcomInBuffer); } break; /* mAA..AA,LLLL Read LLLL bytes at address AA..AA */ case 'm': /* TRY TO READ %x,%x. IF SUCCEED, SET PTR = 0 */ ptr = &remcomInBuffer[1]; if (hexToInt (&ptr, &addr)) if (*(ptr++) == ',') if (hexToInt (&ptr, &length)) { ptr = 0; mem_err = 0; mem2hex ((char *) addr, remcomOutBuffer, length, 1); if (mem_err) { strcpy (remcomOutBuffer, "E03"); debug_error ("memory fault", 0); } } if (ptr) { strcpy (remcomOutBuffer, "E01"); debug_error ("malformed read memory command: %s", remcomInBuffer); } break; /* MAA..AA,LLLL: Write LLLL bytes at address AA.AA return OK */ case 'M': /* TRY TO READ '%x,%x:'. IF SUCCEED, SET PTR = 0 */ ptr = &remcomInBuffer[1]; if (hexToInt (&ptr, &addr)) if (*(ptr++) == ',') if (hexToInt (&ptr, &length)) if (*(ptr++) == ':') { mem_err = 0; hex2mem (ptr, (char *) addr, length, 1); if (mem_err) { strcpy (remcomOutBuffer, "E03"); debug_error ("memory fault", 0); } else { strcpy (remcomOutBuffer, "OK"); } ptr = 0; } if (ptr) { strcpy (remcomOutBuffer, "E02"); debug_error ("malformed write memory command: %s", remcomInBuffer); } break; /* cAA..AA Continue at address AA..AA(optional) */ /* sAA..AA Step one instruction from AA..AA(optional) */ case 'c': case 's': /* try to read optional parameter, pc unchanged if no parm */ ptr = &remcomInBuffer[1]; if (hexToInt (&ptr, &addr)) registers[PC] = addr; /* clear the trace bit */ registers[PS] &= 0xfffffeff; /* set the trace bit if we're stepping */ if (remcomInBuffer[0] == 's') registers[PS] |= 0x100; _returnFromException (); /* this is a jump */ break; /* Detach. */ case 'D': putpacket (remcomOutBuffer); registers[PS] &= 0xfffffeff; _returnFromException (); /* this is a jump */ break; /* kill the program */ case 'k': /* do nothing */ break; } /* switch */ /* reply to the request */ putpacket (remcomOutBuffer); } }
/* * This function does all command procesing for interfacing to gdb. */ void gdb_handle_exception (db_regs_t *raw_regs, int type, int code) { int sigval; long addr; int length; char * ptr; struct x86_64regs { unsigned long rax; unsigned long rbx; unsigned long rcx; unsigned long rdx; unsigned long rsi; unsigned long rdi; unsigned long rbp; unsigned long rsp; unsigned long r8; unsigned long r9; unsigned long r10; unsigned long r11; unsigned long r12; unsigned long r13; unsigned long r14; unsigned long r15; unsigned long rip; unsigned long rflags; unsigned int cs; unsigned int ss; }; struct x86_64regs registers; registers.rax = raw_regs->tf_rax; registers.rbx = raw_regs->tf_rbx; registers.rcx = raw_regs->tf_rcx; registers.rdx = raw_regs->tf_rdx; registers.rsp = raw_regs->tf_rsp; registers.rbp = raw_regs->tf_rbp; registers.rsi = raw_regs->tf_rsi; registers.rdi = raw_regs->tf_rdi; registers.r8 = raw_regs->tf_r8; registers.r9 = raw_regs->tf_r9; registers.r10 = raw_regs->tf_r10; registers.r11 = raw_regs->tf_r11; registers.r12 = raw_regs->tf_r12; registers.r13 = raw_regs->tf_r13; registers.r14 = raw_regs->tf_r14; registers.r15 = raw_regs->tf_r15; registers.rip = raw_regs->tf_rip; registers.rflags = raw_regs->tf_rflags; registers.cs = raw_regs->tf_cs; registers.ss = raw_regs->tf_ss; /* reply to host that an exception has occurred */ sigval = computeSignal (type); ptr = remcomOutBuffer; *ptr++ = 'T'; *ptr++ = hexchars[sigval >> 4]; *ptr++ = hexchars[sigval & 0xf]; *ptr++ = hexchars[PC >> 4]; *ptr++ = hexchars[PC & 0xf]; *ptr++ = ':'; ptr = mem2hex ((vm_offset_t)®isters.rip, ptr, 8); *ptr++ = ';'; *ptr++ = hexchars[FP >> 4]; *ptr++ = hexchars[FP & 0xf]; *ptr++ = ':'; ptr = mem2hex ((vm_offset_t)®isters.rbp, ptr, 8); *ptr++ = ';'; *ptr++ = hexchars[SP >> 4]; *ptr++ = hexchars[SP & 0xf]; *ptr++ = ':'; ptr = mem2hex ((vm_offset_t)®isters.rsp, ptr, 8); *ptr++ = ';'; *ptr++ = 0; putpacket (remcomOutBuffer); while (1) { remcomOutBuffer[0] = 0; getpacket (remcomInBuffer); switch (remcomInBuffer[0]) { case '?': remcomOutBuffer[0] = 'S'; remcomOutBuffer[1] = hexchars[sigval >> 4]; remcomOutBuffer[2] = hexchars[sigval % 16]; remcomOutBuffer[3] = 0; break; case 'D': /* detach; say OK and turn off gdb */ putpacket(remcomOutBuffer); boothowto &= ~RB_GDB; return; case 'g': /* return the value of the CPU registers */ mem2hex ((vm_offset_t)®isters, remcomOutBuffer, NUMREGBYTES); break; case 'G': /* set the value of the CPU registers - return OK */ hex2mem (&remcomInBuffer[1], (vm_offset_t)®isters, NUMREGBYTES); strcpy (remcomOutBuffer, "OK"); break; case 'P': /* Set the value of one register */ { int regno; ptr = &remcomInBuffer[1]; if (hexToInt (&ptr, ®no) && *ptr++ == '=' && regno < NUM_REGS) { /* JG */ hex2mem (ptr, (vm_offset_t)®isters + regno * 8, 8); strcpy(remcomOutBuffer,"OK"); } else strcpy (remcomOutBuffer, "P01"); break; } case 'm': /* mAA..AA,LLLL Read LLLL bytes at address AA..AA */ /* Try to read %x,%x. */ ptr = &remcomInBuffer[1]; if (hexToLong (&ptr, &addr) && *(ptr++) == ',' && hexToInt (&ptr, &length)) { if (mem2hex((vm_offset_t) addr, remcomOutBuffer, length) == NULL) strcpy (remcomOutBuffer, "E03"); break; } else strcpy (remcomOutBuffer, "E01"); break; case 'M': /* MAA..AA,LLLL: Write LLLL bytes at address AA.AA return OK */ /* Try to read '%x,%x:'. */ ptr = &remcomInBuffer[1]; if (hexToLong(&ptr,&addr) && *(ptr++) == ',' && hexToInt(&ptr, &length) && *(ptr++) == ':') { if (hex2mem(ptr, (vm_offset_t) addr, length) == NULL) strcpy (remcomOutBuffer, "E03"); else strcpy (remcomOutBuffer, "OK"); } else strcpy (remcomOutBuffer, "E02"); break; /* cAA..AA Continue at address AA..AA(optional) */ /* sAA..AA Step one instruction from AA..AA(optional) */ case 'c' : case 's' : /* try to read optional parameter, pc unchanged if no parm */ ptr = &remcomInBuffer[1]; if (hexToLong(&ptr,&addr)) registers.rip = addr; /* set the trace bit if we're stepping */ if (remcomInBuffer[0] == 's') registers.rflags |= PSL_T; else registers.rflags &= ~PSL_T; raw_regs->tf_rax = registers.rax; raw_regs->tf_rbx = registers.rbx; raw_regs->tf_rcx = registers.rcx; raw_regs->tf_rdx = registers.rdx; raw_regs->tf_rsp = registers.rsp; raw_regs->tf_rbp = registers.rbp; raw_regs->tf_rsi = registers.rsi; raw_regs->tf_rdi = registers.rdi; raw_regs->tf_r8 = registers.r8; raw_regs->tf_r9 = registers.r9; raw_regs->tf_r10 = registers.r10; raw_regs->tf_r11 = registers.r11; raw_regs->tf_r12 = registers.r12; raw_regs->tf_r13 = registers.r13; raw_regs->tf_r14 = registers.r14; raw_regs->tf_r15 = registers.r15; raw_regs->tf_rip = registers.rip; raw_regs->tf_rflags = registers.rflags; raw_regs->tf_cs = registers.cs; raw_regs->tf_ss = registers.ss; return; } /* switch */ /* reply to the request */ putpacket (remcomOutBuffer); } }
/* * This function does all command procesing for interfacing to gdb. */ void gdb_handle_exception (db_regs_t *raw_regs, int type, int code) { int sigval; long addr, length; char * ptr; struct alpharegs { u_int64_t r[32]; u_int64_t f[32]; u_int64_t pc, vfp; }; static struct alpharegs registers; int i; clear_single_step(raw_regs); bzero(®isters, sizeof registers); /* * Map trapframe to registers. * Ignore float regs for now. */ for (i = 0; i < FRAME_SIZE; i++) if (tf2gdb[i] >= 0) registers.r[tf2gdb[i]] = raw_regs->tf_regs[i]; registers.pc = raw_regs->tf_regs[FRAME_PC]; /* reply to host that an exception has occurred */ sigval = computeSignal (type, code); ptr = remcomOutBuffer; *ptr++ = 'T'; *ptr++ = hexchars[sigval >> 4]; *ptr++ = hexchars[sigval & 0xf]; *ptr++ = hexchars[PC >> 4]; *ptr++ = hexchars[PC & 0xf]; *ptr++ = ':'; ptr = mem2hex ((vm_offset_t)®isters.pc, ptr, 8); *ptr++ = ';'; *ptr++ = hexchars[FP >> 4]; *ptr++ = hexchars[FP & 0xf]; *ptr++ = ':'; ptr = mem2hex ((vm_offset_t)®isters.r[FP], ptr, 8); *ptr++ = ';'; *ptr++ = hexchars[SP >> 4]; *ptr++ = hexchars[SP & 0xf]; *ptr++ = ':'; ptr = mem2hex ((vm_offset_t)®isters.r[SP], ptr, 8); *ptr++ = ';'; *ptr++ = 0; putpacket (remcomOutBuffer); while (1) { remcomOutBuffer[0] = 0; getpacket (remcomInBuffer); switch (remcomInBuffer[0]) { case '?': remcomOutBuffer[0] = 'S'; remcomOutBuffer[1] = hexchars[sigval >> 4]; remcomOutBuffer[2] = hexchars[sigval % 16]; remcomOutBuffer[3] = 0; break; case 'D': /* detach; say OK and turn off gdb */ putpacket(remcomOutBuffer); boothowto &= ~RB_GDB; return; case 'k': prom_halt(); /*NOTREACHED*/ break; case 'g': /* return the value of the CPU registers */ mem2hex ((vm_offset_t)®isters, remcomOutBuffer, NUMREGBYTES); break; case 'G': /* set the value of the CPU registers - return OK */ hex2mem (&remcomInBuffer[1], (vm_offset_t)®isters, NUMREGBYTES); strcpy (remcomOutBuffer, "OK"); break; case 'P': /* Set the value of one register */ { long regno; ptr = &remcomInBuffer[1]; if (hexToInt (&ptr, ®no) && *ptr++ == '=' && regno < NUM_REGS) { hex2mem (ptr, (vm_offset_t)®isters + regno * 8, 8); strcpy(remcomOutBuffer,"OK"); } else strcpy (remcomOutBuffer, "P01"); break; } case 'm': /* mAA..AA,LLLL Read LLLL bytes at address AA..AA */ /* Try to read %x,%x. */ ptr = &remcomInBuffer[1]; if (hexToInt (&ptr, &addr) && *(ptr++) == ',' && hexToInt (&ptr, &length)) { if (mem2hex((vm_offset_t) addr, remcomOutBuffer, length) == NULL) strcpy (remcomOutBuffer, "E03"); break; } else strcpy (remcomOutBuffer, "E01"); break; case 'M': /* MAA..AA,LLLL: Write LLLL bytes at address AA.AA return OK */ /* Try to read '%x,%x:'. */ ptr = &remcomInBuffer[1]; if (hexToInt(&ptr,&addr) && *(ptr++) == ',' && hexToInt(&ptr, &length) && *(ptr++) == ':') { if (hex2mem(ptr, (vm_offset_t) addr, length) == NULL) strcpy (remcomOutBuffer, "E03"); else strcpy (remcomOutBuffer, "OK"); } else strcpy (remcomOutBuffer, "E02"); break; /* cAA..AA Continue at address AA..AA(optional) */ /* sAA..AA Step one instruction from AA..AA(optional) */ case 'c' : case 's' : /* try to read optional parameter, pc unchanged if no parm */ ptr = &remcomInBuffer[1]; if (hexToInt(&ptr,&addr)) registers.pc = addr; /* * Map gdb registers back to trapframe (ignoring fp regs). */ for (i = 0; i < NUM_REGS; i++) if (gdb2tf[i] >= 0) raw_regs->tf_regs[gdb2tf[i]] = registers.r[i]; raw_regs->tf_regs[FRAME_PC] = registers.pc; if (remcomInBuffer[0] == 's') if (!set_single_step(raw_regs)) printf("Can't set single step breakpoint\n"); return; } /* switch */ /* reply to the request */ putpacket (remcomOutBuffer); } }
static int filehash58_cb (const char *p, const char *f, const char *h, probe_ctx *ctx) { SEXP_t *itm; char pbuf[PATH_MAX+1]; size_t plen, flen; int fd; if (f == NULL) return (0); /* * Prepare path */ plen = strlen (p); flen = strlen (f); if (plen + flen + 1 > PATH_MAX) return (-1); memcpy (pbuf, p, sizeof (char) * plen); if (p[plen - 1] != FILE_SEPARATOR) { pbuf[plen] = FILE_SEPARATOR; ++plen; } memcpy (pbuf + plen, f, sizeof (char) * flen); pbuf[plen+flen] = '\0'; /* * Open the file */ fd = open (pbuf, O_RDONLY); if (fd < 0) { strerror_r (errno, pbuf, PATH_MAX); pbuf[PATH_MAX] = '\0'; itm = probe_item_create (OVAL_INDEPENDENT_FILE_HASH58, NULL, "filepath", OVAL_DATATYPE_STRING, pbuf, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, "hash_type",OVAL_DATATYPE_STRING, h, NULL); probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "Can't open \"%s\": errno=%d, %s.", pbuf, errno, strerror (errno)); probe_item_setstatus(itm, SYSCHAR_STATUS_ERROR); } else { uint8_t hash_dst[1025]; size_t hash_dstlen = sizeof hash_dst; char hash_str[2051]; crapi_alg_t hash_type; hash_type = oscap_string_to_enum(CRAPI_ALG_MAP, h); hash_dstlen = oscap_string_to_enum(CRAPI_ALG_MAP_SIZE, h); /* * Compute hash value */ if (crapi_mdigest_fd (fd, 1, hash_type, hash_dst, &hash_dstlen) != 0) { close (fd); return (-1); } close (fd); hash_str[0] = '\0'; mem2hex (hash_dst, hash_dstlen, hash_str, sizeof hash_str); /* * Create and add the item */ itm = probe_item_create(OVAL_INDEPENDENT_FILE_HASH58, NULL, "filepath", OVAL_DATATYPE_STRING, pbuf, "path", OVAL_DATATYPE_STRING, p, "filename", OVAL_DATATYPE_STRING, f, "hash_type",OVAL_DATATYPE_STRING, h, "hash", OVAL_DATATYPE_STRING, hash_str, NULL); if (hash_dstlen == 0) { probe_item_add_msg(itm, OVAL_MESSAGE_LEVEL_ERROR, "Unable to compute %s hash value of \"%s\".", h, pbuf); probe_item_setstatus(itm, SYSCHAR_STATUS_ERROR); } } probe_item_collect(ctx, itm); return (0); }