C++ (Cpp) procname_clear Exemples

Exemple #1

0

Afficher le fichier

Fichier : tfd.c Projet : xqx12/decaf-tfd

static int tracing_init(void)
{
  // Setup signal handler to stop tracing
  signal(SIGUSR1, stoptracing);

  // SIGUSR2 is used by QEMU

  // Setup signal handler to exit emulator
  signal(SIGTERM, killqemu);

  // Clear trace start condition buffers
  procname_clear(); 
  modname_clear(); 

  // No Sleuthkit for now
  // bzero(disk_info, sizeof(disk_info_t) * IF_COUNT * MAX_DISKS);
  // qemu_pread = (qemu_pread_t)DECAF_bdrv_pread;

  // Parse configuration file
  int err = check_ini(ini_main_default_filename);
  if (err) {
    monitor_printf (default_mon, "Could not find INI file: %s\n"
                 "Use the command 'load_config <filename> to provide it.\n", 
                 ini_main_default_filename);
  }

  return 0;
}

Exemple #2

0

Afficher le fichier

Fichier : commands.c Projet : ITh4cker/DECAF

static int tracing_init(void) {
	int err = 0;

	procname_clear();
	// Parse configuration file
	err = check_ini(ini_main_default_filename);
	if (err) {
		DECAF_printf( "Could not find INI file: %s\n"
				"Use the command 'load_config <filename> to provide it.\n",
				ini_main_default_filename);
	}
	return 0;
}

Exemple #3

0

Afficher le fichier

Fichier : commands.c Projet : ITh4cker/DECAF

static void my_loadmainmodule_notify(VMI_Callback_Params * params) {

	char *name = params->cp.name;
	if (procname_is_set()) {
		if (procname_match(name)) {

			do_tracing_internal(params->cp.pid, tracefile);
			trackproc_start(params->cp.pid);
			DECAF_printf( "Tracing %s\n", procname_get());
			procname_clear();
		}
	}

}

Exemple #4

0

Afficher le fichier

Fichier : tfd.c Projet : xqx12/decaf-tfd

static void tracing_proc_start(procmod_Callback_Params * params)
{
  /* If tracingbyname, check if this is the process to trace. 
      If so, start the trace */
  if (procname_is_set()) {
    if (procname_match(params->lmm.name)) {
      uint32_t pid = params->lmm.pid;

      // Start tracing
      do_tracing_internal(pid, tracefile);
      monitor_printf(default_mon, "Tracing %s\n", procname_get());

      // No need to keep monitoring process name
      procname_clear();
    }
  }

  /* If tracing child and first child 
       then trace child instead of parent and enable logging */
  if (tracing_child && trackproc_found_child()) {
    uint32_t curr_pid = trackproc_get_current_pid();
    if ((trackproc_find_pid(curr_pid) != -1) &&
        (curr_pid != trackproc_get_root_pid()))
    {
      uint32_t child_cr3 = find_cr3(curr_pid);

      if (0 == child_cr3) {
        monitor_printf(default_mon, 
                        "CR3 for child process %d not found\n",curr_pid);
      }
      else {
        decaf_plugin->monitored_cr3 = child_cr3;
        tracepid = curr_pid;
        tracecr3 = child_cr3;
        monitor_printf(default_mon, 
                        "Now tracing child process. PID: %d CR3: 0x%08x\n",
                        curr_pid, child_cr3);
        skip_trace_write = 0;
        tracing_child = 0;
      }
    }
  }
}