void initDispatchTables()
{
//
// Load our back-end implementation of EGL/GLES
//
ALOGD("Loading egl dispatch for %s\n", getProcName());
void *gles_android = dlopen("/system/lib/egl/libGLES_android.so", RTLD_NOW | RTLD_LOCAL);
if (!gles_android) {
fprintf(stderr,"FATAL ERROR: Could not load libGLES_android lib\n");
exit(-1);
}
//
// Load back-end EGL implementation library
//
s_dispatch = create_egl_dispatch( gles_android );
if (!s_dispatch) {
fprintf(stderr,"FATAL ERROR: Could not create egl dispatch\n");
exit(-1);
}
//
// initialize gles
//
s_needEncode = isNeedEncode();
void *gles_encoder = NULL;
if (s_needEncode) {
// initialize a connection to the server, and the GLESv1/v2 encoders;
ServerConnection * connection = ServerConnection::s_getServerConnection();
if (connection == NULL) {
ALOGE("couldn't create server connection\n");
s_needEncode = false;
}
}
// init dispatch tabels for GLESv1 & GLESv2
if (s_needEncode) {
// XXX - we do not check the retrun value because there isn't much we can do here on failure.
if (initApi<gl_wrapper_context_t>(GLESv1_DRIVER, GLESv1_enc_LIB, &g_gl_dispatch, getGLContext) < 0) {
// fallback to android on faluire
s_needEncode = false;
} else {
initApi<gl2_wrapper_context_t>(GLESv2_DRIVER, GLESv2_enc_LIB, &g_gl2_dispatch, getGL2Context);
}
}
if (!s_needEncode) {
ALOGD("Initializing native opengl for %s\n", getProcName());
initApi<gl_wrapper_context_t>(GLESv1_DRIVER, GLES_android_LIB, &g_gl_dispatch, getGLContext);
// try to initialize gl2 from GLES, though its probably going to fail
initApi<gl2_wrapper_context_t>(GLESv2_DRIVER, GLES_android_LIB, &g_gl2_dispatch, getGL2Context);
}
}
QueryData genProcessEnvs(QueryContext &context) {
QueryData results;
auto pidlist = getProcList();
int argmax = genMaxArgs();
for (auto &pid : pidlist) {
if (!context.constraints["pid"].matches<int>(pid)) {
// Optimize by not searching when a pid is a constraint.
continue;
}
auto env = getProcEnv(pid, argmax);
for (auto env_itr = env.begin(); env_itr != env.end(); ++env_itr) {
Row r;
r["pid"] = INTEGER(pid);
r["name"] = getProcName(pid);
r["path"] = getProcPath(pid);
r["key"] = env_itr->first;
r["value"] = env_itr->second;
results.push_back(r);
}
}
return results;
}
bool isNeedEncode()
{
const char *procname = getProcName();
if (procname == NULL) return false;
ALOGD("isNeedEncode? for %s\n", procname);
// check on our whitelist
FILE *fp = fopen(GLES_EMUL_TARGETS_FILE, "rt");
if (fp == NULL) {
ALOGE("couldn't open %s\n", GLES_EMUL_TARGETS_FILE);
return false;
}
char line[100];
bool found = false;
size_t procnameLen = strlen(procname);
while (fgets(line, sizeof(line), fp) != NULL) {
if (strlen(line) >= procnameLen &&
!strncmp(procname, line, procnameLen)) {
char c = line[procnameLen];
if (c == '\0' || c == ' ' || c == '\t' || c == '\n') {
found = true;
ALOGD("should use encoder for %s\n", procname);
break;
}
}
}
fclose(fp);
return found;
}
void
db_task_name(
task_t task)
{
register unsigned char *p;
register int n;
unsigned int vaddr, kaddr;
unsigned char tname[33];
int i;
p = 0;
tname[0] = 0;
if(task->bsd_info) p = getProcName((struct proc *)(task->bsd_info)); /* Point to task name */
if(p) {
for(i = 0; i < 32; i++) { /* Move no more than 32 bytes */
tname[i] = p[i];
if(p[i] == 0) break;
}
tname[i] = 0;
db_printf("%s", tname);
}
else db_printf("no name");
}
int main(int argc,char *argv[])
{
char path[MAX_FILE_PATH];
char procname[100];
DIR *dirp;
struct dirent *dp;
if (argc < 2 || strcmp(argv[1],"--help") == 0)
{
usageErr("usage:%s filepath\n",argv[0]);
}
/* Open dir */
dirp = opendir("/proc");
if (dirp == NULL)
{
errExit("open dir");
}
printf(" This proc open file %s\n",argv[1]);
printf("==================================================================\n");
printf("%-40s%15s\n","Name","PID");
printf("==================================================================\n");
/* transfer dir */
for (;;)
{
memset(path,MAX_FILE_PATH,0);
errno = 0;
dp = readdir(dirp);
if (dp == NULL)
{
break;
}
if (dp->d_type != DT_DIR || strcmp(dp->d_name,".") == 0
|| strcmp(dp->d_name,"..") == 0 || !isdigit((unsigned char)dp->d_name[0]))
{
continue;
}
strcpy(path,"/proc/");
strcat(path,dp->d_name);
strcat(path,"/fd");
if (isOpenFile(path,argv[1]) == 1)
{
getProcName(dp->d_name,procname);
printf("%-40s%15d\n",procname,getInt(dp->d_name,GN_NONNEG,"pid"));
}
}
if (closedir(dirp) == -1)
{
errExit("close dir");
}
}
int checkAgainstWhitelist(char *pid)
{
const int PATH_MAX_LENGTH = 40;
const int LINE_MAX_LENGTH = 100;
const int WHITESPACE_SIZE = 1;
//printf("checkAgainstWhitelist function, process name is %s\n", processName);
//printf("checking against white list for %s...\n", pid);
char *processName = getProcName(atoi(pid));
if (processName == NULL){
return 0;
}
//read from whitelist file and compare process name
char path[PATH_MAX_LENGTH], line[LINE_MAX_LENGTH], *p;
FILE* whitelistf;
snprintf(path, PATH_MAX_LENGTH, WHITELIST_FILE);
whitelistf = fopen(path, "r");
//printf("opening white list at %s\n", path);
//check if file exist
if(!whitelistf){
//printf("whitelist file not found\n");
return NULL;
}
char processNameArr[10];
snprintf(processNameArr, 10, "%s",processName);
while(fgets(line, LINE_MAX_LENGTH, whitelistf)){
char *ret;
ret = strstr(line, processNameArr);
//printf("check %s %s\n", line,processNameArr);
//printf("return is %s\n", ret);
if (ret == NULL) {
continue;
}
if( strncmp(ret, processNameArr, strlen(processNameArr)) != 0 ){
continue;
}else {
//inside whitelist
printf("process inside whitelist\n");
LOGI("Injecting pid %s",pid);
LOGI("Injecting packagename %s",line);
return 1;
}
}
//printf("process not inside whitelist\n");
return 0;
}
int findZygotePid()
{
const int MAX_PID_SEARCH = 1000;
const char ZYGOTE[] = "zygote";
int pid = 1;
char* output;
for (pid=1; pid<MAX_PID_SEARCH; pid++){
output = getProcName(pid);
//printf("output is %s\n", output);
if (output != NULL && strncmp(output, ZYGOTE, strlen(ZYGOTE)) == 0) {
//printf("found zygote\n");
//printf("zygote name returned is %s\n", output);
return pid;
}
}
}
static __attribute__((no_instrument_function)) void
trace ( const char *state, void *this_fn, void *call_site )
{
unsigned long now = getOffsetMsec();
const char *p = getProcName();
const char *t = getThreadName();
if ( firsttime ) {
setup();
if ( fp != NULL ) {
fprintf(fp,"!:state:process:thread:mSecTime:this_fn:call_site\n");
}
}
if ( fp != NULL ) {
fprintf(fp,"@:%s:%s:%s"
":%lu:%08lx:%08lx\n",
state,p,t,
now,(unsigned long)this_fn,(unsigned long)call_site);
fflush(fp);
}
}
size_t Diagnosis::whoUseMe(std::vector<std::string>& appList, std::string const& oneFilePath) {
DWORD dwSession = 0;
WCHAR szSessionKey[CCH_RM_SESSION_KEY + 1] = { 0 };
UINT nProcInfoNeeded = 0;
UINT nProcInfo = 0;
RM_PROCESS_INFO* pRgpi = NULL;
DWORD dwReason;
DWORD dwError = 0;
wchar_t* pwcs = NULL;
char* pApp = NULL;
try {
dwError = RmStartSession(&dwSession, 0, szSessionKey);
if (dwError != ERROR_SUCCESS) {
throw std::runtime_error("fail to start restart manager.");
}
// convert char string to wchar string
pwcs = new wchar_t[oneFilePath.size() + 1]();
MultiByteToWideChar(CP_ACP, 0, oneFilePath.c_str(), oneFilePath.size(), pwcs, oneFilePath.size() + 1);
LPCWSTR supervisedFiles[] = {pwcs};
dwError = RmRegisterResources(dwSession, 1, supervisedFiles, 0, NULL, 0, NULL);
if (dwError != ERROR_SUCCESS) {
std::string msg("fail to register resources. system error code: ");
msg += std::to_string(dwError) + ", refer to: http://msdn.microsoft.com/en-us/library/windows/desktop/aa373663(v=vs.85).aspx";
throw std::runtime_error(msg);
}
// first try to get process list max 5
nProcInfo = 5;
pRgpi = new RM_PROCESS_INFO[nProcInfo];
dwError = RmGetList(dwSession, &nProcInfoNeeded, &nProcInfo, pRgpi, &dwReason);
// there are more than 5 process using the file, then get them all
if (dwError == ERROR_MORE_DATA) {
// get list of all the process info
delete[] pRgpi;
nProcInfo = nProcInfoNeeded;
pRgpi = new RM_PROCESS_INFO[nProcInfo];
dwError = RmGetList(dwSession, &nProcInfoNeeded, &nProcInfo, pRgpi, &dwReason);
}
if (dwError != ERROR_SUCCESS) {
std::string msg("fail to get process list. system error code: ");
msg += std::to_string(dwError) + ", refer to: http://msdn.microsoft.com/en-us/library/windows/desktop/aa373661(v=vs.85).aspx";
throw std::runtime_error(msg);
}
getProcName(appList, nProcInfo, pRgpi);
RmEndSession(dwSession);
}
catch (std::exception const& e) {
std::cerr << e.what() << std::endl;
RmEndSession(dwSession);
}
delete[] pRgpi;
delete[] pwcs;
delete[] pApp;
return nProcInfoNeeded;
}
int fm_loop (FileMonitor *fm, FileMonitorCallback cb) {
FileMonitorEvent ev = {0};
uint8_t buf[FM_BUFSIZE] = {0};
int arg_len, rc, buf_idx = 0, buf_end = -1;
if (sizeof (FMEventStruct) != 12) {
eprintf ("Invalid FMEventStruct, check your compiler\n");
return 0;
}
for (;;) {
int rewind = 0;
if (buf_idx == buf_end) {
buf_idx = 0;
} else if (buf_idx > 0) {
if (buf_idx > buf_end) {
eprintf ("Overflow detected and corrected (%d, %d)\n", buf_idx, buf_end);
buf_idx = 0;
} else {
memmove (buf, buf + buf_idx, (buf_end - buf_idx));
rewind = buf_idx = (buf_end - buf_idx);
}
}
if (buf_idx > FM_BUFSIZE) {
eprintf ("Warning: Some data is lost in fsevents data read (%d, %d)\n", buf_idx, FM_BUFSIZE);
buf_idx = 0;
}
memset (buf + buf_idx, 0x00, FM_BUFSIZE - buf_idx);
rc = read (fm->fd, buf + buf_idx, FM_BUFSIZE - buf_idx);
// hexdump (buf+buf_idx, rc, 0); //arg_len + 2, 0);
if (rc < 1) {
perror ("read");
return 0;
}
buf_idx = 0;
buf_end = buf_idx + rc;
if (fm->stop)
return 0;
if (buf_end >= sizeof (buf))
buf_end = sizeof (buf);
while (buf_idx + 1 < buf_end) {
FMEventStruct *fme = (FMEventStruct*) (buf + buf_idx);
/* initialize on first set */
if (ev.type == -1) {
ev.type = fme->type;
ev.pid = fme->val.u32;
ev.proc = ev.proc = getProcName (ev.pid, &ev.ppid);
ev.file = (const char *)buf + buf_idx + sizeof (FMEventStruct);
}
/* parse data packet */
arg_len = parse_event (&ev, fme);
if (arg_len == -1) {
if (ev.pid && ev.type != -1 && cb) cb (fm, &ev);
fsevent_free (&ev);
arg_len = 2;
} else if (arg_len < 1) {
arg_len = sizeof (FMEventStruct);
} else if (arg_len > (buf_end - buf_idx)) {
arg_len = sizeof (FMEventStruct) + 2;
eprintf ("Invalid length in fsevents data packet (%d, %d)\n",
arg_len, buf_end - buf_idx);
}
buf_idx += arg_len;
}
}
return 0;
}
QueryData genProcesses(QueryContext &context) {
QueryData results;
auto pidlist = getProcList();
auto parent_pid = getParentMap(pidlist);
int argmax = genMaxArgs();
for (auto &pid : pidlist) {
if (!context.constraints["pid"].matches<int>(pid)) {
// Optimize by not searching when a pid is a constraint.
continue;
}
Row r;
r["pid"] = INTEGER(pid);
r["name"] = getProcName(pid);
r["path"] = getProcPath(pid);
r["cmdline"] = boost::algorithm::join(getProcArgs(pid, argmax), " ");
proc_cred cred;
if (getProcCred(pid, cred)) {
r["uid"] = BIGINT(cred.real.uid);
r["gid"] = BIGINT(cred.real.gid);
r["euid"] = BIGINT(cred.effective.uid);
r["egid"] = BIGINT(cred.effective.gid);
}
const auto parent_it = parent_pid.find(pid);
if (parent_it != parent_pid.end()) {
r["parent"] = INTEGER(parent_it->second);
} else {
r["parent"] = "-1";
}
// if the path of the executable that started the process is available and
// the path exists on disk, set on_disk to 1. if the path is not
// available, set on_disk to -1. if, and only if, the path of the
// executable is available and the file does not exist on disk, set on_disk
// to 0.
r["on_disk"] = osquery::pathExists(r["path"]).toString();
// systems usage and time information
struct rusage_info_v2 rusage_info_data;
int rusage_status = proc_pid_rusage(
pid, RUSAGE_INFO_V2, (rusage_info_t *)&rusage_info_data);
// proc_pid_rusage returns -1 if it was unable to gather information
if (rusage_status == 0) {
// size information
r["wired_size"] = TEXT(rusage_info_data.ri_wired_size);
r["resident_size"] = TEXT(rusage_info_data.ri_resident_size);
r["phys_footprint"] = TEXT(rusage_info_data.ri_phys_footprint);
// time information
r["user_time"] = TEXT(rusage_info_data.ri_user_time);
r["system_time"] = TEXT(rusage_info_data.ri_system_time);
r["start_time"] = TEXT(rusage_info_data.ri_proc_start_abstime);
}
// save the results
results.push_back(r);
}
return results;
}
void
main (int argc, char **argv)
{
int fsed, cloned_fsed;
int i;
int rc;
fsevent_clone_args clone_args;
unsigned short *arg_type;
char buf[BUFSIZE];
// Open the device
fsed = open ("/dev/fsevents", O_RDONLY);
int8_t events[FSE_MAX_EVENTS];
if (geteuid())
{
fprintf(stderr,"Opening /dev/fsevents requires root permissions\n");
}
if (fsed < 0)
{
perror ("open");
exit(1);
}
// Prepare event mask list. In our simple example, we want everything
// (i.e. all events, so we say "FSE_REPORT" all). Otherwise, we
// would have to specifically toggle FSE_IGNORE for each:
//
// e.g.
// events[FSE_XATTR_MODIFIED] = FSE_IGNORE;
// events[FSE_XATTR_REMOVED] = FSE_IGNORE;
// etc..
for (i = 0; i < FSE_MAX_EVENTS; i++)
{
events[i] = FSE_REPORT;
}
// Get ready to clone the descriptor:
memset(&clone_args, '\0', sizeof(clone_args));
clone_args.fd = &cloned_fsed; // This is the descriptor we get back
clone_args.event_queue_depth = 10;
clone_args.event_list = events;
clone_args.num_events = FSE_MAX_EVENTS;
// Do it.
rc = ioctl (fsed, FSEVENTS_CLONE, &clone_args);
if (rc < 0) { perror ("ioctl"); exit(2);}
// We no longer need original..
close (fsed);
// And now we simply read, ad infinitum (aut nauseam)
while ((rc = read (cloned_fsed, buf, BUFSIZE)) > 0)
{
// rc returns the count of bytes for one or more events:
int offInBuf = 0;
while (offInBuf < rc) {
struct kfs_event_a *fse = (struct kfs_event_a *)(buf + offInBuf);
struct kfs_event_arg *fse_arg;
// if (offInBuf) { printf ("Next event: %d\n", offInBuf);};
printf ("%s (PID:%d) %s ", getProcName(fse->pid), fse->pid , typeToString(fse->type) );
offInBuf+= sizeof(struct kfs_event_a);
fse_arg = (struct kfs_event_arg *) &buf[offInBuf];
printf ("%s\n", fse_arg->data);
offInBuf += sizeof(kfs_event_arg) + fse_arg->pathlen ;
int arg_len = doArg(buf + offInBuf);
offInBuf += arg_len;
while (arg_len >2)
{
arg_len = doArg(buf + offInBuf);
offInBuf += arg_len;
}
}
if (rc > offInBuf) { printf ("***Warning: Some events may be lost\n"); }
}
}