/* Parse configuration file */ void check_ini(char *path_ini) { struct cnfnode *cn_root; struct cnfmodule *mod_ini; struct cnfresult *cnf_res; register_ini(NULL); mod_ini = find_cnfmodule("ini"); cn_root = cnfmodule_parse_file(mod_ini, path_ini); if (cn_root == NULL) { term_printf ("Could not find INI file: %s\n", path_ini); return; } /* Parse configuration flags */ set_bool_from_ini(cn_root, "general/trace_only_after_first_taint", &conf_trace_only_after_first_taint); set_bool_from_ini(cn_root, "general/log_external_calls", &conf_log_external_calls); set_bool_from_ini(cn_root, "general/write_ops_at_insn_end", &conf_write_ops_at_insn_end); set_bool_from_ini(cn_root, "general/save_state_at_trace_stop", &conf_save_state_at_trace_stop); set_bool_from_ini(cn_root, "tracing/tracing_table_lookup", &tracing_table_lookup); set_bool_from_ini(cn_root, "tracing/tracing_tainted_only", &conf_tainted_only); set_bool_from_ini(cn_root, "tracing/tracing_kernel", &conf_tracing_kernel_all); set_bool_from_ini(cn_root, "tracing/tracing_kernel_tainted", &conf_tracing_kernel_tainted); set_bool_from_ini(cn_root, "tracing/tracing_kernel_partial", &conf_tracing_kernel_partial); /* Parse network configuration */ set_bool_from_ini(cn_root, "network/ignore_dns", &conf_ignore_dns); check_filter_conf(cn_root); print_nic_filter(); /* Find hook configuration file */ cnf_res = cnf_find_entry(cn_root, "function hooks/plugin_ini"); if (cnf_res) strncpy(hook_plugins_filename, cnf_res->cnfnode->value, 255); hook_plugins_filename[255] = '\0'; term_printf("Loading plugin options from: %s\n", hook_plugins_filename); /* Find hooks directory */ cnf_res = cnf_find_entry(cn_root, "function hooks/plugin_directory"); if (cnf_res) { strncpy(hook_dirname, cnf_res->cnfnode->value, 255); hook_dirname[255] = '\0'; } term_printf("Loading plugins from: %s\n", hook_dirname); destroy_cnftree(cn_root); }
/* Param format <pid>:<traceFilename>:<pidToSignal>:<processName> */ void tracing_after_loadvm(const char*param) { char buf[256]; strncpy(buf, param, sizeof(buf) - 1); buf[255] = '\0'; int pid_to_signal = 0; char *pid_str = strtok(buf, ":"); if (!pid_str) return; char *trace_filename = strtok(0, ":"); if (!trace_filename) return; char *pid_to_signal_str = strtok(0, ":"); char *process_name = strtok(0, ":"); char *end = pid_str; int pid = (int) strtol (pid_str, &end, 10); if (end == pid_str) { pid = -1; } /* If no PID or Process_name, return */ if ((process_name == NULL) && (pid == -1)) { monitor_printf(default_mon, "PARAM: %s\n", param); monitor_printf(default_mon, "START: %p END: %p\n", pid_str, end); monitor_printf(default_mon, "No PID or Process_name provided\n"); return; } if (pid_to_signal_str) { end = pid_to_signal_str; pid_to_signal = (int) strtol (pid_to_signal_str, &end, 10); if (end == pid_to_signal_str) { pid_to_signal = 0; } } monitor_printf (default_mon, "PID: %d PID2SIGNAL: %d PROCESS_NAME: %s\n", pid, pid_to_signal, process_name); #ifdef TAINT_ENABLED /* Taint the network */ do_taint_nic_internal(1); /* Filter traffic (read from ini configuration file) */ print_nic_filter(); #endif // #ifdef TAINT_ENABLED /* OS dependant initialization */ if (0 == taskaddr) init_kernel_offsets(); if (0xC0000000 == kernel_mem_start) /* linux */ update_proc(0); /* Load hooks */ do_load_hooks_internal("",""); /* Start trace */ if (process_name == NULL) do_tracing_internal(pid, trace_filename); else do_tracing_by_name_internal(process_name,trace_filename); /* Send signal to notify that trace is ready */ //if (pid_to_signal != 0) kill(pid_to_signal,SIGUSR1); int pipe_fd = open("/tmp/tfd.pipe",O_WRONLY); size_t num_written = write(pipe_fd,"OK",2); if (num_written != 2) { monitor_printf (default_mon, "Error writing to /tmp/tfd.pipe\n"); } close(pipe_fd); }