QueryData genProcesses(QueryContext& context) {
QueryData results;
proc_t* proc_info;
PROCTAB* proc = openproc(PROC_SELECTS);
// Populate proc struc for each process.
while ((proc_info = readproc(proc, NULL))) {
Row r;
r["pid"] = INTEGER(proc_info->tid);
r["uid"] = BIGINT((unsigned int)proc_info->ruid);
r["gid"] = BIGINT((unsigned int)proc_info->rgid);
r["euid"] = BIGINT((unsigned int)proc_info->euid);
r["egid"] = BIGINT((unsigned int)proc_info->egid);
r["name"] = proc_name(proc_info);
r["cmdline"] = proc_cmdline(proc_info);
r["path"] = proc_link(proc_info);
r["on_disk"] = osquery::pathExists(r["path"]).toString();
r["resident_size"] = INTEGER(proc_info->vm_rss);
r["phys_footprint"] = INTEGER(proc_info->vm_size);
r["user_time"] = INTEGER(proc_info->utime);
r["system_time"] = INTEGER(proc_info->stime);
r["start_time"] = INTEGER(proc_info->start_time);
r["parent"] = INTEGER(proc_info->ppid);
results.push_back(r);
standard_freeproc(proc_info);
}
closeproc(proc);
return results;
}
QueryData genProcessEnvs(QueryContext& context) {
QueryData results;
proc_t* proc_info;
PROCTAB* proc = openproc(PROC_SELECTS);
// Populate proc struc for each process.
while ((proc_info = readproc(proc, NULL))) {
auto env = proc_env(proc_info);
for (auto itr = env.begin(); itr != env.end(); ++itr) {
Row r;
r["pid"] = INTEGER(proc_info->tid);
r["name"] = proc_name(proc_info);
r["path"] = proc_link(proc_info);
r["key"] = itr->first;
r["value"] = itr->second;
results.push_back(r);
}
standard_freeproc(proc_info);
}
closeproc(proc);
return results;
}
QueryData genProcesses() {
QueryData results;
proc_t* proc_info;
PROCTAB* proc = openproc(PROC_SELECTS);
// Populate proc struc for each process.
while ((proc_info = readproc(proc, NULL))) {
Row r;
r["pid"] = boost::lexical_cast<std::string>(proc_info->tid);
r["name"] = proc_name(proc_info);
r["cmdline"] = proc_cmdline(proc_info);
r["path"] = proc_link(proc_info);
r["on_disk"] = osquery::pathExists(r["path"]).toString();
r["resident_size"] = boost::lexical_cast<std::string>(proc_info->vm_rss);
r["phys_footprint"] = boost::lexical_cast<std::string>(proc_info->vm_size);
r["user_time"] = boost::lexical_cast<std::string>(proc_info->utime);
r["system_time"] = boost::lexical_cast<std::string>(proc_info->stime);
r["start_time"] = boost::lexical_cast<std::string>(proc_info->start_time);
r["parent"] = boost::lexical_cast<std::string>(proc_info->ppid);
results.push_back(r);
standard_freeproc(proc_info);
}
closeproc(proc);
return results;
}
/*
****************************************************************
* Calcula o total de uma <árvore> *
****************************************************************
*/
long
file_analysis (const char *file_nm, int file_len, int dev, int ino, int root)
{
DIR *dir_fd;
const DIRENT *dp;
long dir_total = 0;
char *memnm;
STAT s;
NAME name_list, *lp, *ip;
if (gflag)
error ("file_analysis (%s, %d)", file_nm, root);
/*
* Inicialmente, obtém o estado do arquivo
*/
if (instat (dev, ino, &s) < 0)
{
error ("*Não consegui obter o estado de \"%s\"", file_nm);
ret++;
return (0);
}
/*
****** Arquivo NÃO-diretório ***********************************
*/
if (!S_ISDIR (s.st_mode))
{
int blsize;
if (!pattern_accept (file_nm))
return (0);
if (s.st_nlink > 1 && proc_link (&s))
{
if (gflag)
printf ("L %s\n", file_nm);
return (0);
}
blsize = round_file_size_to_BL (&s);
if (aflag && !root)
printf (du_fmt, edit_sz_value (blsize), file_nm);
return (blsize);
}
/*
****** Diretório ***********************************************
*/
if ((dir_fd = inopendir (s.st_dev, s.st_ino)) == NODIR)
{
error ("*Não consegui abrir o diretório \"%s\"", file_nm);
ret++; return (0);
}
/*
* Lê o conteúdo do diretório
*/
name_list.i_next = NONAME;
ip = alloca (sizeof (NAME));
while ((dp = readdir (dir_fd)) != NODIRENT)
{
if (dp->d_name[0] == '.')
{
if (!dotflag)
continue;
elif (dp->d_name[1] == '\0')
continue;
elif (dp->d_name[1] == '.' && dp->d_name[2] == '\0')
continue;
}
ip->i_nm = alloca (dp->d_namlen + 1);
strcpy (ip->i_nm, dp->d_name);
ip->i_len = dp->d_namlen;
ip->i_ino = dp->d_ino;
/*
* Completa os campos de NAME
*/
/*** ip->i_nm = ... ***/ /* Acima */
/*** ip->i_s = ... ***/ /* Acima */
/*** ip->i_next = ... ***/ /* Abaixo */
/*
* Insere na lista
*/
for (lp = &name_list; lp->i_next != NONAME; lp = lp->i_next)
{
if (strcmp (ip->i_nm, lp->i_next->i_nm) <= 0)
break;
}
ip->i_next = lp->i_next;
lp->i_next = ip;
ip = alloca (sizeof (NAME)); /* Já aloca um seguinte */
} /* end lendo o diretório */
closedir (dir_fd);
/*
* Agora, processa a lista
*/
for (ip = name_list.i_next; ip != NONAME; ip = ip->i_next)
{
int len = file_len + ip->i_len + 1;
memnm = alloca (len + 1);
if (streq (file_nm, "."))
{
strcpy (memnm, ip->i_nm);
len = ip->i_len;
}
else
{
strcpy (memnm, file_nm);
strcat (memnm, "/");
strcat (memnm, ip->i_nm);
}
dir_total += file_analysis (memnm, len, s.st_dev, ip->i_ino, 0 /* Not root */);
}
/*
* Terminou de processar o diretório
* Não esquecer de contar o tamanho do próprio diretório
*/
dir_total += round_file_size_to_BL (&s);
if (dflag && !root)
printf (du_fmt, edit_sz_value (dir_total), file_nm);
return (dir_total);
} /* end file_analysis */
