QueryData genProcesses(QueryContext& context) { QueryData results; proc_t* proc_info; PROCTAB* proc = openproc(PROC_SELECTS); // Populate proc struc for each process. while ((proc_info = readproc(proc, NULL))) { Row r; r["pid"] = INTEGER(proc_info->tid); r["uid"] = BIGINT((unsigned int)proc_info->ruid); r["gid"] = BIGINT((unsigned int)proc_info->rgid); r["euid"] = BIGINT((unsigned int)proc_info->euid); r["egid"] = BIGINT((unsigned int)proc_info->egid); r["name"] = proc_name(proc_info); r["cmdline"] = proc_cmdline(proc_info); r["path"] = proc_link(proc_info); r["on_disk"] = osquery::pathExists(r["path"]).toString(); r["resident_size"] = INTEGER(proc_info->vm_rss); r["phys_footprint"] = INTEGER(proc_info->vm_size); r["user_time"] = INTEGER(proc_info->utime); r["system_time"] = INTEGER(proc_info->stime); r["start_time"] = INTEGER(proc_info->start_time); r["parent"] = INTEGER(proc_info->ppid); results.push_back(r); standard_freeproc(proc_info); } closeproc(proc); return results; }
QueryData genProcessEnvs(QueryContext& context) { QueryData results; proc_t* proc_info; PROCTAB* proc = openproc(PROC_SELECTS); // Populate proc struc for each process. while ((proc_info = readproc(proc, NULL))) { auto env = proc_env(proc_info); for (auto itr = env.begin(); itr != env.end(); ++itr) { Row r; r["pid"] = INTEGER(proc_info->tid); r["name"] = proc_name(proc_info); r["path"] = proc_link(proc_info); r["key"] = itr->first; r["value"] = itr->second; results.push_back(r); } standard_freeproc(proc_info); } closeproc(proc); return results; }
QueryData genProcesses() { QueryData results; proc_t* proc_info; PROCTAB* proc = openproc(PROC_SELECTS); // Populate proc struc for each process. while ((proc_info = readproc(proc, NULL))) { Row r; r["pid"] = boost::lexical_cast<std::string>(proc_info->tid); r["name"] = proc_name(proc_info); r["cmdline"] = proc_cmdline(proc_info); r["path"] = proc_link(proc_info); r["on_disk"] = osquery::pathExists(r["path"]).toString(); r["resident_size"] = boost::lexical_cast<std::string>(proc_info->vm_rss); r["phys_footprint"] = boost::lexical_cast<std::string>(proc_info->vm_size); r["user_time"] = boost::lexical_cast<std::string>(proc_info->utime); r["system_time"] = boost::lexical_cast<std::string>(proc_info->stime); r["start_time"] = boost::lexical_cast<std::string>(proc_info->start_time); r["parent"] = boost::lexical_cast<std::string>(proc_info->ppid); results.push_back(r); standard_freeproc(proc_info); } closeproc(proc); return results; }
/* **************************************************************** * Calcula o total de uma <árvore> * **************************************************************** */ long file_analysis (const char *file_nm, int file_len, int dev, int ino, int root) { DIR *dir_fd; const DIRENT *dp; long dir_total = 0; char *memnm; STAT s; NAME name_list, *lp, *ip; if (gflag) error ("file_analysis (%s, %d)", file_nm, root); /* * Inicialmente, obtém o estado do arquivo */ if (instat (dev, ino, &s) < 0) { error ("*Não consegui obter o estado de \"%s\"", file_nm); ret++; return (0); } /* ****** Arquivo NÃO-diretório *********************************** */ if (!S_ISDIR (s.st_mode)) { int blsize; if (!pattern_accept (file_nm)) return (0); if (s.st_nlink > 1 && proc_link (&s)) { if (gflag) printf ("L %s\n", file_nm); return (0); } blsize = round_file_size_to_BL (&s); if (aflag && !root) printf (du_fmt, edit_sz_value (blsize), file_nm); return (blsize); } /* ****** Diretório *********************************************** */ if ((dir_fd = inopendir (s.st_dev, s.st_ino)) == NODIR) { error ("*Não consegui abrir o diretório \"%s\"", file_nm); ret++; return (0); } /* * Lê o conteúdo do diretório */ name_list.i_next = NONAME; ip = alloca (sizeof (NAME)); while ((dp = readdir (dir_fd)) != NODIRENT) { if (dp->d_name[0] == '.') { if (!dotflag) continue; elif (dp->d_name[1] == '\0') continue; elif (dp->d_name[1] == '.' && dp->d_name[2] == '\0') continue; } ip->i_nm = alloca (dp->d_namlen + 1); strcpy (ip->i_nm, dp->d_name); ip->i_len = dp->d_namlen; ip->i_ino = dp->d_ino; /* * Completa os campos de NAME */ /*** ip->i_nm = ... ***/ /* Acima */ /*** ip->i_s = ... ***/ /* Acima */ /*** ip->i_next = ... ***/ /* Abaixo */ /* * Insere na lista */ for (lp = &name_list; lp->i_next != NONAME; lp = lp->i_next) { if (strcmp (ip->i_nm, lp->i_next->i_nm) <= 0) break; } ip->i_next = lp->i_next; lp->i_next = ip; ip = alloca (sizeof (NAME)); /* Já aloca um seguinte */ } /* end lendo o diretório */ closedir (dir_fd); /* * Agora, processa a lista */ for (ip = name_list.i_next; ip != NONAME; ip = ip->i_next) { int len = file_len + ip->i_len + 1; memnm = alloca (len + 1); if (streq (file_nm, ".")) { strcpy (memnm, ip->i_nm); len = ip->i_len; } else { strcpy (memnm, file_nm); strcat (memnm, "/"); strcat (memnm, ip->i_nm); } dir_total += file_analysis (memnm, len, s.st_dev, ip->i_ino, 0 /* Not root */); } /* * Terminou de processar o diretório * Não esquecer de contar o tamanho do próprio diretório */ dir_total += round_file_size_to_BL (&s); if (dflag && !root) printf (du_fmt, edit_sz_value (dir_total), file_nm); return (dir_total); } /* end file_analysis */