def timer_callback(self, ctx):
fe.log("calling functions!")
# e = fe.translate_ksym2v('init_task')
# fe.log(f'TRANSLATE_KSYM2V init_task: {e}')
self.do_pslist(pause=True)
fe.log("done!")
fe.exit()
def timer_callback(self, ctx):
timeit_on = False
cprof_bo = False
once = True
if timeit_on:
self.log = []
self.msgs = []
self.procs = []
fe.log("prepping batch obj")
self.prep_batch_pslist_self()
fe.pause_vm()
fe.log("running timeit")
t = timeit.Timer(lambda: self.do_batch_pslist_new()).timeit(
number=100)
fe.log("done timeit")
fe.resume_vm()
t = t / 100.0
fe.log("timeit pslist in {sec:.6f} seconds".format(sec=t))
self.summarize()
if once:
fe.log("prepping batch obj")
self.prep_batch_pslist_self()
gc.disable()
fe.log("running pipeline")
self.do_batch_pslist_new(pause=False)
fe.log("done pipeline")
gc.enable()
self.summarize()
if cprof_bo:
self.log = []
self.msgs = []
self.procs = []
self.prep_batch_pslist_self()
fe.pause_vm()
cProfile.runctx(
"self.do_batch_pslist_new()",
globals(),
locals(),
filename="/home/micah/femain.pipeline.profile",
)
fe.resume_vm()
self.summarize()
fe.log("calls: %s" % self.calls)
fe.log("procs: %s" % self.procs)
fe.log("calling exit")
fe.exit()
def timer_callback(self, ctx):
fe.log(f"TIMER CALLBACK {self.ticks}")
if self.ticks == 0:
fe.log("dk_start_syscall")
self.do_dk_start_syscall(self.be_callback, fe.ASYNC)
if self.ticks == 10:
fe.log("dk_stop_syscall")
self.do_dk_stop_syscall()
fe.exit()
self.ticks += 1
def be_callback(self, ctx):
fe.log(f'BE CALLBACK: {ctx}')
self.two_way = True
# msg format: {'cmd': 'foo', 'data': 'bar', 'ix': dump_order, 'hash': hash}
# ALL ASYNC
# FE: hi, waiting, memdump_running, memdump_done, error
# BE: memdump_cmd: go, stop
msg = json.loads(ctx.message)
fe.log(f'JSON message: {msg}')
if msg['cmd'] == 'memdump_cmd' and msg['data'] == 'go':
if self.did >= 0:
fe.log(f'error, dump already in procress (eid={self.did})')
fe.notify(
json.dumps({
'cmd': 'error',
'data': 'memdump already running'
}))
else:
fe.log(f'running memdump')
fe.notify(
json.dumps({
'cmd': 'memdump_running',
'data': time.time()
}))
self.did = fe.event_register({
'event_type': fe.TIMER,
'time_value': 0.0,
'callback': self.memdump_callback
})
fe.log(f'registered new event {self.did}')
elif msg['cmd'] == 'memdump_cmd' and msg['data'] == 'stop':
if self.did >= 0:
fe.event_clear(self.did)
self.did = -1
fe.log(f'canceled dump')
else:
fe.log(f'error, no dump in procress (eid={self.did})')
elif msg['cmd'] == 'memdump_cmd' and msg['data'] == 'exit':
fe.log('was commanded to exit...')
fe.exit()
fe.log('BE CALLBACK done')
def __init__(self, ctx):
fe.set_name("modlist")
self.pslist = {}
self.lookups = {
"name_offset": fe.lookup_structure("task_struct", "comm"),
"pid_offset": fe.lookup_structure("task_struct", "pid"),
"tasks_offset": fe.lookup_structure("task_struct", "tasks"),
"modules": fe.lookup_symbol("modules"),
}
e = {"event_type": fe.BE, "callback": self.be_callback}
fe.event_register(e)
self.do_modlist()
fe.exit()
def __init__(self, ctx):
fe.log("in pslist_dk constructor")
fe.set_name("pslist_dk")
e = {"event_type": fe.BE, "callback": self.be_callback}
fe.event_register(e)
self.pslist = {}
self.log = []
self.calls = []
self.msgs = []
self.procs = []
timeit_on = False
cprof = False
if cprof:
self.do_dk_pslist(pause=True) # zmq warmup
cProfile.runctx(
"self.do_dk_pslist()",
globals(),
locals(),
filename="/home/micah/femain.dk.profile",
)
if timeit_on:
self.do_dk_pslist(pause=True) # zmq warmup
fe.pause_vm()
t = timeit.Timer(lambda: self.do_dk_pslist()).timeit(number=100)
t = t / 100.0
fe.resume_vm()
fe.log("timeit pslist in {sec:.6f} seconds".format(sec=t))
else:
self.pslist = {}
gc.disable()
self.do_dk_pslist(pause=True)
gc.enable()
fe.log(self.pslist)
for l in self.log:
fe.log(l)
fe.log("calls: %s" % self.calls)
fe.log("procs: %s" % self.procs)
fe.log("msgs: %s" % self.msgs)
fe.log("leaving pslist_dk constructor")
fe.exit()
def be_callback(self, ctx):
fe.log(f"BE CALLBACK: {ctx}")
self.two_way = True
# msg format: {'cmd': 'foo', 'data': 'bar', 'ix': dump_order, 'hash': hash}
# ALL ASYNC
# FE: hi, waiting, memdump_running, memdump_done, error
# BE: memdump_cmd: go, stop
msg = json.loads(ctx.message)
fe.log(f"JSON message: {msg}")
if msg["cmd"] == "memdump_cmd" and msg["data"] == "go":
if self.did >= 0:
fe.log(f"error, dump already in procress (eid={self.did})")
fe.notify(
json.dumps({"cmd": "error", "data": "memdump already running"})
)
else:
fe.log(f"running memdump")
fe.notify(json.dumps({"cmd": "memdump_running", "data": time.time()}))
self.did = fe.event_register(
{
"event_type": fe.TIMER,
"time_value": 0.0,
"callback": self.memdump_callback,
}
)
fe.log(f"registered new event {self.did}")
elif msg["cmd"] == "memdump_cmd" and msg["data"] == "stop":
if self.did >= 0:
fe.event_clear(self.did)
self.did = -1
fe.log(f"canceled dump")
else:
fe.log(f"error, no dump in procress (eid={self.did})")
elif msg["cmd"] == "memdump_cmd" and msg["data"] == "exit":
fe.log("was commanded to exit...")
fe.exit()
fe.log("BE CALLBACK done")
def timer_callback(self, ctx):
timeit_on = False
cprof = False
once = True
if cprof:
self.do_batch_pslist(pause=True) # zmq warmup
cProfile.runctx(
"self.do_batch_pslist()",
globals(),
locals(),
filename="/home/micah/femain.batch.profile",
)
if timeit_on:
fe.log("warming up")
self.do_batch_pslist(pause=True) # zmq warmup
fe.pause_vm()
fe.log("running timeit")
t = timeit.Timer(lambda: self.do_batch_pslist()).timeit(number=100)
fe.log("done timeit")
fe.resume_vm()
t = t / 100.0
fe.log("timeit pslist in {sec:.6f} seconds".format(sec=t))
if once:
self.pslist = {}
gc.disable()
self.do_batch_pslist(pause=True)
gc.enable()
# fe.log(self.pslist)
for l in self.log:
fe.log(l)
fe.log("calls: %s" % self.calls)
fe.log("procs: %s" % self.procs)
fe.log("msgs: %s" % self.msgs)
fe.log("leaving batching constructor")
fe.exit()
def timer_callback(self, ctx):
now = time.time()
if self.last + 10 < now:
fe.log("refreshing pslist")
# pslist[proc.pid] = {'name': proc.name, 'process_block_ptr': proc.process_block_ptr}
self.pslist = fe.process_list()
# fe.log(f'#procs: {len(self.pslist)}')
for pid, proc in self.pslist.items():
if proc["name"] == "sshd":
fe.log(f"found sshd: {pid} {proc}")
if not self.target_proc:
self.target_proc["pid"] = pid
for k, v in proc.items():
self.target_proc[k] = v
for k, v in self.enumerate_proc(
proc["process_block_ptr"]).items():
self.target_proc[k] = v
fe.log(f"loading target_proc {self.target_proc}")
if self.state == INIT:
fe.log(f"installing breakpoint on commit_creds")
address = self.l["commit_creds"]
e = {
"event_type": fe.INT,
"sync": fe.SYNC,
"bp_pid": fe.KERNEL,
"bp_addr": address,
"callback": self.commit_creds_callback,
}
try:
eid = fe.event_register(e)
except Exception:
fe.log(f"could not inject at commit_creds")
errors.append("commit_creds")
else:
self.events[eid] = address
fe.log(f"event is {eid}")
self.symbols[address] = {
"address": address,
"t": "T",
"func_name": "commit_creds",
}
self.state = INJECTED
if False and self.state == INIT:
fe.log(f"injecting against {self.target_proc}")
self.state = INJECTED
errors = []
for address, info in self.symbols.items():
if "do_log" != info["func_name"]:
fe.log(f"skipping {info['func_name']}")
continue
bp_addr = self.target_proc["text_start"] + address
pid = self.target_proc["pid"]
fe.log(f"installing bp at {bp_addr:x} for {address}:{info}")
e = {
"event_type": fe.INT,
"sync": fe.SYNC,
"bp_pid": pid,
"bp_addr": bp_addr,
"callback": self.int_callback,
}
try:
eid = fe.event_register(e)
except Exception:
fe.log(f"could not inject at {info['func_name']}")
errors.append(info["func_name"])
else:
self.events[eid] = address
fe.log(f"event is {eid}")
fe.log(f"done, errors: {errors}")
if self.tick == 15:
fe.log("shutting down")
fe.events_stop()
for eid, address in self.events.items():
fe.log(f"clearing {eid}: {self.symbols[address]['func_name']}")
fe.event_clear(eid)
self.events = {}
print(f"formats: {self.fmts}")
print(f"users: {self.users}")
fe.exit()
fe.log(f"tick {self.tick}")
self.tick += 1
self.last = now