[None, {
"pEThread": [None, ["Pointer", dict(target="_ETHREAD")]],
}],
"tagHOOK": [
None, {
"flags": [
None,
[
"Flags",
dict(bitmap=utils.MaskMapFromDefines("""
// 9/18/2011
// http://forum.sysinternals.com/enumerate-windows-hooks_topic23877.html#122641
#define HF_GLOBAL 0x0001
#define HF_ANSI 0x0002
#define HF_NEEDHC_SKIP 0x0004
#define HF_HUNG 0x0008
#define HF_HOOKFAULTED 0x0010
#define HF_NOPLAYBACKDELAY 0x0020
#define HF_WX86KNOWINDOWLL 0x0040
#define HF_DESTROYED 0x0080
// mask for valid flags
#define HF_VALID 0x00FF
"""))
]
],
}
],
"_HANDLEENTRY": [
None, {
"pOwner": [None, ["Pointer",
dict(target="tagTHREADINFO")]],
"bFlags": [
"filedesc": [None, {
# Defined here:
# https://github.com/opensource-apple/xnu/blob/10.9/bsd/sys/filedesc.h#L113
"fd_ofileflags": [None, ["Pointer", dict(
target="Array",
target_args=dict(
target="Flags",
target_args=dict(
target="unsigned char",
maskmap=utils.MaskMapFromDefines("""
/*
* Per-process open flags.
*/
#define UF_EXCLOSE 0x01 /* auto-close on exec */
#define UF_FORKCLOSE 0x02 /* auto-close on fork */
#define UF_RESERVED 0x04 /* open pending / in progress */
#define UF_CLOSING 0x08 /* close in progress */
#define UF_RESVWAIT 0x10 /* close in progress */
#define UF_INHERIT 0x20 /* "inherit-on-exec" */
"""
))))]],
"fd_ofiles": [None, ["Pointer", dict(
target="Array",
target_args=dict(
target="Pointer",
count=lambda x: x.fd_lastfile,
target_args=dict(
target="fileproc"
)
linux_overlay = {
'task_struct': [
None,
{
'state': [
None,
[
'Flags',
dict(maskmap=utils.MaskMapFromDefines("""
# From http://lxr.free-electrons.com/source/include/linux/sched.h#L207
#define TASK_RUNNING 0
#define TASK_INTERRUPTIBLE 1
#define TASK_UNINTERRUPTIBLE 2
#define TASK_STOPPED 4
#define TASK_TRACED 8
#define TASK_DEAD 64
#define TASK_WAKEKILL 128
#define TASK_WAKING 256
#define TASK_PARKED 512
#define TASK_STATE_MAX 1024
"""))
]
],
'exit_state': [
None,
[
'Flags',
dict(maskmap=utils.MaskMapFromDefines("""
# From http://lxr.free-electrons.com/source/include/linux/sched.h#L207
/* in tsk->exit_state */
'Flags',
dict(maskmap=utils.MaskMapFromDefines("""
http://lxr.free-electrons.com/source/include/linux/if.h?v=2.6.32#L31
/* Standard interface flags (netdevice->flags). */
30 #define IFF_UP 0x1 /* interface is up */
31 #define IFF_BROADCAST 0x2 /* broadcast address valid */
32 #define IFF_DEBUG 0x4 /* turn on debugging */
33 #define IFF_LOOPBACK 0x8 /* is a loopback net */
34 #define IFF_POINTOPOINT 0x10 /* interface is has p-p link */
35 #define IFF_NOTRAILERS 0x20 /* avoid use of trailers */
36 #define IFF_RUNNING 0x40 /* interface RFC2863 OPER_UP */
37 #define IFF_NOARP 0x80 /* no ARP protocol */
38 #define IFF_PROMISC 0x100 /* receive all packets */
39 #define IFF_ALLMULTI 0x200 /* receive all multicast packets*/
40
41 #define IFF_MASTER 0x400 /* master of a load balancer */
42 #define IFF_SLAVE 0x800 /* slave of a load balancer */
43
44 #define IFF_MULTICAST 0x1000 /* Supports multicast */
45
46 #define IFF_PORTSEL 0x2000 /* can set media type */
47 #define IFF_AUTOMEDIA 0x4000 /* auto media select active */
48 #define IFF_DYNAMIC 0x8000 /* dialup device with changing addresses*/
49
50 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
51 #define IFF_DORMANT 0x20000 /* driver signals dormant */
52
53 #define IFF_ECHO 0x40000 /* echo sent packets */
"""))
]
