def calculate(self):
common.set_plugin_members(self)
msgbuf_ptr = obj.Object("Pointer", offset = self.addr_space.profile.get_symbol("_msgbufp"), vm = self.addr_space)
msgbufp = msgbuf_ptr.dereference_as("msgbuf")
bufx = msgbufp.msg_bufx
size = msgbufp.msg_size
bufc = self.addr_space.read(msgbufp.msg_bufc, size)
if bufc[bufx] == 0 and bufc[0] != 0:
## FIXME: can we do this without get_string?
buf = common.get_string(bufc, self.addr_space)
else:
if bufx > size:
bufx = 0
# older messages
buf = bufc[bufx:bufx + size]
buf = buf + bufc[0:bufx]
# strip leading NULLs
while ord(buf[0]) == 0x00:
buf = buf[1:]
yield buf
def _parse_global_variable_sysctls(self, name):
known_sysctls = {"hostname": "_hostname", "nisdomainname": "_domainname"}
if name in known_sysctls:
var_name = known_sysctls[name]
var_addr = self.addr_space.profile.get_symbol(var_name)
var_str = common.get_string(var_addr, self.addr_space)
else:
var_str = ""
return var_str
def _parse_global_variable_sysctls(self, name):
known_sysctls = {
"hostname": "_hostname",
"nisdomainname": "_domainname",
}
if name in known_sysctls:
var_name = known_sysctls[name]
var_addr = self.addr_space.profile.get_symbol(var_name)
var_str = common.get_string(var_addr, self.addr_space)
else:
var_str = ""
return var_str
def _process_sysctl_list(self, sysctl_list, r=0):
if type(sysctl_list) == obj.Pointer:
sysctl_list = sysctl_list.dereference_as("sysctl_oid_list")
sysctl = sysctl_list.slh_first
# skip the head entry if new list (recursive call)
if r:
sysctl = sysctl.oid_link.sle_next
while sysctl and sysctl.is_valid():
name = sysctl.oid_name.dereference()
if len(name) == 0:
break
name = str(name)
ctltype = sysctl.get_ctltype()
if sysctl.oid_arg1 == 0 or not sysctl.oid_arg1.is_valid():
val = self._parse_global_variable_sysctls(name)
elif ctltype == 'CTLTYPE_NODE':
if sysctl.oid_handler == 0:
for info in self._process_sysctl_list(sysctl.oid_arg1,
r=1):
yield info
val = "Node"
elif ctltype in ['CTLTYPE_INT', 'CTLTYPE_QUAD', 'CTLTYPE_OPAQUE']:
val = sysctl.oid_arg1.dereference()
elif ctltype == 'CTLTYPE_STRING':
## FIXME: can we do this without get_string?
val = common.get_string(sysctl.oid_arg1, self.addr_space)
else:
val = ctltype
yield (sysctl, name, val)
sysctl = sysctl.oid_link.sle_next
def _process_sysctl_list(self, sysctl_list, r = 0):
if type(sysctl_list) == obj.Pointer:
sysctl_list = sysctl_list.dereference_as("sysctl_oid_list")
sysctl = sysctl_list.slh_first
# skip the head entry if new list (recursive call)
if r:
sysctl = sysctl.oid_link.sle_next
while sysctl and sysctl.is_valid():
name = sysctl.oid_name.dereference()
if len(name) == 0:
break
name = str(name)
ctltype = sysctl.get_ctltype()
if sysctl.oid_arg1 == 0 or not sysctl.oid_arg1.is_valid():
val = self._parse_global_variable_sysctls(name)
elif ctltype == 'CTLTYPE_NODE':
if sysctl.oid_handler == 0:
for info in self._process_sysctl_list(sysctl.oid_arg1, r = 1):
yield info
val = "Node"
elif ctltype in ['CTLTYPE_INT', 'CTLTYPE_QUAD', 'CTLTYPE_OPAQUE']:
val = sysctl.oid_arg1.dereference()
elif ctltype == 'CTLTYPE_STRING':
## FIXME: can we do this without get_string?
val = common.get_string(sysctl.oid_arg1, self.addr_space)
else:
val = ctltype
yield (sysctl, name, val)
sysctl = sysctl.oid_link.sle_next