403WebShell

h( )($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms��Sb�,;R''6c2I�!\��kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K��x)1�6@r*2�89ma��&��'ti��{~#��t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1��w�r��l&-t*3�<<�u��#��j&.u��J68\8?"#$%&'()*+,-./0 !
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell403Webshell

Server IP : 10.254.12.21 / Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON
Directory : /var/opt/eset/efs/eventd/eset_rtp/

Upload File :

[ Back ]

Current File : /var/opt/eset/efs/eventd/eset_rtp/ertp_syscalls.h

/*
 * eset_rtp (ESET Real-time file system protection module)
 * Copyright (C) 1992-2021 ESET, spol. s r.o.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * In case of any questions, you can contact us at ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovakia.
 */

#ifndef _ERTP_SYSCALLS_H

#define _ERTP_SYSCALLS_H

#include <linux/version.h>

enum ertp_syscall_no {
	ERTP_SYSCALL_open = 0,
	ERTP_SYSCALL_openat,
	ERTP_SYSCALL_close,
	ERTP_SYSCALL_exit,
	ERTP_SYSCALL_exit_group,
	ERTP_SYSCALL_execve,
	ERTP_SYSCALL_dup2,
	ERTP_SYSCALL_dup3,
	ERTP_SYSCALL_unlink,
	ERTP_SYSCALL_unlinkat,
	ERTP_SYSCALL_rename,
	ERTP_SYSCALL_renameat,
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,15,0))
	ERTP_SYSCALL_renameat2,
#endif
	ERTP_SYSCALL_mmap,

	N_ERTP_SYSCALLS
};

typedef void *syscall_ptr_t;

struct ertp_hook_pair {
	syscall_ptr_t original_call;
	syscall_ptr_t hooked_call;
};

struct ertp_sys_hook {
	struct ertp_hook_pair x86_64;
	struct ertp_hook_pair ia32;
	struct ertp_hook_pair x32;
};

extern struct ertp_sys_hook ertp_hooks[N_ERTP_SYSCALLS];

extern const int ERTP_SYSCALL_NUMBERS_64[N_ERTP_SYSCALLS];
#ifdef CONFIG_IA32_EMULATION
extern const int ERTP_SYSCALL_NUMBERS_32[N_ERTP_SYSCALLS];
#endif
#ifdef CONFIG_X86_X32
extern const int ERTP_SYSCALL_NUMBERS_X32[N_ERTP_SYSCALLS];
#endif

/** ertp_sys_hooks_init - initialize hooks
 *
 * @k32: address of 32-bit kernel syscalls table
 * @k64: address of 64-bit kernel syscalls table
 */
int ertp_sys_hooks_init(unsigned long k32, unsigned long k64);

/** ertp_sys_hooks_unload - unload all registered hooks
 *
 * @note keep syscall table addresses valid
 * (for threads already in handlers to be able to call orig. syscalls)
 */
void ertp_sys_hooks_unload(void);

/** ertp_sys_hook_register - override syscall by hook
 *
 * @number: ertp syscall number, from enum ertp_syscall_no
 * @_32bit: whether override 32-bit syscall table entry
 * @_64bit: whether override 64-bit syscall table entry
 * @func: hook which should override specified syscall
 */
int ertp_sys_hook_register(enum ertp_syscall_no number, void *func64, void *func32, void *funcx32);

/** ertp_sys_hook_unregister - unregister specified hook */
void ertp_sys_hook_unregister(enum ertp_syscall_no number);

#define ertp_sys_hook_original64(number) (ertp_hooks[number].x86_64.original_call)
#define ertp_sys_hook_original32(number) (ertp_hooks[number].ia32.original_call)
#define ertp_sys_hook_originalx32(number) (ertp_hooks[number].x32.original_call)

#endif /* _ERTP_SYSCALLS_H */

Youez - 2016 - github.com/yon3zu
LinuXploit