diff --git a/.travis.yml b/.travis.yml index baf76f961..6b4ebba89 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,7 +19,7 @@ before_install: - cd volatility && python setup.py build && sudo python setup.py install - cd .. -script: "./autogen.sh; ./configure; make clean; make" +script: "./autogen.sh; ./configure --enable-debug; make clean; make" env: global: diff --git a/src/Makefile.am b/src/Makefile.am index 8279c24c7..1b0e96451 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -100,7 +100,7 @@ # DRAKVUF, and also available from # # https://github.com/tklengyel/drakvuf/COPYING) # # # -#*************************************************************************# +#*************************************************************************# bin_PROGRAMS = drakvuf xen_memclone injector @@ -127,10 +127,10 @@ endif # Note that -pg is incompatible with HARDENING if DEBUG -AM_CFLAGS += -DDRAKVUF_DEBUG -Wall -Wextra -Wno-override-init -Wno-strict-aliasing -g -ggdb3 -AM_CFLAGS += -Wno-unused-parameter -Wno-unused-but-set-variable -Wno-unused-variable -AM_CPPFLAGS += -DDRAKVUF_DEBUG -Wall -Wextra -Wno-strict-aliasing -g -ggdb3 -AM_CPPFLAGS += -Wno-unused-parameter -Wno-unused-variable +AM_CFLAGS += -DDRAKVUF_DEBUG -Werror -Wall -Wextra -g -ggdb3 +AM_CFLAGS += -Wno-missing-field-initializers +AM_CPPFLAGS += -DDRAKVUF_DEBUG -Werror -Wall -Wextra -g -ggdb3 +AM_CPPFLAGS += -Wno-missing-field-initializers if !HARDENING AM_CFLAGS += -pg AM_CPPFLAGS += -pg diff --git a/src/dirwatch/Makefile.am b/src/dirwatch/Makefile.am index 43855a7da..76e3b2016 100644 --- a/src/dirwatch/Makefile.am +++ b/src/dirwatch/Makefile.am @@ -100,12 +100,13 @@ # DRAKVUF, and also available from # # https://github.com/tklengyel/drakvuf/COPYING) # # # -#*************************************************************************# +#*************************************************************************# bin_PROGRAMS = dirwatch dirwatch_SOURCES = dirwatch.c dirwatch_LDADD = ../xen_helper/libxenhelper.la -AM_CFLAGS = $(CFLAGS) $(GLIB_CFLAGS) +AM_CFLAGS = -Werror -Wall -Wextra $(CFLAGS) $(GLIB_CFLAGS) +AM_CFLAGS += -Wno-missing-field-initializers diff --git a/src/dirwatch/dirwatch.c b/src/dirwatch/dirwatch.c index b3474fc8f..e4d549504 100755 --- a/src/dirwatch/dirwatch.c +++ b/src/dirwatch/dirwatch.c @@ -121,6 +121,8 @@ #define CLEANUP_CMD "%s %u %u" #define TCPDUMP_CMD "%s %u %s %s %s" +#define UNUSED(x) (void)(x) + struct start_drakvuf { int threadid; domid_t cloneID; @@ -142,18 +144,16 @@ static const char *config_script; static const char *drakvuf_script; static const char *cleanup_script; static const char *tcpdump_script; -static const char *name; -static domid_t domID; static uint32_t threads; static uint32_t injection_pid; static GMutex locks[128]; static GMutex prepare_lock; + xen_interface_t *xen; static void -make_clone(xen_interface_t *xen, domid_t *cloneID, - uint16_t vlan, char **clone_name) +make_clone(xen_interface_t *xen, domid_t *cloneID, uint16_t vlan, char **clone_name) { char *command = g_malloc0(snprintf(NULL, 0, CLONE_CMD, clone_script, domain_name, vlan, domain_config) + 1); sprintf(command, CLONE_CMD, clone_script, domain_name, vlan, domain_config); @@ -179,7 +179,7 @@ gpointer tcpdump(gpointer data) { static inline int find_thread() { - int i=0; + unsigned int i=0; for (;ithreadid, start->input, start->cloneID); @@ -348,7 +346,8 @@ int main(int argc, char** argv) { DIR *dir; struct dirent *ent; - int i, ret = 1, processed = 0; + unsigned int i, processed = 0; + int ret = 0; if(argc!=14) { printf("Not enough arguments: %i!\n", argc); @@ -408,21 +407,23 @@ int main(int argc, char** argv) closedir (dir); } else { printf("Failed to open target folder!\n"); - goto exit; + ret = 1; + break; } if (!processed) { printf("Run folder is empty, waiting for file creation\n"); int l = read( fd, buffer, sizeof(struct inotify_event) + NAME_MAX + 1 ); + if ( l <= 0 ) { + ret = 1; + break; + } } } while(1); inotify_rm_watch( fd, wd ); close(fd); - ret = 0; - -exit: g_thread_pool_free(pool, FALSE, TRUE); g_mutex_clear(&prepare_lock); diff --git a/src/libdrakvuf/Makefile.am b/src/libdrakvuf/Makefile.am index d61ab4417..c89b606ad 100644 --- a/src/libdrakvuf/Makefile.am +++ b/src/libdrakvuf/Makefile.am @@ -100,7 +100,7 @@ # DRAKVUF, and also available from # # https://github.com/tklengyel/drakvuf/COPYING) # # # -#*************************************************************************# +#*************************************************************************# h_sources = libdrakvuf.h c_sources = drakvuf.c win-exports.c vmi.c win-symbols.c win-handles.c win-processes.c @@ -116,8 +116,8 @@ endif # Note that -pg is incompatible with HARDENING if DEBUG -AM_CFLAGS += -DDRAKVUF_DEBUG -Wall -Wextra -Wno-override-init -Wno-strict-aliasing -g -ggdb3 -AM_CFLAGS += -Wno-unused-parameter -Wno-unused-but-set-variable -Wno-unused-variable +AM_CFLAGS += -DDRAKVUF_DEBUG -Werror -Wall -Wextra -g -ggdb3 +AM_CFLAGS += -Wno-missing-field-initializers if !HARDENING AM_CFLAGS += -pg endif diff --git a/src/libdrakvuf/drakvuf.c b/src/libdrakvuf/drakvuf.c index dd082be9e..1d5276513 100644 --- a/src/libdrakvuf/drakvuf.c +++ b/src/libdrakvuf/drakvuf.c @@ -109,6 +109,7 @@ #include "private.h" #include "win-symbols.h" #include "win-exports.h" +#include "win-offsets.h" #ifdef DRAKVUF_DEBUG bool verbose = 0; @@ -125,10 +126,11 @@ void drakvuf_close(drakvuf_t drakvuf) { if (drakvuf->xen) xen_free_interface(drakvuf->xen); + g_free(drakvuf->offsets); g_mutex_clear(&drakvuf->vmi_lock); - free(drakvuf->dom_name); - free(drakvuf->rekall_profile); - free(drakvuf); + g_free(drakvuf->dom_name); + g_free(drakvuf->rekall_profile); + g_free(drakvuf); } bool drakvuf_init(drakvuf_t *drakvuf, const char *domain, const char *rekall_profile, bool _verbose) { @@ -153,6 +155,8 @@ bool drakvuf_init(drakvuf_t *drakvuf, const char *domain, const char *rekall_pro if ( (*drakvuf)->domID == test ) goto err; + (*drakvuf)->offsets = g_malloc0(sizeof(addr_t) * OFFSET_MAX); + if (!init_vmi(*drakvuf)) goto err; diff --git a/src/libdrakvuf/private.h b/src/libdrakvuf/private.h index 1d37f3700..51c49b1eb 100644 --- a/src/libdrakvuf/private.h +++ b/src/libdrakvuf/private.h @@ -123,16 +123,18 @@ extern bool verbose; -#define PRINT_DEBUG(args...) \ +#define PRINT_DEBUG(...) \ do { \ - if(verbose) fprintf (stderr, args); \ + if(verbose) fprintf (stderr, __VA_ARGS__); \ } while (0) #else -#define PRINT_DEBUG(args...) \ +#define PRINT_DEBUG(...) \ do {} while(0) #endif +#define UNUSED(x) (void)(x) + struct drakvuf { char *dom_name; domid_t domID; @@ -152,7 +154,7 @@ struct drakvuf { vmi_event_t mem_event; vmi_event_t *step_event[16]; - size_t offsets[OFFSET_MAX]; + size_t *offsets; // Processing trap removals in trap callbacks // is problematic so we save all such requests diff --git a/src/libdrakvuf/vmi.c b/src/libdrakvuf/vmi.c index f3435b7b3..b95c0111f 100644 --- a/src/libdrakvuf/vmi.c +++ b/src/libdrakvuf/vmi.c @@ -123,14 +123,17 @@ #include "libdrakvuf.h" #include "win-symbols.h" #include "vmi.h" +#include "win-offsets.h" +#include "win-offsets-map.h" -static uint8_t bp = 0xCC; +static uint8_t bp = TRAP; /* * This function gets called from the singlestep event * after an int3 or a read event happens. */ event_response_t vmi_reset_trap(vmi_instance_t vmi, vmi_event_t *event) { + UNUSED(vmi); drakvuf_t drakvuf = event->data; PRINT_DEBUG("reset trap, switching %u->%u\n", event->slat_id, drakvuf->altp2m_idx); event->slat_id = drakvuf->altp2m_idx; @@ -163,7 +166,7 @@ void process_free_requests(drakvuf_t drakvuf) { /* Here we are in singlestep mode already and this is a singlstep cb */ event_response_t post_mem_cb(vmi_instance_t vmi, vmi_event_t *event) { - + UNUSED(vmi); struct memcb_pass *pass = event->data; drakvuf_t drakvuf = pass->drakvuf; struct wrapper *s = @@ -260,7 +263,7 @@ event_response_t post_mem_cb(vmi_instance_t vmi, vmi_event_t *event) { /* This hits on the first access on a page, so not in singlestep yet */ event_response_t pre_mem_cb(vmi_instance_t vmi, vmi_event_t *event) { - + UNUSED(vmi); drakvuf_t drakvuf = event->data; struct wrapper *s = g_hash_table_lookup(drakvuf->memaccess_lookup_gfn, &event->mem_event.gfn); @@ -304,7 +307,7 @@ event_response_t pre_mem_cb(vmi_instance_t vmi, vmi_event_t *event) { /* We need to call breakpoint handlers registered for this physical address */ if (event->mem_event.out_access & VMI_MEMACCESS_X) { struct wrapper *sbp = g_hash_table_lookup(drakvuf->breakpoint_lookup_pa, &s->memaccess.pa); - + if (sbp) { PRINT_DEBUG("Simulated INT3 event vCPU %u altp2m:%u CR3: 0x%"PRIx64" PA=0x%"PRIx64" RIP=0x%"PRIx64"\n", event->vcpu_id, event->slat_id, event->regs.x86->cr3, s->memaccess.pa, event->regs.x86->rip); @@ -367,9 +370,8 @@ event_response_t pre_mem_cb(vmi_instance_t vmi, vmi_event_t *event) { } event_response_t int3_cb(vmi_instance_t vmi, vmi_event_t *event) { - + UNUSED(vmi); reg_t cr3 = event->regs.x86->cr3; - drakvuf_t drakvuf = event->data; addr_t pa = (event->interrupt_event.gfn << 12) + event->interrupt_event.offset + event->interrupt_event.insn_length - 1; @@ -438,6 +440,7 @@ event_response_t int3_cb(vmi_instance_t vmi, vmi_event_t *event) { } event_response_t cr3_cb(vmi_instance_t vmi, vmi_event_t *event) { + UNUSED(vmi); drakvuf_t drakvuf = (drakvuf_t)event->data; #ifdef DRAKVUF_DEBUG diff --git a/src/libdrakvuf/vmi.h b/src/libdrakvuf/vmi.h index 1f2293035..1d511aa7f 100644 --- a/src/libdrakvuf/vmi.h +++ b/src/libdrakvuf/vmi.h @@ -119,127 +119,6 @@ g_hash_table_iter_init(&i, table); \ while(g_hash_table_iter_next(&i,(void**)&key,(void**)&val)) -#define NOW(ts) \ - do { \ - GTimeVal __now; \ - g_get_current_time(&__now); \ - *ts = g_time_val_to_iso8601(&__now); \ - } while(0) - -enum offset { - KIINITIALPCR, - - EPROCESS_PID, - EPROCESS_PDBASE, - EPROCESS_PNAME, - EPROCESS_TASKS, - EPROCESS_PEB, - EPROCESS_OBJECTTABLE, - EPROCESS_PCB, - - KPROCESS_HEADER, - - PEB_IMAGEBASADDRESS, - PEB_LDR, - - PEB_LDR_DATA_INLOADORDERMODULELIST, - - LDR_DATA_TABLE_ENTRY_DLLBASE, - LDR_DATA_TABLE_ENTRY_SIZEOFIMAGE, - LDR_DATA_TABLE_ENTRY_BASEDLLNAME, - - FILE_OBJECT_DEVICEOBJECT, - FILE_OBJECT_READACCESS, - FILE_OBJECT_WRITEACCESS, - FILE_OBJECT_DELETEACCESS, - FILE_OBJECT_FILENAME, - - HANDLE_TABLE_HANDLECOUNT, - - KPCR_PRCB, - KPCR_PRCBDATA, - KPRCB_CURRENTTHREAD, - - KTHREAD_PROCESS, - KTHREAD_INITIALSTACK, - KTHREAD_STACKLIMIT, - KTHREAD_APCSTATE, - KTHREAD_TRAPFRAME, - KTHREAD_APCQUEUEABLE, - KTHREAD_PREVIOUSMODE, - KTHREAD_HEADER, - - KTRAP_FRAME_RIP, - - KAPC_APCLISTENTRY, - - ETHREAD_CID, - ETHREAD_TCB, - CLIENT_ID_UNIQUETHREAD, - - OBJECT_HEADER_TYPEINDEX, - OBJECT_HEADER_BODY, - - UNICODE_STRING_LENGTH, - UNICODE_STRING_BUFFER, - - POOL_HEADER_BLOCKSIZE, - POOL_HEADER_POOLTYPE, - POOL_HEADER_POOLTAG, - - DISPATCHER_TYPE, - - OFFSET_MAX -}; - -static const char *offset_names[OFFSET_MAX][2] = { - [KIINITIALPCR] = { "KiInitialPCR", NULL }, - [EPROCESS_PID] = { "_EPROCESS", "UniqueProcessId" }, - [EPROCESS_PDBASE] = { "_KPROCESS", "DirectoryTableBase" }, - [EPROCESS_PNAME] = { "_EPROCESS", "ImageFileName" }, - [EPROCESS_TASKS] = { "_EPROCESS", "ActiveProcessLinks" }, - [EPROCESS_PEB] = { "_EPROCESS", "Peb" }, - [EPROCESS_OBJECTTABLE] = {"_EPROCESS", "ObjectTable" }, - [EPROCESS_PCB] = { "_EPROCESS", "Pcb" }, - [KPROCESS_HEADER] = { "_KPROCESS", "Header" }, - [PEB_IMAGEBASADDRESS] = { "_PEB", "ImageBaseAddress" }, - [PEB_LDR] = { "_PEB", "Ldr" }, - [PEB_LDR_DATA_INLOADORDERMODULELIST] = {"_PEB_LDR_DATA", "InLoadOrderModuleList" }, - [LDR_DATA_TABLE_ENTRY_DLLBASE] = { "_LDR_DATA_TABLE_ENTRY", "DllBase" }, - [LDR_DATA_TABLE_ENTRY_SIZEOFIMAGE] = { "_LDR_DATA_TABLE_ENTRY", "SizeOfImage" }, - [LDR_DATA_TABLE_ENTRY_BASEDLLNAME] = { "_LDR_DATA_TABLE_ENTRY", "BaseDllName" }, - [FILE_OBJECT_DEVICEOBJECT] = {"_FILE_OBJECT", "DeviceObject" }, - [FILE_OBJECT_READACCESS] = {"_FILE_OBJECT", "ReadAccess" }, - [FILE_OBJECT_WRITEACCESS] = {"_FILE_OBJECT", "WriteAccess" }, - [FILE_OBJECT_DELETEACCESS] = {"_FILE_OBJECT", "DeleteAccess" }, - [FILE_OBJECT_FILENAME] = {"_FILE_OBJECT", "FileName"}, - [HANDLE_TABLE_HANDLECOUNT] = {"_HANDLE_TABLE", "HandleCount" }, - [KPCR_PRCB] = {"_KPCR", "Prcb" }, - [KPCR_PRCBDATA] = {"_KPCR", "PrcbData" }, - [KPRCB_CURRENTTHREAD] = { "_KPRCB", "CurrentThread" }, - [KTHREAD_PROCESS] = {"_KTHREAD", "Process" }, - [KTHREAD_INITIALSTACK] = {"_KTHREAD", "InitialStack"}, - [KTHREAD_STACKLIMIT] = {"_KTHREAD", "StackLimit"}, - [KTHREAD_TRAPFRAME] = {"_KTHREAD", "TrapFrame" }, - [KTHREAD_APCSTATE] = {"_KTHREAD", "ApcState" }, - [KTHREAD_APCQUEUEABLE] = {"_KTHREAD", "ApcQueueable"}, - [KTHREAD_PREVIOUSMODE] = { "_KTHREAD", "PreviousMode" }, - [KTHREAD_HEADER] = { "_KTHREAD", "Header" }, - [KAPC_APCLISTENTRY] = {"_KAPC", "ApcListEntry" }, - [KTRAP_FRAME_RIP] = {"_KTRAP_FRAME", "Rip" }, - [ETHREAD_CID] = {"_ETHREAD", "Cid" }, - [ETHREAD_TCB] = { "_ETHREAD", "Tcb" }, - [CLIENT_ID_UNIQUETHREAD] = {"_CLIENT_ID", "UniqueThread" }, - [OBJECT_HEADER_TYPEINDEX] = { "_OBJECT_HEADER", "TypeIndex" }, - [OBJECT_HEADER_BODY] = { "_OBJECT_HEADER", "Body" }, - [UNICODE_STRING_LENGTH] = {"_UNICODE_STRING", "Length" }, - [UNICODE_STRING_BUFFER] = {"_UNICODE_STRING", "Buffer" }, - [POOL_HEADER_BLOCKSIZE] = {"_POOL_HEADER", "BlockSize" }, - [POOL_HEADER_POOLTYPE] = {"_POOL_HEADER", "PoolType" }, - [POOL_HEADER_POOLTAG] = {"_POOL_HEADER", "PoolTag" }, - [DISPATCHER_TYPE] = { "_DISPATCHER_HEADER", "Type" }, -}; - bool init_vmi(drakvuf_t drakvuf); void close_vmi(drakvuf_t drakvuf); diff --git a/src/libdrakvuf/win-exports.c b/src/libdrakvuf/win-exports.c index efaf03e71..4ac95372f 100644 --- a/src/libdrakvuf/win-exports.c +++ b/src/libdrakvuf/win-exports.c @@ -118,6 +118,7 @@ #include "private.h" #include "win-exports.h" +#include "win-offsets.h" #define MAX_HEADER_SIZE 1024 @@ -181,7 +182,7 @@ modlist_sym2va(drakvuf_t drakvuf, addr_t list_head, access_context_t *ctx, } addr_t eprocess_sym2va (drakvuf_t drakvuf, addr_t eprocess_base, const char *mod_name, const char *symbol) { - addr_t peb, ldr, inloadorder, dtb, ret = 0; + addr_t peb, ldr, inloadorder, ret = 0; access_context_t ctx = { .translate_mechanism = VMI_TM_PROCESS_DTB, }; diff --git a/src/libdrakvuf/win-handles.c b/src/libdrakvuf/win-handles.c index f08bfcd6b..1db4861ba 100644 --- a/src/libdrakvuf/win-handles.c +++ b/src/libdrakvuf/win-handles.c @@ -111,6 +111,7 @@ #include #include "private.h" +#include "win-offsets.h" /* this should work for both 32 and 64bit */ #define EX_FAST_REF_MASK 7 diff --git a/src/libdrakvuf/win-offsets-map.h b/src/libdrakvuf/win-offsets-map.h new file mode 100644 index 000000000..5f2ae5970 --- /dev/null +++ b/src/libdrakvuf/win-offsets-map.h @@ -0,0 +1,159 @@ +/*********************IMPORTANT DRAKVUF LICENSE TERMS*********************** + * * + * DRAKVUF (C) 2014-2016 Tamas K Lengyel. * + * Tamas K Lengyel is hereinafter referred to as the author. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed DRAKVUF technology into proprietary * + * software, alternative licenses can be aquired from the author. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * DRAKVUF with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * DRAKVUF or grant special permissions to use it in other open source * + * software. Please contact tamas.k.lengyel@gmail.com with any such * + * requests. Similarly, we don't incorporate incompatible open source * + * software into Covered Software without special permission from the * + * copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * DRAKVUF in other works, are happy to help. As mentioned above, * + * alternative license can be requested from the author to integrate * + * DRAKVUF into proprietary applications and appliances. Please email * + * tamas.k.lengyel@gmail.com for further information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port DRAKVUF to new platforms, fix bugs, * + * and add new features. You are highly encouraged to submit your changes * + * on https://github.com/tklengyel/drakvuf, or by other methods. * + * By sending these changes, it is understood (unless you specify * + * otherwise) that you are offering unlimited, non-exclusive right to * + * reuse, modify, and relicense the code. DRAKVUF will always be * + * available Open Source, but this is important because the inability to * + * relicense code has caused devastating problems for other Free Software * + * projects (such as KDE and NASM). * + * To specify special license conditions of your contributions, just say * + * so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the DRAKVUF * + * license file for more details (it's in a COPYING file included with * + * DRAKVUF, and also available from * + * https://github.com/tklengyel/drakvuf/COPYING) * + * * + ***************************************************************************/ + +#ifndef WIN_OFFSETS_MAP_H +#define WIN_OFFSETS_MAP_H + +/* + * Map offset enums to actual structure+member or global variable/function names. + */ +static const char *offset_names[OFFSET_MAX][2] = { + [KIINITIALPCR] = { "KiInitialPCR", NULL }, + [EPROCESS_PID] = { "_EPROCESS", "UniqueProcessId" }, + [EPROCESS_PDBASE] = { "_KPROCESS", "DirectoryTableBase" }, + [EPROCESS_PNAME] = { "_EPROCESS", "ImageFileName" }, + [EPROCESS_TASKS] = { "_EPROCESS", "ActiveProcessLinks" }, + [EPROCESS_PEB] = { "_EPROCESS", "Peb" }, + [EPROCESS_OBJECTTABLE] = {"_EPROCESS", "ObjectTable" }, + [EPROCESS_PCB] = { "_EPROCESS", "Pcb" }, + [KPROCESS_HEADER] = { "_KPROCESS", "Header" }, + [PEB_IMAGEBASADDRESS] = { "_PEB", "ImageBaseAddress" }, + [PEB_LDR] = { "_PEB", "Ldr" }, + [PEB_LDR_DATA_INLOADORDERMODULELIST] = {"_PEB_LDR_DATA", "InLoadOrderModuleList" }, + [LDR_DATA_TABLE_ENTRY_DLLBASE] = { "_LDR_DATA_TABLE_ENTRY", "DllBase" }, + [LDR_DATA_TABLE_ENTRY_SIZEOFIMAGE] = { "_LDR_DATA_TABLE_ENTRY", "SizeOfImage" }, + [LDR_DATA_TABLE_ENTRY_BASEDLLNAME] = { "_LDR_DATA_TABLE_ENTRY", "BaseDllName" }, + [FILE_OBJECT_DEVICEOBJECT] = {"_FILE_OBJECT", "DeviceObject" }, + [FILE_OBJECT_READACCESS] = {"_FILE_OBJECT", "ReadAccess" }, + [FILE_OBJECT_WRITEACCESS] = {"_FILE_OBJECT", "WriteAccess" }, + [FILE_OBJECT_DELETEACCESS] = {"_FILE_OBJECT", "DeleteAccess" }, + [FILE_OBJECT_FILENAME] = {"_FILE_OBJECT", "FileName"}, + [HANDLE_TABLE_HANDLECOUNT] = {"_HANDLE_TABLE", "HandleCount" }, + [KPCR_PRCB] = {"_KPCR", "Prcb" }, + [KPCR_PRCBDATA] = {"_KPCR", "PrcbData" }, + [KPRCB_CURRENTTHREAD] = { "_KPRCB", "CurrentThread" }, + [KTHREAD_PROCESS] = {"_KTHREAD", "Process" }, + [KTHREAD_INITIALSTACK] = {"_KTHREAD", "InitialStack"}, + [KTHREAD_STACKLIMIT] = {"_KTHREAD", "StackLimit"}, + [KTHREAD_TRAPFRAME] = {"_KTHREAD", "TrapFrame" }, + [KTHREAD_APCSTATE] = {"_KTHREAD", "ApcState" }, + [KTHREAD_APCQUEUEABLE] = {"_KTHREAD", "ApcQueueable"}, + [KTHREAD_PREVIOUSMODE] = { "_KTHREAD", "PreviousMode" }, + [KTHREAD_HEADER] = { "_KTHREAD", "Header" }, + [KAPC_APCLISTENTRY] = {"_KAPC", "ApcListEntry" }, + [KTRAP_FRAME_RIP] = {"_KTRAP_FRAME", "Rip" }, + [ETHREAD_CID] = {"_ETHREAD", "Cid" }, + [ETHREAD_TCB] = { "_ETHREAD", "Tcb" }, + [CLIENT_ID_UNIQUETHREAD] = {"_CLIENT_ID", "UniqueThread" }, + [OBJECT_HEADER_TYPEINDEX] = { "_OBJECT_HEADER", "TypeIndex" }, + [OBJECT_HEADER_BODY] = { "_OBJECT_HEADER", "Body" }, + [UNICODE_STRING_LENGTH] = {"_UNICODE_STRING", "Length" }, + [UNICODE_STRING_BUFFER] = {"_UNICODE_STRING", "Buffer" }, + [POOL_HEADER_BLOCKSIZE] = {"_POOL_HEADER", "BlockSize" }, + [POOL_HEADER_POOLTYPE] = {"_POOL_HEADER", "PoolType" }, + [POOL_HEADER_POOLTAG] = {"_POOL_HEADER", "PoolTag" }, + [DISPATCHER_TYPE] = { "_DISPATCHER_HEADER", "Type" }, +}; + +#endif diff --git a/src/libdrakvuf/win-offsets.h b/src/libdrakvuf/win-offsets.h new file mode 100644 index 000000000..35aa1804b --- /dev/null +++ b/src/libdrakvuf/win-offsets.h @@ -0,0 +1,178 @@ +/*********************IMPORTANT DRAKVUF LICENSE TERMS*********************** + * * + * DRAKVUF (C) 2014-2016 Tamas K Lengyel. * + * Tamas K Lengyel is hereinafter referred to as the author. * + * This program is free software; you may redistribute and/or modify it * + * under the terms of the GNU General Public License as published by the * + * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE * + * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your * + * right to use, modify, and redistribute this software under certain * + * conditions. If you wish to embed DRAKVUF technology into proprietary * + * software, alternative licenses can be aquired from the author. * + * * + * Note that the GPL places important restrictions on "derivative works", * + * yet it does not provide a detailed definition of that term. To avoid * + * misunderstandings, we interpret that term as broadly as copyright law * + * allows. For example, we consider an application to constitute a * + * derivative work for the purpose of this license if it does any of the * + * following with any software or content covered by this license * + * ("Covered Software"): * + * * + * o Integrates source code from Covered Software. * + * * + * o Reads or includes copyrighted data files. * + * * + * o Is designed specifically to execute Covered Software and parse the * + * results (as opposed to typical shell or execution-menu apps, which will * + * execute anything you tell them to). * + * * + * o Includes Covered Software in a proprietary executable installer. The * + * installers produced by InstallShield are an example of this. Including * + * DRAKVUF with other software in compressed or archival form does not * + * trigger this provision, provided appropriate open source decompression * + * or de-archiving software is widely available for no charge. For the * + * purposes of this license, an installer is considered to include Covered * + * Software even if it actually retrieves a copy of Covered Software from * + * another source during runtime (such as by downloading it from the * + * Internet). * + * * + * o Links (statically or dynamically) to a library which does any of the * + * above. * + * * + * o Executes a helper program, module, or script to do any of the above. * + * * + * This list is not exclusive, but is meant to clarify our interpretation * + * of derived works with some common examples. Other people may interpret * + * the plain GPL differently, so we consider this a special exception to * + * the GPL that we apply to Covered Software. Works which meet any of * + * these conditions must conform to all of the terms of this license, * + * particularly including the GPL Section 3 requirements of providing * + * source code and allowing free redistribution of the work as a whole. * + * * + * Any redistribution of Covered Software, including any derived works, * + * must obey and carry forward all of the terms of this license, including * + * obeying all GPL rules and restrictions. For example, source code of * + * the whole work must be provided and free redistribution must be * + * allowed. All GPL references to "this License", are to be treated as * + * including the terms and conditions of this license text as well. * + * * + * Because this license imposes special exceptions to the GPL, Covered * + * Work may not be combined (even as part of a larger work) with plain GPL * + * software. The terms, conditions, and exceptions of this license must * + * be included as well. This license is incompatible with some other open * + * source licenses as well. In some cases we can relicense portions of * + * DRAKVUF or grant special permissions to use it in other open source * + * software. Please contact tamas.k.lengyel@gmail.com with any such * + * requests. Similarly, we don't incorporate incompatible open source * + * software into Covered Software without special permission from the * + * copyright holders. * + * * + * If you have any questions about the licensing restrictions on using * + * DRAKVUF in other works, are happy to help. As mentioned above, * + * alternative license can be requested from the author to integrate * + * DRAKVUF into proprietary applications and appliances. Please email * + * tamas.k.lengyel@gmail.com for further information. * + * * + * If you have received a written license agreement or contract for * + * Covered Software stating terms other than these, you may choose to use * + * and redistribute Covered Software under those terms instead of these. * + * * + * Source is provided to this software because we believe users have a * + * right to know exactly what a program is going to do before they run it. * + * This also allows you to audit the software for security holes. * + * * + * Source code also allows you to port DRAKVUF to new platforms, fix bugs, * + * and add new features. You are highly encouraged to submit your changes * + * on https://github.com/tklengyel/drakvuf, or by other methods. * + * By sending these changes, it is understood (unless you specify * + * otherwise) that you are offering unlimited, non-exclusive right to * + * reuse, modify, and relicense the code. DRAKVUF will always be * + * available Open Source, but this is important because the inability to * + * relicense code has caused devastating problems for other Free Software * + * projects (such as KDE and NASM). * + * To specify special license conditions of your contributions, just say * + * so when you send them. * + * * + * This program is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the DRAKVUF * + * license file for more details (it's in a COPYING file included with * + * DRAKVUF, and also available from * + * https://github.com/tklengyel/drakvuf/COPYING) * + * * + ***************************************************************************/ + +#ifndef WIN_OFFSETS_H +#define WIN_OFFSETS_H + +/* + * Easy-to-use structure offsets to be loaded from the Rekall profile. + * Define actual mapping in win-offsets-map.h + */ +enum offset { + KIINITIALPCR, + + EPROCESS_PID, + EPROCESS_PDBASE, + EPROCESS_PNAME, + EPROCESS_TASKS, + EPROCESS_PEB, + EPROCESS_OBJECTTABLE, + EPROCESS_PCB, + + KPROCESS_HEADER, + + PEB_IMAGEBASADDRESS, + PEB_LDR, + + PEB_LDR_DATA_INLOADORDERMODULELIST, + + LDR_DATA_TABLE_ENTRY_DLLBASE, + LDR_DATA_TABLE_ENTRY_SIZEOFIMAGE, + LDR_DATA_TABLE_ENTRY_BASEDLLNAME, + + FILE_OBJECT_DEVICEOBJECT, + FILE_OBJECT_READACCESS, + FILE_OBJECT_WRITEACCESS, + FILE_OBJECT_DELETEACCESS, + FILE_OBJECT_FILENAME, + + HANDLE_TABLE_HANDLECOUNT, + + KPCR_PRCB, + KPCR_PRCBDATA, + KPRCB_CURRENTTHREAD, + + KTHREAD_PROCESS, + KTHREAD_INITIALSTACK, + KTHREAD_STACKLIMIT, + KTHREAD_APCSTATE, + KTHREAD_TRAPFRAME, + KTHREAD_APCQUEUEABLE, + KTHREAD_PREVIOUSMODE, + KTHREAD_HEADER, + + KTRAP_FRAME_RIP, + + KAPC_APCLISTENTRY, + + ETHREAD_CID, + ETHREAD_TCB, + CLIENT_ID_UNIQUETHREAD, + + OBJECT_HEADER_TYPEINDEX, + OBJECT_HEADER_BODY, + + UNICODE_STRING_LENGTH, + UNICODE_STRING_BUFFER, + + POOL_HEADER_BLOCKSIZE, + POOL_HEADER_POOLTYPE, + POOL_HEADER_POOLTAG, + + DISPATCHER_TYPE, + + OFFSET_MAX +}; + +#endif diff --git a/src/libdrakvuf/win-processes.c b/src/libdrakvuf/win-processes.c index 8a74c6010..ac07fcc76 100644 --- a/src/libdrakvuf/win-processes.c +++ b/src/libdrakvuf/win-processes.c @@ -111,6 +111,7 @@ #include #include "private.h" +#include "win-offsets.h" typedef enum dispatcher_object { DISPATCHER_PROCESS_OBJECT = 3, diff --git a/src/libdrakvuf/win-symbols.c b/src/libdrakvuf/win-symbols.c index 8c91dd6aa..cf6e74dab 100644 --- a/src/libdrakvuf/win-symbols.c +++ b/src/libdrakvuf/win-symbols.c @@ -122,7 +122,6 @@ status_t rekall_lookup( addr_t *size) { status_t ret = VMI_FAILURE; - addr_t mask = 0; if(!rekall_profile || !symbol) { return ret; } diff --git a/src/libinjector/Makefile.am b/src/libinjector/Makefile.am index 7e7f7e8de..0cb27d041 100644 --- a/src/libinjector/Makefile.am +++ b/src/libinjector/Makefile.am @@ -100,7 +100,7 @@ # DRAKVUF, and also available from # # https://github.com/tklengyel/drakvuf/COPYING) # # # -#*************************************************************************# +#*************************************************************************# h_sources = libinjector.h private.h c_sources = injector.c @@ -116,8 +116,8 @@ endif # Note that -pg is incompatible with HARDENING if DEBUG -AM_CFLAGS += -DDRAKVUF_DEBUG -Wall -Wextra -Wno-override-init -Wno-strict-aliasing -g -ggdb3 -AM_CFLAGS += -Wno-unused-parameter -Wno-unused-but-set-variable -Wno-unused-variable +AM_CFLAGS += -DDRAKVUF_DEBUG -Werror -Wall -Wextra -g -ggdb3 +AM_CFLAGS += -Wno-missing-field-initializers if !HARDENING AM_CFLAGS += -pg endif diff --git a/src/libinjector/injector.c b/src/libinjector/injector.c index b12f541df..d5be957f1 100644 --- a/src/libinjector/injector.c +++ b/src/libinjector/injector.c @@ -117,8 +117,6 @@ #include "libdrakvuf/libdrakvuf.h" #include "private.h" -static uint8_t trap = 0xCC; - struct injector { // Inputs: const char *target_proc; @@ -282,7 +280,6 @@ struct kapc_64 { bool pass_inputs(struct injector *injector, drakvuf_trap_info_t *info) { vmi_instance_t vmi = injector->vmi; - status_t status; reg_t fsgs, rsp = info->regs->rsp; access_context_t ctx = { .translate_mechanism = VMI_TM_PROCESS_DTB, @@ -624,9 +621,8 @@ event_response_t mem_callback(drakvuf_t drakvuf, drakvuf_trap_info_t *info) { event_response_t cr3_callback(drakvuf_t drakvuf, drakvuf_trap_info_t *info) { struct injector *injector = info->trap->data; - addr_t thread = 0, kpcrb_offset = 0, tid = 0, stack_base = 0, stack_limit = 0; - uint8_t apcqueueable; - reg_t fsgs = 0, cr3 = info->regs->cr3; + addr_t thread = 0; + reg_t cr3 = info->regs->cr3; status_t status; PRINT_DEBUG("CR3 changed to 0x%" PRIx64 "\n", info->regs->cr3); @@ -665,11 +661,6 @@ event_response_t cr3_callback(drakvuf_t drakvuf, drakvuf_trap_info_t *info) { */ if (!injector->is32bit) { - access_context_t ctx = { - .translate_mechanism = VMI_TM_PROCESS_DTB, - .dtb = cr3, - }; - addr_t trapframe = 0; status = vmi_read_addr_va(injector->vmi, thread + injector->offsets[KTHREAD_TRAPFRAME], @@ -738,7 +729,6 @@ event_response_t cr3_callback(drakvuf_t drakvuf, drakvuf_trap_info_t *info) { event_response_t injector_int3_cb(drakvuf_t drakvuf, drakvuf_trap_info_t *info) { struct injector *injector = info->trap->data; - addr_t pa = info->trap_pa; reg_t cr3 = info->regs->cr3; vmi_pid_t pid = vmi_dtb_to_pid(injector->vmi, cr3); diff --git a/src/main.cpp b/src/main.cpp index 6192d5e36..bb257ef57 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -127,7 +127,7 @@ static inline void disable_plugin(char *optarg, bool *plugin_list) { } int main(int argc, char** argv) { - int c, i, rc = 0, timeout = 0; + int c, rc = 0, timeout = 0; char *inject_cmd = NULL; char *domain = NULL; char *rekall_profile = NULL; @@ -135,7 +135,6 @@ int main(int argc, char** argv) { vmi_pid_t injection_pid = -1; uint32_t injection_thread = 0; struct sigaction act; - GThread *timeout_thread = NULL; output_format_t output = OUTPUT_DEFAULT; bool plugin_list[] = {[0 ... __DRAKVUF_PLUGIN_LIST_MAX-1] = 1}; bool verbose = 0; diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am index 5375cda71..e7826864a 100644 --- a/src/plugins/Makefile.am +++ b/src/plugins/Makefile.am @@ -100,7 +100,7 @@ # DRAKVUF, and also available from # # https://github.com/tklengyel/drakvuf/COPYING) # # # -#*************************************************************************# +#*************************************************************************# sources = @@ -149,8 +149,8 @@ AM_CPPFLAGS += $(HARDEN_CFLAGS) -DHARDENING # Note that -pg is incompatible with HARDENING if DEBUG -AM_CPPFLAGS += -DDRAKVUF_DEBUG -Wall -Wextra -Wno-strict-aliasing -g -ggdb3 -AM_CPPFLAGS += -Wno-unused-parameter -Wno-unused-variable +AM_CPPFLAGS += -DDRAKVUF_DEBUG -Werror -Wall -Wextra -g -ggdb3 +AM_CPPFLAGS += -Wno-missing-field-initializers if !HARDENING AM_CPPFLAGS += -pg endif diff --git a/src/plugins/exmon/exmon.cpp b/src/plugins/exmon/exmon.cpp index 664e8387e..81c7e9a2a 100644 --- a/src/plugins/exmon/exmon.cpp +++ b/src/plugins/exmon/exmon.cpp @@ -170,8 +170,6 @@ static event_response_t cb(drakvuf_t drakvuf, drakvuf_trap_info_t *info) { vmi_instance_t vmi = drakvuf_lock_and_get_vmi(drakvuf); const char *str_format; const char *user_format; - page_mode_t pm = vmi_get_page_mode(vmi); - uint8_t index = ~0; uint32_t first_chance; char* trap_frame=(char*)g_malloc0(e->ktrap_frame_size); // Generic pointer that allows addressing byte-aligned offests diff --git a/src/plugins/filedelete/filedelete.cpp b/src/plugins/filedelete/filedelete.cpp index 728090848..8fee99e76 100644 --- a/src/plugins/filedelete/filedelete.cpp +++ b/src/plugins/filedelete/filedelete.cpp @@ -1,4 +1,4 @@ -/*********************IMPORTANT DRAKVUF LICENSE TERMS*********************** + /*********************IMPORTANT DRAKVUF LICENSE TERMS*********************** * * * DRAKVUF (C) 2014-2016 Tamas K Lengyel. * * Tamas K Lengyel is hereinafter referred to as the author. * @@ -134,7 +134,7 @@ static const char *offset_names[__OFFSET_MAX][2] = { #define PROFILE32 "Win7SP1x86" #define PROFILE64 "Win7SP1x64" -void volatility_extract_file(filedelete *f, drakvuf_t drakvuf, addr_t file_object) { +void volatility_extract_file(filedelete *f, addr_t file_object) { const char* profile = NULL; if (f->pm == VMI_PM_IA32E) @@ -150,7 +150,7 @@ void volatility_extract_file(filedelete *f, drakvuf_t drakvuf, addr_t file_objec file_object, f->dump_folder); g_spawn_command_line_sync(command, NULL, NULL, NULL, NULL); - free(command); + g_free(command); } /* @@ -166,7 +166,7 @@ void volatility_extract_file(filedelete *f, drakvuf_t drakvuf, addr_t file_objec * Also see: http://www.csee.umbc.edu/~stephens/SECURITY/491M/HiddenProcesses.ppt */ static void grab_file_by_handle(filedelete *f, drakvuf_t drakvuf, - vmi_instance_t vmi, page_mode_t pm, + vmi_instance_t vmi, drakvuf_trap_info_t *info, addr_t handle) { uint8_t type_index = 0; @@ -233,7 +233,7 @@ static void grab_file_by_handle(filedelete *f, drakvuf_t drakvuf, }; if (f->dump_folder) - volatility_extract_file(f, drakvuf, file_pa); + volatility_extract_file(f, file_pa); free(procname); free(str2.contents); @@ -278,7 +278,7 @@ static event_response_t setinformation(drakvuf_t drakvuf, drakvuf_trap_info_t *i vmi_read_8(vmi, &ctx, &del); if (del) { //printf("DELETE FILE _FILE_OBJECT Handle: 0x%lx.\n", handle); - grab_file_by_handle(f, drakvuf, vmi, f->pm, info, handle); + grab_file_by_handle(f, drakvuf, vmi, info, handle); } } diff --git a/src/plugins/filetracer/filetracer.cpp b/src/plugins/filetracer/filetracer.cpp index 17b6d3cdc..5f352ff55 100644 --- a/src/plugins/filetracer/filetracer.cpp +++ b/src/plugins/filetracer/filetracer.cpp @@ -214,10 +214,8 @@ static event_response_t pool_alloc_return(drakvuf_t drakvuf, drakvuf_trap_info_t filetracer *f = s->f; addr_t obj_pa = vmi_pagetable_lookup(vmi, info->regs->cr3, info->regs->rax); bool file_alloc = 0; - addr_t ph_base = 0, thread = 0; + addr_t ph_base = 0; uint32_t block_size = 0; - uint32_t tag; - uint32_t aligned_file_size = f->file_object_size; if ( f->pm == VMI_PM_IA32E ) { struct pool_header_x64 ph; diff --git a/src/plugins/objmon/objmon.cpp b/src/plugins/objmon/objmon.cpp index 30dcb2d32..4656fec6c 100644 --- a/src/plugins/objmon/objmon.cpp +++ b/src/plugins/objmon/objmon.cpp @@ -140,7 +140,6 @@ static event_response_t cb(drakvuf_t drakvuf, drakvuf_trap_info_t *info) { objmon *o = (objmon *)info->trap->data; vmi_instance_t vmi = drakvuf_lock_and_get_vmi(drakvuf); - page_mode_t pm = vmi_get_page_mode(vmi); uint8_t index = ~0; char *procname = drakvuf_get_current_process_name(drakvuf, info->vcpu, info->regs); diff --git a/src/plugins/private.h b/src/plugins/private.h index 7c39171ef..c218098db 100644 --- a/src/plugins/private.h +++ b/src/plugins/private.h @@ -110,13 +110,13 @@ // This is defined in libdrakvuf extern bool verbose; -#define PRINT_DEBUG(args...) \ +#define PRINT_DEBUG(...) \ do { \ - if(verbose) fprintf (stderr, args); \ + if(verbose) fprintf (stderr, __VA_ARGS__); \ } while (0) #else -#define PRINT_DEBUG(args...) \ +#define PRINT_DEBUG(...) \ do {} while(0) #endif diff --git a/src/xen_helper/Makefile.am b/src/xen_helper/Makefile.am index d33771344..5eed80a3c 100644 --- a/src/xen_helper/Makefile.am +++ b/src/xen_helper/Makefile.am @@ -100,13 +100,14 @@ # DRAKVUF, and also available from # # https://github.com/tklengyel/drakvuf/COPYING) # # # -#*************************************************************************# +#*************************************************************************# h_sources = xen_helper.h c_sources = xen_helper.c AM_CFLAGS = -I$(top_srcdir) -AM_CFLAGS += $(CFLAGS) $(GLIB_CFLAGS) +AM_CFLAGS += -Werror -Wall -Wextra $(CFLAGS) $(GLIB_CFLAGS) +AM_CFLAGS += -Wno-missing-field-initializers noinst_LTLIBRARIES= libxenhelper.la libxenhelper_la_SOURCES= $(h_sources) $(c_sources) diff --git a/src/xen_helper/xen_helper.c b/src/xen_helper/xen_helper.c index ef7651a0d..de3b23519 100644 --- a/src/xen_helper/xen_helper.c +++ b/src/xen_helper/xen_helper.c @@ -164,15 +164,15 @@ void xen_free_interface(xen_interface_t* xen) { int get_dom_info(xen_interface_t *xen, const char *input, domid_t *domID, char **name) { - uint32_t _domID = ~0; + uint32_t _domID = ~0U; char *_name = NULL; sscanf(input, "%u", &_domID); - if (_domID == ~0) { + if (_domID == ~0U) { _name = strdup(input); libxl_name_to_domid(xen->xl_ctx, input, &_domID); - if (!_domID || _domID == ~0) { + if (!_domID || _domID == ~0U) { printf("Domain is not running, failed to get domID from name!\n"); free(_name); return -1; @@ -182,6 +182,7 @@ int get_dom_info(xen_interface_t *xen, const char *input, domid_t *domID, } else { xc_dominfo_t info = { 0 }; + if ( 1 == xc_domain_getinfo(xen->xc, _domID, 1, &info) && info.domid == _domID) { @@ -252,7 +253,7 @@ void xen_unshare_gfn(xen_interface_t *xen, domid_t domID, unsigned long gfn) { void print_sharing_info(xen_interface_t *xen, domid_t domID) { - xc_dominfo_t info; + xc_dominfo_t info = { 0 }; xc_domain_getinfo(xen->xc, domID, 1, &info); printf("Shared memory pages: %lu\n", info.nr_shared_pages); @@ -274,7 +275,7 @@ void xen_resume(xen_interface_t *xen, domid_t domID) { void xen_force_resume(xen_interface_t *xen, domid_t domID) { do { - xc_dominfo_t info = { 0 }; + xc_dominfo_t info = {0}; if (1 == xc_domain_getinfo(xen->xc, domID, 1, &info) && info.domid == domID && info.paused) xc_domain_unpause(xen->xc, domID);