Skip to content

Commit

Permalink
add new plugin procdump for Linux (#1769)
Browse files Browse the repository at this point in the history
* add linux procdump

* small fix

* fix small mistake
  • Loading branch information
EscardosS authored Feb 26, 2024
1 parent 750a51f commit 269bb14
Show file tree
Hide file tree
Showing 19 changed files with 4,703 additions and 2,133 deletions.
4 changes: 2 additions & 2 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -403,9 +403,9 @@ fi

AC_ARG_ENABLE([plugin_procdump2],
[AS_HELP_STRING([--enable-plugin-procdump],
[Enable the windows experimental process dumping plugin @<:@no@:>@])],
[Enable the windows/linux experimental process dumping plugin @<:@yes@:>@])],
[plugin_procdump2="$enableval"],
[plugin_procdump2="no"])
[plugin_procdump2="yes"])
AM_CONDITIONAL([PLUGIN_PROCDUMP2], [test x$plugin_procdump2 = xyes])
if test x$plugin_procdump2 = xyes; then
AC_DEFINE_UNQUOTED(ENABLE_PLUGIN_PROCDUMP2, 1, "")
Expand Down
7 changes: 7 additions & 0 deletions src/main.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,8 @@ static void print_usage()
"\t Disables hook on KeDelayExecutionThread\n"
"\t --procdump-exclude-list <file name filter>\n"
"\t File with list of process name regexes to exclude from dumping\n"
"\t --procdump-use-maple-tree\n"
"\t Extract VMAs from maple tree (linux kernel 6.1+) \n"
#endif
#ifdef ENABLE_PLUGIN_CODEMON
"\t --codemon-dump-dir <directory>\n"
Expand Down Expand Up @@ -495,6 +497,7 @@ int main(int argc, char** argv)
opt_procdump_timeout,
opt_procdump_dir,
opt_compress_procdumps,
opt_procdump_use_maple_tree,
opt_procdump_disable_dump_on_finish,
opt_procdump_new_processes_on_finish,
opt_procdump_disable_kideliverapc_hook,
Expand Down Expand Up @@ -580,6 +583,7 @@ int main(int argc, char** argv)
{"procdump-timeout", required_argument, NULL, opt_procdump_timeout},
{"procdump-dir", required_argument, NULL, opt_procdump_dir},
{"compress-procdumps", no_argument, NULL, opt_compress_procdumps},
{"procdump-use-maple-tree", no_argument, NULL, opt_procdump_use_maple_tree},
{"procdump-disable-dump-on-finish", no_argument, NULL, opt_procdump_disable_dump_on_finish},
{"procdump-new-processes-on-finish", no_argument, NULL, opt_procdump_new_processes_on_finish},
{"procdump-disable-kideliverapc-hook", no_argument, NULL, opt_procdump_disable_kideliverapc_hook},
Expand Down Expand Up @@ -935,6 +939,9 @@ int main(int argc, char** argv)
case opt_procdump_disable_kedelayexecutionthread_hook:
options.procdump_disable_kedelayexecutionthread_hook = true;
break;
case opt_procdump_use_maple_tree:
options.procdump_use_maple_tree = true;
break;
case opt_procdump_exclude_list:
if (!std::filesystem::exists(optarg))
{
Expand Down
9 changes: 8 additions & 1 deletion src/plugins/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -283,9 +283,16 @@ if PLUGIN_PROCDUMP2
sources += procdump2/procdump2.cpp
sources += procdump2/procdump2.h
sources += procdump2/private2.h
sources += procdump2/win.cpp
sources += procdump2/win.h
sources += procdump2/win_private.h
sources += procdump2/win_minidump.h
sources += procdump2/linux.cpp
sources += procdump2/linux.h
sources += procdump2/linux_private.h
sources += procdump2/linux_coredump.h
sources += procdump2/writer.cpp
sources += procdump2/writer.h
sources += procdump2/minidump2.h
endif

if PLUGIN_RPCMON
Expand Down
8 changes: 8 additions & 0 deletions src/plugins/meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,14 @@ if get_option('plugin-procdump')
config_h.set('ENABLE_PLUGIN_PROCDUMP', 1)
endif

if get_option('plugin-procdump2')
plugin_sources += 'procdump2/procdump2.cpp'
plugin_sources += 'procdump2/linux.cpp'
plugin_sources += 'procdump2/win.cpp'
plugin_sources += 'procdump2/writer.cpp'
deps += dependency('zlib', required: true)
config_h.set('ENABLE_PLUGIN_PROCDUMP2', 1)
endif

if get_option('plugin-rpcmon')
plugin_sources += 'rpcmon/rpcmon.cpp'
Expand Down
3 changes: 2 additions & 1 deletion src/plugins/plugins.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -466,7 +466,8 @@ int drakvuf_plugins::start(const drakvuf_plugin_t plugin_id,
.hal_profile = options->hal_profile,
.disable_kideliverapc_hook = options->procdump_disable_kideliverapc_hook,
.disable_kedelayexecutionthread_hook = options->procdump_disable_kedelayexecutionthread_hook,
.exclude_file = options->procdump_exclude_file
.exclude_file = options->procdump_exclude_file,
.use_maple_tree = options->procdump_use_maple_tree
};
this->plugins[plugin_id] =
std::make_unique<procdump2>(this->drakvuf, &config, this->output);
Expand Down
3 changes: 2 additions & 1 deletion src/plugins/plugins.h
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,7 @@ struct plugins_options
uint32_t procdump_timeout; // PLUGIN_PROCDUMP
const char* procdump_dir; // PLUGIN_PROCDUMP
bool compress_procdumps = false; // PLUGIN_PROCDUMP
bool procdump_use_maple_tree = false; // PLUGIN_PROCDUMP2
vmi_pid_t procdump_on_finish; // PLUGIN_PROCDUMP2
bool procdump_new_processes_on_finish; // PLUGIN_PROCDUMP2
std::shared_ptr<std::unordered_map<vmi_pid_t, bool>> terminated_processes; // PLUGIN_PROCDUMP
Expand Down Expand Up @@ -329,7 +330,7 @@ static const bool drakvuf_plugin_os_support[__DRAKVUF_PLUGIN_LIST_MAX][VMI_OS_WI
[PLUGIN_MEMDUMP] = { [VMI_OS_WINDOWS] = 1, [VMI_OS_LINUX] = 0 },
[PLUGIN_APIMON] = { [VMI_OS_WINDOWS] = 1, [VMI_OS_LINUX] = 0 },
[PLUGIN_PROCDUMP] = { [VMI_OS_WINDOWS] = 1, [VMI_OS_LINUX] = 0 },
[PLUGIN_PROCDUMP2] = { [VMI_OS_WINDOWS] = 1, [VMI_OS_LINUX] = 0 },
[PLUGIN_PROCDUMP2] = { [VMI_OS_WINDOWS] = 1, [VMI_OS_LINUX] = 1 },
[PLUGIN_RPCMON] = { [VMI_OS_WINDOWS] = 1, [VMI_OS_LINUX] = 0 },
[PLUGIN_TLSMON] = { [VMI_OS_WINDOWS] = 1, [VMI_OS_LINUX] = 0 },
[PLUGIN_CODEMON] = { [VMI_OS_WINDOWS] = 1, [VMI_OS_LINUX] = 0 },
Expand Down
Loading

0 comments on commit 269bb14

Please sign in to comment.