forked from RedPill-TTG/redpill-lkm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
redpill_main.c
executable file
·87 lines (74 loc) · 3.22 KB
/
redpill_main.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#include "internal/stealth.h"
#include "redpill_main.h"
#include "config/runtime_config.h"
#include "common.h" //commonly used headers in this module
#include "internal/intercept_execve.h" //Handling of execve() replacement
#include "config/cmdline_delegate.h" //Parsing of kernel cmdline
#include "shim/boot_device_shim.h" //Shimming VID/PID of boot device
#include "shim/bios_shim.h" //Shimming various mfgBIOS functions to make them happy
#include "shim/block_fw_update_shim.h" //Prevent firmware update from running
#include "shim/disable_exectutables.h" //Disable common problematic executables
#include "shim/pci_shim.h" //Handles PCI devices emulation
//This (shameful) flag disables shims which cannot be properly unloaded to make debugging of other things easier
//#define DISABLE_UNLOADABLE
//Whether to cause a BUG() when module failes to load internally (which should be normally done on production)
//#define BUG_ON_LOAD_ERROR
static int __init init_redpill(void)
{
int out = 0;
pr_loc_dbg("================================================================================================");
pr_loc_inf("RedPill loading...");
if (
(out = extract_config_from_cmdline(¤t_config)) != 0 //This MUST be the first entry
|| (out = populate_runtime_config(¤t_config)) != 0 //This MUST be second
|| (out = register_boot_shim(¤t_config.boot_media, ¤t_config.mfg_mode)) //Make sure we're quick with this one
|| (out = register_execve_interceptor()) != 0 //Register this reasonably high as other modules can use it blindly
|| (out = register_bios_shim()) != 0
|| (out = disable_common_executables()) != 0
|| (out = register_fw_update_shim()) != 0
#ifndef DISABLE_UNLOADABLE
|| (out = register_pci_shim(current_config.hw_config)) != 0
#endif
//This one should be done really late so that if it does hide something it's not hidden from us
|| (out = initialize_stealth(¤t_config)) != 0
)
goto error_out;
pr_loc_inf("RedPill loaded (stealth=%d)", STEALTH_MODE);
return 0;
error_out:
pr_loc_crt("RedPill cannot be loaded, error=%d", out);
#ifdef BUG_ON_LOAD_ERROR
BUG()
#else
return out;
#endif
}
static void __exit cleanup_redpill(void)
{
pr_loc_inf("RedPill unloading...");
int (*cleanup_handlers[])(void ) = {
uninitialize_stealth,
#ifndef DISABLE_UNLOADABLE
unregister_pci_shim,
#endif
unregister_fw_update_shim,
unregister_bios_shim,
unregister_execve_interceptor,
unregister_boot_shim,
};
int out;
for (int i = 0; i < ARRAY_SIZE(cleanup_handlers); i++) {
pr_loc_dbg("Calling cleanup handler %p", cleanup_handlers[i]);
out = cleanup_handlers[i]();
if (out != 0)
pr_loc_wrn("Cleanup handler %p failed with code=%d", cleanup_handlers[i], out);
}
free_runtime_config(¤t_config); //A special snowflake ;)
pr_loc_inf("RedPill is dead");
pr_loc_dbg("================================================================================================");
}
MODULE_AUTHOR("TTG");
MODULE_LICENSE("GPL");
MODULE_VERSION("0.5");
module_init(init_redpill);
module_exit(cleanup_redpill);