diff --git a/rootkit.pty b/rootkit.pty deleted file mode 120000 index 64fe38d..0000000 --- a/rootkit.pty +++ /dev/null @@ -1 +0,0 @@ -/dev/pts/6 \ No newline at end of file diff --git a/source/module/monitor_kernel.c b/source/module/monitor_kernel.c index 2e6e35c..23648ab 100644 --- a/source/module/monitor_kernel.c +++ b/source/module/monitor_kernel.c @@ -10,6 +10,7 @@ #define DEVICE_NAME "variable_monitor" +//!todo check name // for character device static dev_t dev_num; static struct cdev *watch_cdev; @@ -56,7 +57,7 @@ static long device_ioctl(struct file *file, unsigned int ioctl_num, printk(KERN_INFO "variable_monitor fun: %s with ioctl_num %d\n", __FUNCTION__, ioctl_num); - + //!todo check style switch (ioctl_num) { case 0: // copy watch_arg diff --git a/source/module/monitor_kernel_lib.c b/source/module/monitor_kernel_lib.c index 2d12ef6..554bc4d 100644 --- a/source/module/monitor_kernel_lib.c +++ b/source/module/monitor_kernel_lib.c @@ -28,7 +28,7 @@ static unsigned char w_arg2k_w_arg(void *kptr, watch_arg warg, k_watch_arg->kptr = kptr; k_watch_arg->length_byte = warg.length_byte; k_watch_arg->threshold = warg.threshold; - k_watch_arg->unsigned_flag = warg.unsigned_flag; + k_watch_arg->is_unsigned = warg.is_unsigned; k_watch_arg->above_threshold = warg.above_threshold; return 0; } @@ -297,7 +297,7 @@ enum hrtimer_restart check_variable_cb(struct hrtimer *timer) { for (i = 0; i < k_watch_timer->sentinel; i++) { kwarg = &k_watch_timer->k_watch_args[i]; if (read_and_compare(kwarg->kptr, kwarg->length_byte, kwarg->above_threshold, - kwarg->unsigned_flag, kwarg->threshold)) { + kwarg->is_unsigned, kwarg->threshold)) { k_watch_timer->threshold_buffer[j] = i; j++; } diff --git a/source/module/monitor_timer.h b/source/module/monitor_timer.h index 3db413e..1bdab9f 100644 --- a/source/module/monitor_timer.h +++ b/source/module/monitor_timer.h @@ -11,7 +11,7 @@ typedef struct { void *ptr; // virtual address int length_byte; // byte long long threshold; // threshold value - unsigned char unsigned_flag; // unsigned flag (true: unsigned, false: signed) + unsigned char is_unsigned; // unsigned flag (true: unsigned, false: signed) unsigned char above_threshold; // reverse flag (true: >, false: <) unsigned long time_ns; // timer interval (ns) } watch_arg; @@ -23,7 +23,7 @@ typedef struct { void *kptr; // kernel address + offset int length_byte; // byte long long threshold; // threshold value - unsigned char unsigned_flag; // unsigned flag (true: unsigned, false: signed) + unsigned char is_unsigned; // unsigned flag (true: unsigned, false: signed) unsigned char above_threshold; // reverse flag (true: >, false: <) } kernel_watch_arg; diff --git a/source/uapi/monitor_user.c b/source/uapi/monitor_user.c index 1a90008..be78e5a 100644 --- a/source/uapi/monitor_user.c +++ b/source/uapi/monitor_user.c @@ -45,14 +45,14 @@ int cancel_watch() { void init_watch_arg(watch_arg *wg, char *name, void *ptr, int length_byte, long long threshold, - unsigned char unsigned_flag, + unsigned char is_unsigned, unsigned char above_threshold, unsigned long time_ns){ wg->task_id = getpid(); strncpy(wg->name, name, (MAX_NAME_LEN + 1)); wg->ptr = ptr; wg->length_byte = length_byte; wg->threshold = threshold; - wg->unsigned_flag = unsigned_flag; + wg->is_unsigned = is_unsigned; wg->above_threshold = above_threshold; wg->time_ns = time_ns; } diff --git a/source/uapi/monitor_user.h b/source/uapi/monitor_user.h index 257217f..fb648d4 100644 --- a/source/uapi/monitor_user.h +++ b/source/uapi/monitor_user.h @@ -14,13 +14,13 @@ typedef struct { void *ptr; // virtual address int length_byte; // byte long long threshold; // threshold value - unsigned char unsigned_flag; // unsigned flag (true: unsigned, false: signed) + unsigned char is_unsigned; // unsigned flag (true: unsigned, false: signed) unsigned char above_threshold; // reverse flag (true: >, false: <) unsigned long time_ns; // timer interval (ns) } watch_arg; void init_watch_arg(watch_arg *wg, char *name, void *ptr, int length_byte, - long long threshold, unsigned char unsigned_flag, + long long threshold, unsigned char is_unsigned, unsigned char above_threshold, unsigned long time_ns); // start watch diff --git a/source/uapi/monitor_user_sw.h b/source/uapi/monitor_user_sw.h index 15c19e5..9e12e71 100644 --- a/source/uapi/monitor_user_sw.h +++ b/source/uapi/monitor_user_sw.h @@ -1,164 +1,94 @@ #ifndef UAPI_MONITOR_SW_H #define UAPI_MONITOR_SW_H +//!todo SWATCH_CHAR #define SWATCH_CHAR(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(char); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 0; \ - w_arg.above_threshold = 0; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(char), threshold, 0, 1, 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_CHAR_LESS(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(char); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 0; \ - w_arg.above_threshold = 1; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(char), threshold, 0, 0, 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_UCHAR(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(unsigned char); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 1; \ - w_arg.above_threshold = 0; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(unsigned char), threshold, 1, 1, \ + 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_UCHAR_LESS(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(unsigned char); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 1; \ - w_arg.above_threshold = 1; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(unsigned char), threshold, 1, 0, \ + 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_INT(name, ptr, threshold) \ do { \ watch_arg w_arg = {0}; \ - init_watch_arg(&w_arg, name, ptr, sizeof(int), threshold, 0, 1, 0); \ + init_watch_arg(&w_arg, name, ptr, sizeof(int), threshold, 0, 1, 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_INT_LESS(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(int); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 0; \ - w_arg.above_threshold = 1; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(int), threshold, 0, 0, 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_UINT(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(unsigned int); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 1; \ - w_arg.above_threshold = 0; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(unsigned int), threshold, 1, 1, \ + 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_UINT_LESS(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(unsigned int); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 1; \ - w_arg.above_threshold = 1; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(unsigned int), threshold, 1, 0, \ + 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_LONG(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(long); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 0; \ - w_arg.above_threshold = 0; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(long), threshold, 0, 1, 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_LONG_LESS(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(long); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 0; \ - w_arg.above_threshold = 1; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(long), threshold, 0, 0, 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_ULONG(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(unsigned long); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 1; \ - w_arg.above_threshold = 0; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(unsigned long), threshold, 1, 1, \ + 0); \ start_watch(w_arg); \ } while (0) #define SWATCH_ULONG_LESS(name, ptr, threshold) \ do { \ - watch_arg w_arg; \ - w_arg.task_id = getpid(); \ - strncpy(w_arg.name, name, MAX_NAME_LEN); \ - w_arg.ptr = ptr; \ - w_arg.length_byte = sizeof(unsigned long); \ - w_arg.threshold = threshold; \ - w_arg.unsigned_flag = 1; \ - w_arg.above_threshold = 1; \ - w_arg.time_ns = 0; \ + watch_arg w_arg = {0}; \ + init_watch_arg(&w_arg, name, ptr, sizeof(unsigned long), threshold, 1, 0, \ + 0); \ start_watch(w_arg); \ } while (0) diff --git a/source/ucli/ucli b/source/ucli/ucli deleted file mode 100755 index 03b867d..0000000 Binary files a/source/ucli/ucli and /dev/null differ diff --git a/testcase/helloworld.c b/testcase/helloworld.c index 50eaea6..55ebc73 100644 --- a/testcase/helloworld.c +++ b/testcase/helloworld.c @@ -1,51 +1,37 @@ #include "../source/uapi/monitor_user.h" #include -#include #include +#include #define NUM_VARS 2049 -int main() -{ - int i = 0; - int temps[NUM_VARS] = {0}; - watch_arg watch_args[NUM_VARS] = {0}; +int main() { + int i = 0; + int temps[NUM_VARS] = {0}; + watch_arg watch_args[NUM_VARS] = {0}; - cancel_watch(); + cancel_watch(); - for (i = 0; i < NUM_VARS; i++) - { - temps[i] = 100; + for (i = 0; i < NUM_VARS; i++) { + temps[i] = 100; - watch_args[i] = (watch_arg){ - .task_id = getpid(), - .ptr = &temps[i], - .name = "temp", - .length_byte = sizeof(int), - .threshold = 110 + i, - .unsigned_flag = 0, - .greater_flag = 1, - .time_ns = 2000 + (i / 33) * 5000, // on hyper-v, 1us will block all system. 2us just fine, maybe 1us is too short for hyper-v - }; - char name[20]; - snprintf(name, sizeof(name), "temp%d", i); - // 拷贝字符串 - strncpy(watch_args[i].name, name, (MAX_NAME_LEN + 1)); + char name[20]; + snprintf(name, sizeof(name), "temp%d", i); + // 拷贝字符串 + strncpy(watch_args[i].name, name, (MAX_NAME_LEN + 1)); - start_watch(watch_args[i]); + SWATCH_INT(name, &temps[i], (110 + i)); + } + + while (temps[NUM_VARS - 1] < 205) { + for (i = 0; i < NUM_VARS; i++) { + temps[i]++; } + printf("Value of variable %d: %d", i, temps[0]); + printf("\n"); + sleep(1); + } - while (temps[NUM_VARS - 1] < 205) - { - for (i = 0; i < NUM_VARS; i++) - { - temps[i]++; - } - printf("Value of variable %d: %d", i, temps[0]); - printf("\n"); - sleep(1); - } - - cancel_watch(); - return 0; + cancel_watch(); + return 0; } diff --git a/testcase/hptest.c b/testcase/hptest.c index 82263c1..34ce6bd 100644 --- a/testcase/hptest.c +++ b/testcase/hptest.c @@ -36,7 +36,7 @@ int main() { .name = "hptest", .length_byte = sizeof(int), .threshold = 20, - .unsigned_flag = 0, + .is_unsigned = 0, .above_threshold = 1, .time_ns = 2000, // on hyper-v, 1us will block all system. 2us just fine, maybe 1us is too short for hyper-v };