fileinfo.c

自己写的入侵检测源码

#include <stdio.h>
#include "acd_check.c"
#include <linux/string.h>
#define LEN sizeof(struct file_info)


struct exe_acd_struct  *Current_SystemInformation;//transfer to 8117
int bpid=0;
int nowpid=1;

struct file_info{
	char *filename;//execve()'s ebx
	int cpid;//current process id
	unsigned short file_uid;//uid is file owner's id
	unsigned short file_right;//when it run ,it's root
	int syscall_num;//system call number
	unsigned short file_gid;//file owner's group right
	struct file_info *next;
};
struct file_info *head;
	

struct file_info * creat_list(int syscall_num,char *para_ebx,int cpid)//
{
	struct file_info *head,*pb;
	head=NULL;
	pb=(struct file_info *)kmalloc(LEN,GFP_KERNEL);
	pb->file_uid=current->uid;
	pb->file_gid=current->gid;
	pb->file_right=current->suid;
	pb->syscall_num=syscall_num;//
	pb->filename=para_ebx;//
	pb->cpid=cpid;
	head=pb;
	pb->next=NULL;
	//printk("\n%d\n",pb->syscall_num);
	//printk("\n%s\n",pb->filename);//use to test
	return(head);
}



void print_list(struct file_info *head)//
{
	struct file_info *print;
	print=head;
	bpid=nowpid;//save old pid
	nowpid=	current->pid;//obtain new process
	if(nowpid!=bpid)//if info form same process,don't list this
	{
		printk("\n\n +--------------------+-------+-------+---------+-------+-------+\n");
		printk(" |   Filename         |  Pid  | Right | SYScall |  Uid  |  Gid  |\n");
		printk(" +--------------------+-------+-------+---------+-------+-------+\n");
	}
	while(print!=NULL)
	{
		printk(" | %-19s",print->filename);
		printk("| %-6d",print->cpid);
		printk("| %-6d",print->file_right);
		printk("|   %-6d",print->syscall_num);
		printk("| %-6d",print->file_uid);
		printk("| %-6d|\n",print->file_gid);
		print=print->next;
	}
	printk(" +--------------------+-------+-------+---------+-------+-------+\n");
	bpid=nowpid;//save old pid
	/*
	if((bpid!=0)&&(bpid!=nowpid))
	{	
		printk("\n%d%d\n",bpid,nowpid);
	}
	*/
}


void build_currentinformation()
{
	int i;
	Current_SystemInformation=(struct exe_acd_struct * )kmalloc(sizeof(exe_acd_struct),GFP_KERNEL);

    	strcpy(Current_SystemInformation->exe_file_name_node.exe_file_name,"aaaa");
	Current_SystemInformation->exe_file_name_node.right=head->file_right;
	for(i=0;i<SYSTEMCALL_COUNT;i++)
	{
		
		strcpy(Current_SystemInformation->systemcall_list[i].systemcall_name,"aaaa");	
		Current_SystemInformation->systemcall_list[i].count=head->syscall_num;
		Current_SystemInformation->systemcall_list[i].process_number=1;
		Current_SystemInformation->systemcall_list[i].head=(struct canshuo *)kmalloc(sizeof(struct canshuo),0);
		strcpy(Current_SystemInformation->systemcall_list[i].head->canshuo_name,head->filename);
		Current_SystemInformation->systemcall_list[i].head->next=NULL;
		break;
	
	}
	strcpy(Current_SystemInformation->systemcall_list[i+1].systemcall_name,"$");
}


int transfer_para(int syscall_num,char *para_ebx,int cpid)//8110 entry point
{
	int flag=0;
	//printk("\nflag = %d",flag);//use to test	
	head=creat_list(syscall_num,para_ebx,cpid);//create structs
  	print_list(head);
	build_currentinformation();
       	// printk("%s",head->filename);
	//printk("***************test*******\n\n");
	flag=check_acd(Current_SystemInformation);	
	return flag;
}