Merge pull request #1 from maldeclabs/feature/verificar-hook-nas-sysc…

…alls Feature/verificar hook nas syscalls
maldeclabs · May 30, 2024 · 67b7343 · 67b7343
2 parents b70bd1d + 680a951
commit 67b7343
Show file tree

Hide file tree

Showing 24 changed files with 407 additions and 341 deletions.
diff --git a/include/control_registers/cr0.h b/include/control_registers/cr0.h
@@ -17,17 +17,13 @@
  * | 31  | PG    | Paging                |
  */
 
-const unsigned long
-get_cr0(void);
-void
-set_cr0(unsigned long cr0);
+const unsigned long get_cr0(void);
+void set_cr0(unsigned long cr0);
 
 /**
  *   | Bit | Label | Description           |
  *   | --- | ----- | --------------------- |
  *   | 16  | WP    | Write protect         |
  */
-void
-enable_register_cr0_wp(void);
-void
-disable_register_cr0_wp(void);
+void enable_register_cr0_wp(void);
+void disable_register_cr0_wp(void);
diff --git a/include/control_registers/cr4.h b/include/control_registers/cr4.h
@@ -1,43 +1,39 @@
 #pragma once
 
 /**
- *  | Bit | Label      | Description                                                       |
+ *  | Bit | Label      | Description |
  *  |-----|------------|-------------------------------------------------------------------|
- *  | 0   | VME        | Virtual 8086 Mode Extensions                                      |
- *  | 1   | PVI        | Protected-mode Virtual Interrupts                                 |
- *  | 2   | TSD        | Time Stamp Disable                                                |
- *  | 3   | DE         | Debugging Extensions                                              |
- *  | 4   | PSE        | Page Size Extension                                               |
- *  | 5   | PAE        | Physical Address Extension                                        |
- *  | 6   | MCE        | Machine Check Exception                                           |
- *  | 7   | PGE        | Page Global Enabled                                               |
- *  | 8   | PCE        | Performance-Monitoring Counter enable                             |
- *  | 9   | OSFXSR     | Operating system support for FXSAVE and FXRSTOR instructions      |
- *  | 10  | OSXMMEXCPT | Operating System Support for Unmasked SIMD Floating-Point Exceptions|
- *  | 11  | UMIP       | User-Mode Instruction Prevention (if set, #GP on SGDT, SIDT, SLDT, SMSW, and STR instructions when CPL > 0)|
- *  | 13  | VMXE       | Virtual Machine Extensions Enable                                 |
- *  | 14  | SMXE       | Safer Mode Extensions Enable                                      |
- *  | 16  | FSGSBASE   | Enables the instructions RDFSBASE, RDGSBASE, WRFSBASE, and WRGSBASE|
- *  | 17  | PCIDE      | PCID Enable                                                        |
- *  | 18  | OSXSAVE    | XSAVE and Processor Extended States Enable                         |
- *  | 20  | SMEP       | Supervisor Mode Execution Protection Enable                        |
- *  | 21  | SMAP       | Supervisor Mode Access Prevention Enable                           |
- *  | 22  | PKE        | Protection Key Enable                                              |
- *  | 23  | CET        | Control-flow Enforcement Technology                                |
- *  | 24  | PKS        | Enable Protection Keys for Supervisor-Mode Pages                   |
+ *  | 0   | VME        | Virtual 8086 Mode Extensions | | 1   | PVI        |
+ * Protected-mode Virtual Interrupts                                 | | 2   |
+ * TSD        | Time Stamp Disable | | 3   | DE         | Debugging Extensions |
+ *  | 4   | PSE        | Page Size Extension | | 5   | PAE        | Physical
+ * Address Extension                                        | | 6   | MCE |
+ * Machine Check Exception                                           | | 7   |
+ * PGE        | Page Global Enabled | | 8   | PCE        |
+ * Performance-Monitoring Counter enable                             | | 9   |
+ * OSFXSR     | Operating system support for FXSAVE and FXRSTOR instructions |
+ *  | 10  | OSXMMEXCPT | Operating System Support for Unmasked SIMD
+ * Floating-Point Exceptions| | 11  | UMIP       | User-Mode Instruction
+ * Prevention (if set, #GP on SGDT, SIDT, SLDT, SMSW, and STR instructions when
+ * CPL > 0)| | 13  | VMXE       | Virtual Machine Extensions Enable | | 14  |
+ * SMXE       | Safer Mode Extensions Enable | | 16  | FSGSBASE   | Enables the
+ * instructions RDFSBASE, RDGSBASE, WRFSBASE, and WRGSBASE| | 17  | PCIDE      |
+ * PCID Enable                                                        | | 18  |
+ * OSXSAVE    | XSAVE and Processor Extended States Enable | | 20  | SMEP |
+ * Supervisor Mode Execution Protection Enable                        | | 21  |
+ * SMAP       | Supervisor Mode Access Prevention Enable | | 22  | PKE        |
+ * Protection Key Enable                                              | | 23  |
+ * CET        | Control-flow Enforcement Technology | | 24  | PKS        |
+ * Enable Protection Keys for Supervisor-Mode Pages                   |
  */
 
-const unsigned long
-get_cr4(void);
-void
-set_cr4(unsigned long cr4);
+const unsigned long get_cr4(void);
+void set_cr4(unsigned long cr4);
 
 /**
  * | Bit | Label | Description           |
  * | --- | ----- | --------------------- |
  * |  1  | PVI    |  Protected-mode Virtual Interrupts  |
  */
-void
-enable_register_cr4_pvi(void);
-void
-disable_register_cr4_pvi(void);
+void enable_register_cr4_pvi(void);
+void disable_register_cr4_pvi(void);
diff --git a/include/crowarmor/crow.h b/include/crowarmor/crow.h
@@ -1,8 +1,8 @@
 #pragma once
 
-#include <linux/types.h>
-#include "err/err.h"
 #include "datacrow.h"
+#include "err/err.h"
+#include <linux/types.h>
 
 const ERR __must_check crow_init(struct crow **crow) notrace;
 void crow_end(struct crow **crow) notrace;
diff --git a/include/crowarmor/datacrow.h b/include/crowarmor/datacrow.h
@@ -2,9 +2,8 @@
 
 #include <linux/types.h>
 
-struct crow
-{
-    _Bool chrdev_is_actived;
-    _Bool hook_is_actived;
-    _Bool inspector_is_actived;
+struct crow {
+  _Bool chrdev_is_actived;
+  _Bool hook_is_actived;
+  _Bool inspector_is_actived;
 };
diff --git a/include/err/err.h b/include/err/err.h
@@ -10,8 +10,7 @@
 /**
  * @brief Enumeration for success and error values.
  */
-typedef enum ERR
-{
+typedef enum ERR {
   ERR_SUCCESS, /**< Indicates successful operation. */
   ERR_FAILURE  /**< Indicates an error occurred. */
 } ERR;
@@ -42,7 +41,6 @@ typedef enum ERR
  */
 #define NO_USE_AFTER_FREE(ptr) (ptr) = NULL;
 
-
 /**
  * @brief Macro to check if a value represents a failure error code.
  *

diff --git a/include/io/ioctl.h b/include/io/ioctl.h
@@ -1,7 +1,7 @@
 #pragma once
 
-#include <linux/ioctl.h>
 #include "crowarmor/datacrow.h"
+#include <linux/ioctl.h>
 
 #define MAJOR_NUM 0x101
 

diff --git a/include/kpobres/kallsyms_lookup.h b/include/kpobres/kallsyms_lookup.h
@@ -1,5 +1,4 @@
 #pragma once
 
 /* Lookup an address.  modname is set to NULL if it's in the kernel. */
-const __must_check unsigned long
-kallsyms_lookup_name(const char *name) notrace;
+const __must_check unsigned long kallsyms_lookup_name(const char *name) notrace;
diff --git a/include/signals/dbus_signals.h b/include/signals/dbus_signals.h
@@ -1,4 +1 @@
 #pragma once
-
-#include <systemd/sd-bus.h>
-