osquery-1/osquery/tables/system/linux/memory_map.cpp

48 lines
1.1 KiB
C++
Raw Normal View History

2015-02-09 07:47:40 +00:00
/*
* Copyright (c) 2014-present, Facebook, Inc.
2015-02-09 07:47:40 +00:00
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
#include <boost/algorithm/string.hpp>
#include <osquery/filesystem.h>
#include <osquery/tables.h>
#include "osquery/core/conversions.h"
2015-02-09 07:47:40 +00:00
namespace fs = boost::filesystem;
namespace osquery {
namespace tables {
const std::string kIOMemLocation = "/proc/iomem";
2015-02-09 07:47:40 +00:00
QueryData genMemoryMap(QueryContext& context) {
QueryData results;
std::vector<std::string> regions;
std::string content;
readFile(kIOMemLocation, content);
2015-02-09 07:47:40 +00:00
regions = osquery::split(content, "\n");
for (const auto& line : regions) {
auto b1 = line.find_first_of("-");
auto b2 = line.find_first_of(" : ");
2015-02-09 07:47:40 +00:00
Row r;
r["start"] = "0x" + line.substr(0, b1);
r["end"] = "0x" + line.substr(b1 + 1, b2 - b1);
r["name"] = line.substr(b2 + 3);
2015-02-09 07:47:40 +00:00
results.push_back(r);
}
return results;
}
}
}