2015-02-09 07:47:40 +00:00
|
|
|
/*
|
2016-02-11 19:48:58 +00:00
|
|
|
* Copyright (c) 2014-present, Facebook, Inc.
|
2015-02-09 07:47:40 +00:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <boost/algorithm/string.hpp>
|
|
|
|
|
|
|
|
#include <osquery/filesystem.h>
|
|
|
|
#include <osquery/tables.h>
|
|
|
|
|
2016-08-29 13:54:10 +00:00
|
|
|
#include "osquery/core/conversions.h"
|
|
|
|
|
2015-02-09 07:47:40 +00:00
|
|
|
namespace fs = boost::filesystem;
|
|
|
|
|
|
|
|
namespace osquery {
|
|
|
|
namespace tables {
|
|
|
|
|
2016-08-29 13:54:10 +00:00
|
|
|
const std::string kIOMemLocation = "/proc/iomem";
|
2015-02-09 07:47:40 +00:00
|
|
|
|
|
|
|
QueryData genMemoryMap(QueryContext& context) {
|
|
|
|
QueryData results;
|
|
|
|
|
|
|
|
std::vector<std::string> regions;
|
2016-08-29 13:54:10 +00:00
|
|
|
std::string content;
|
|
|
|
readFile(kIOMemLocation, content);
|
2015-02-09 07:47:40 +00:00
|
|
|
|
2016-08-29 13:54:10 +00:00
|
|
|
regions = osquery::split(content, "\n");
|
|
|
|
for (const auto& line : regions) {
|
|
|
|
auto b1 = line.find_first_of("-");
|
|
|
|
auto b2 = line.find_first_of(" : ");
|
2016-11-19 20:11:55 +00:00
|
|
|
if (b1 == std::string::npos || b2 == std::string::npos) {
|
|
|
|
continue;
|
|
|
|
}
|
2015-02-09 07:47:40 +00:00
|
|
|
|
2016-08-29 13:54:10 +00:00
|
|
|
Row r;
|
|
|
|
r["start"] = "0x" + line.substr(0, b1);
|
|
|
|
r["end"] = "0x" + line.substr(b1 + 1, b2 - b1);
|
|
|
|
r["name"] = line.substr(b2 + 3);
|
2015-02-09 07:47:40 +00:00
|
|
|
results.push_back(r);
|
|
|
|
}
|
|
|
|
|
|
|
|
return results;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|