Fix Linux memory_map printing and use IOMEM instead (#2416)

2024-11-07 01:55:20 +00:00 · 2016-08-29 06:54:10 -07:00 · 2016-08-29 06:54:10 -07:00 · 89b1b6f3ff
commit 89b1b6f3ff
parent bcb5edc464
3 changed files with 15 additions and 30 deletions
--- a/osquery/CMakeLists.txt
+++ b/osquery/CMakeLists.txt
@ -102,7 +102,7 @@ elseif(LINUX OR FREEBSD)
  if(NOT ${REDHAT_BASED})
    ADD_OSQUERY_LINK_CORE("-Wl,--gc-sections")
  endif()
-  if(NOT DEFINED ENV{SANITIZE})
+  if(NOT DEFINED ENV{SANITIZE} AND NOT DEFINED ENV{DEBUG})
    ADD_OSQUERY_LINK_CORE("-pie")
  endif()
 endif()
--- a/osquery/tables/system/linux/memory_map.cpp
+++ b/osquery/tables/system/linux/memory_map.cpp
@ -10,48 +10,34 @@

 #include <boost/algorithm/string.hpp>

-#include <osquery/core.h>
 #include <osquery/filesystem.h>
-#include <osquery/logger.h>
 #include <osquery/tables.h>

+#include "osquery/core/conversions.h"
+
 namespace fs = boost::filesystem;

 namespace osquery {
 namespace tables {

-const std::string kMemoryMapLocation = "/sys/firmware/memmap";
+const std::string kIOMemLocation = "/proc/iomem";

 QueryData genMemoryMap(QueryContext& context) {
  QueryData results;

-  // Linux memory map is exposed in /sys.
  std::vector<std::string> regions;
-  auto status = listDirectoriesInDirectory(kMemoryMapLocation, regions);
-  if (!status.ok()) {
-    return {};
-  }
+  std::string content;
+  readFile(kIOMemLocation, content);
+
+  regions = osquery::split(content, "\n");
+  for (const auto& line : regions) {
+    auto b1 = line.find_first_of("-");
+    auto b2 = line.find_first_of(" : ");

-  for (const auto& index : regions) {
-    fs::path index_path(index);
    Row r;
-    r["region"] = index_path.filename().string();
-
-    // The type is a textual description
-    std::string content;
-    readFile(index_path / "type", content);
-    boost::trim(content);
-    r["type"] = content;
-
-    // Keep these in 0xFFFF (hex) form.
-    readFile(index_path / "start", content);
-    boost::trim(content);
-    r["start"] = content;
-
-    readFile(index_path / "end", content);
-    boost::trim(content);
-    r["end"] = content;
-
+    r["start"] = "0x" + line.substr(0, b1);
+    r["end"] = "0x" + line.substr(b1 + 1, b2 - b1);
+    r["name"] = line.substr(b2 + 3);
    results.push_back(r);
  }

--- a/specs/linux/memory_map.table
+++ b/specs/linux/memory_map.table
@ -1,8 +1,7 @@
 table_name("memory_map")
 description("OS memory region map.")
 schema([
-    Column("region", INTEGER, "Region index"),
-    Column("type", TEXT, "Textual description"),
+    Column("name", TEXT, "Region name"),
    Column("start", TEXT, "Start address of memory region"),
    Column("end", TEXT, "End address of memory region"),
 ])