mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-08 18:33:54 +00:00
68 lines
1.6 KiB
C++
68 lines
1.6 KiB
C++
/*
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This source code is licensed under the BSD-style license found in the
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
*
|
|
*/
|
|
|
|
#include <CoreFoundation/CoreFoundation.h>
|
|
#include <IOKit/IOKitLib.h>
|
|
|
|
#include <osquery/hash.h>
|
|
#include <osquery/tables.h>
|
|
|
|
#include "osquery/core/conversions.h"
|
|
|
|
namespace osquery {
|
|
namespace tables {
|
|
|
|
#define kIOACPIClassName_ "AppleACPIPlatformExpert"
|
|
#define kIOACPIPropertyName_ "ACPI Tables"
|
|
|
|
void genACPITable(const void *key, const void *value, void *results) {
|
|
Row r;
|
|
|
|
r["name"] = stringFromCFString((CFStringRef)key);
|
|
|
|
auto data = (CFDataRef)value;
|
|
auto length = CFDataGetLength(data);
|
|
r["size"] = INTEGER(length);
|
|
r["md5"] =
|
|
osquery::hashFromBuffer(HASH_TYPE_MD5, CFDataGetBytePtr(data), length);
|
|
|
|
((QueryData *)results)->push_back(r);
|
|
}
|
|
|
|
QueryData genACPITables(QueryContext& context) {
|
|
QueryData results;
|
|
|
|
auto matching = IOServiceMatching(kIOACPIClassName_);
|
|
if (matching == nullptr) {
|
|
// No ACPI platform expert service found.
|
|
return {};
|
|
}
|
|
|
|
auto service = IOServiceGetMatchingService(kIOMasterPortDefault, matching);
|
|
if (service == 0) {
|
|
return {};
|
|
}
|
|
|
|
CFTypeRef table = IORegistryEntryCreateCFProperty(
|
|
service, CFSTR(kIOACPIPropertyName_), kCFAllocatorDefault, 0);
|
|
if (table == nullptr) {
|
|
IOObjectRelease(service);
|
|
return {};
|
|
}
|
|
|
|
CFDictionaryApplyFunction((CFDictionaryRef)table, genACPITable, &results);
|
|
|
|
CFRelease(table);
|
|
IOObjectRelease(service);
|
|
return results;
|
|
}
|
|
}
|
|
}
|