@@ -172,6 +172,7 @@ def modification(self, profile):
172172 return
173173 profile .object_classes .update ({
174174 'task_struct' : task_struct ,
175+ 'mm_struct' : mm_struct ,
175176 'VolatilityDTB' : VolatilityDTB ,
176177 'VolatilityLinuxAutoARMValidAS' : VolatilityLinuxAutoARMValidAS ,
177178 })
@@ -185,9 +186,10 @@ class AutoCType(obj.CType):
185186 def _update_profile (cls ):
186187 """Add defined vtypes to the profile"""
187188 vtypes = deepcopy (cls .vtypes )
188- for member_name , member_vtype in vtypes ['task_struct' ][1 ].items ():
189+ struct_name = vtypes .iterkeys ().next ()
190+ for member_name , member_vtype in vtypes [struct_name ][1 ].items ():
189191 if member_vtype [0 ] is None :
190- del vtypes ['task_struct' ][1 ][member_name ]
192+ del vtypes [struct_name ][1 ][member_name ]
191193 cls .vm .profile .add_types (vtypes )
192194
193195
@@ -259,7 +261,6 @@ def _init_offset_mm(cls):
259261 tasks_iterator = iter (swapper_task .tasks )
260262 try :
261263 init_task = tasks_iterator .next ()
262- assert str (init_task .comm ) == 'init'
263264 except StopIteration :
264265 debug .debug ("Can't get the next task after 'swapper' in tasks list" )
265266 return
@@ -270,7 +271,7 @@ def _init_offset_mm(cls):
270271 active_mm_ptr = obj .Object ('Pointer' , offset = swapper_task .obj_offset + mm_offset + 4 , vm = cls .vm )
271272 if not (mm_ptr .v () == active_mm_ptr .v () == 0 ):
272273 continue
273- # Check 'mm' and 'active_mm' pointers in the 'task_struct' structure of 'init' process
274+ # Check 'mm' and 'active_mm' pointers in the 'task_struct' structure of 'init' process
274275 mm_ptr = obj .Object ('Pointer' , offset = init_task .obj_offset + mm_offset , vm = cls .vm )
275276 active_mm_ptr = obj .Object ('Pointer' , offset = init_task .obj_offset + mm_offset + 4 , vm = cls .vm )
276277 if mm_ptr .v () != active_mm_ptr .v () or mm_ptr .v () < 0xc0000000 or not mm_ptr :
@@ -306,9 +307,9 @@ def _init_offset_mm(cls):
306307 continue
307308 cls .vtypes ['task_struct' ][1 ]['mm' ][0 ] = mm_offset
308309 cls ._update_profile ()
310+ debug .debug ("Found 'task_struct->mm' offset: {0}" .format (mm_offset ))
309311 # Init offsets of 'mm_struct' structure
310312 mm_struct .init_offsets (cls .vm )
311- debug .debug ("Found 'task_struct->mm' offset: {0}" .format (mm_offset ))
312313 return
313314 debug .debug ("Can't find 'task_struct->mm' offset" )
314315
@@ -320,23 +321,39 @@ def init_offsets(cls, vm):
320321 cls ._init_offset_comm ()
321322 cls ._init_offset_tasks ()
322323 cls ._init_offset_mm ()
323- print "~~~~~~~" , cls .vtypes
324324 cls .initialized = True
325325
326326
327327class mm_struct (AutoCType ):
328328 initialized = False
329329 vtypes = {
330330 'mm_struct' : [None , {
331- # TODO: auto initialize 'pgd' offset
332- 'pgd' : [0 , ['unsigned int' ]],
331+ 'pgd' : [None , ['unsigned int' ]],
333332 }],
334333 }
335334 vm = None
336335
337336 @classmethod
338337 def _init_offset_pgd (cls ):
339- pass
338+ if not task_struct .is_offset_defined ('mm' ):
339+ return
340+ ksymbol_command = linux_auto_ksymbol (cls .vm .get_config ())
341+ swapper_task_addr = ksymbol_command .get_symbol ('init_task' )
342+ swapper_task = obj .Object ('task_struct' , offset = swapper_task_addr , vm = cls .vm )
343+ init_task = iter (swapper_task .tasks ).next ()
344+ init_task_mm = init_task .mm .dereference ()
345+ for pgd_offset in xrange (0 , 0x100 , 4 ):
346+ pgd = obj .Object ('Pointer' , offset = init_task_mm .obj_offset + pgd_offset , vm = cls .vm )
347+ if not pgd :
348+ continue
349+ dtb = cls .vm .vtop (pgd .v ())
350+ init_task_as = cls .vm .__class__ (cls .vm .base , cls .vm .get_config (), dtb = dtb )
351+ if init_task_as .vtop (pgd .v ()) == dtb :
352+ cls .vtypes ['mm_struct' ][1 ]['pgd' ][0 ] = pgd_offset
353+ cls ._update_profile ()
354+ debug .debug ("Found 'mm_struct->pgd' offset: {0}" .format (pgd_offset ))
355+ return
356+ debug .debug ("Can't find 'mm_struct->pgd' offset" )
340357
341358 @classmethod
342359 def init_offsets (cls , vm ):
0 commit comments