[insight-vmi] r1982 committed - Using ByteArray instead of char* to store the data of pages within det...
0 views
Skip to first unread message
insig...@googlecode.com
Jun 21, 2013, 5:47:19 AM6/21/13
to insight-v...@googlegroups.com
Revision: 1982
Author: vo...@in.tum.de
Date: Fri Jun 21 02:46:56 2013
Log: Using ByteArray instead of char* to store the data of pages
within detect.c.
http://code.google.com/p/insight-vmi/source/detail?r=1982
Modified:
/trunk/libinsight/detect.cpp
/trunk/libinsight/include/insight/detect.h
=======================================
--- /trunk/libinsight/detect.cpp Fri Jun 21 02:16:53 2013
+++ /trunk/libinsight/detect.cpp Fri Jun 21 02:46:56 2013
@@ -214,7 +214,7 @@
<< " (" << currentPages.at(i).module << ")" << endl;
// Compare pages and print diffs
- for (quint32 j = 0; j < currentPages.at(i).data_len; ++j) {
+ for (int j = 0; j < currentPages.at(i).data.size(); ++j) {
if (currentPages.at(i).data[j] !=
ExecutablePages->value(currentPages.at(i).address).data[j]) {
@@ -293,8 +293,6 @@
// Hash
QMultiHash<quint64, ExecutablePage> *currentHashes = new
QMultiHash<quint64, ExecutablePage>();
QCryptographicHash hash(QCryptographicHash::Sha1);
- char* data = 0;
- qint32 data_len = 0;
// Start the Operation
operationStarted();
@@ -353,35 +351,29 @@
}
*/
- // Allocate mem
- data = 0;
- data_len = ptEntries.nextPageOffset(_sym.memSpecs());
- data = (char *)malloc(data_len * sizeof(char));
-
- if (!data) {
- std::cout << "ERROR: Could not allocate memory!" <<
std::endl;
- return;
- }
+ // Create ByteArray
+ QByteArray data;
+ data.resize(ptEntries.nextPageOffset(_sym.memSpecs()));
// Get data
- if ((quint64)vmem->readAtomic(i, data, data_len) != data_len) {
+ if ((quint64)vmem->readAtomic(i, data.data(), data.size()) !=
data.size()) {
std::cout << "ERROR: Could not read data of page!" <<
std::endl;
return;
}
// Calculate hash
hash.reset();
- hash.addData(data, data_len);
+ hash.addData(data);
// Lies the page within the kernel code area?
if (i >= _kernel_code_begin && i <= _kernel_code_end) {
- currentHashes->insert(i, ExecutablePage(i,
KERNEL, "kernel", hash.result(), data, data_len));
+ currentHashes->insert(i, ExecutablePage(i,
KERNEL, "kernel", hash.result(), data));
continue;
}
// Vsyscall page?
if (i == _vsyscall_page) {
- currentHashes->insert(i, ExecutablePage(i,
KERNEL, "kernel", hash.result(), data, data_len));
+ currentHashes->insert(i, ExecutablePage(i,
KERNEL, "kernel", hash.result(), data));
continue;
}
@@ -400,7 +392,7 @@
i <= (currentModuleCore + currentModuleCoreSize)) {
found = true;
currentHashes->insert(i, ExecutablePage(i, MODULE,
currentModule.member("name").toString(),
- hash.result(),
data, data_len));
+ hash.result(),
data));
break;
}
// else {
@@ -462,11 +454,11 @@
if (flags & 0x1) {
lazy_pages++;
- currentHashes->insert(i, ExecutablePage(i,
LAZY, "vmap-lazy", hash.result(), data, data_len));
+ currentHashes->insert(i, ExecutablePage(i,
LAZY, "vmap-lazy", hash.result(), data));
}
else {
vmap_pages++;
- currentHashes->insert(i, ExecutablePage(i,
VMAP, "vmap", hash.result(), data, data_len));
+ currentHashes->insert(i, ExecutablePage(i,
VMAP, "vmap", hash.result(), data));
}
}
=======================================
--- /trunk/libinsight/include/insight/detect.h Fri Jun 21 02:16:53 2013
+++ /trunk/libinsight/include/insight/detect.h Fri Jun 21 02:46:56 2013
@@ -18,24 +18,18 @@
struct ExecutablePage
{
ExecutablePage() : address(0), type(UNDEFINED), module(""),
- hash(), data(0), data_len(0) {}
+ hash(), data() {}
ExecutablePage(quint64 address, PageType type, QString module,
- QByteArray hash, char *data, quint32 data_len) :
+ QByteArray hash, QByteArray data) :
address(address), type(type), module(module),
- hash(hash), data(data), data_len(data_len) {}
-
- ~ExecutablePage()
- {
- //free(data);
- }
+ hash(hash), data(data) {}
quint64 address;
PageType type;
QString module;
QByteArray hash;
- char *data;
- quint32 data_len;
+ QByteArray data;
};
Detect(KernelSymbols &sym);
Author: vo...@in.tum.de
Date: Fri Jun 21 02:46:56 2013
Log: Using ByteArray instead of char* to store the data of pages
within detect.c.
http://code.google.com/p/insight-vmi/source/detail?r=1982
Modified:
/trunk/libinsight/detect.cpp
/trunk/libinsight/include/insight/detect.h
=======================================
--- /trunk/libinsight/detect.cpp Fri Jun 21 02:16:53 2013
+++ /trunk/libinsight/detect.cpp Fri Jun 21 02:46:56 2013
@@ -214,7 +214,7 @@
<< " (" << currentPages.at(i).module << ")" << endl;
// Compare pages and print diffs
- for (quint32 j = 0; j < currentPages.at(i).data_len; ++j) {
+ for (int j = 0; j < currentPages.at(i).data.size(); ++j) {
if (currentPages.at(i).data[j] !=
ExecutablePages->value(currentPages.at(i).address).data[j]) {
@@ -293,8 +293,6 @@
// Hash
QMultiHash<quint64, ExecutablePage> *currentHashes = new
QMultiHash<quint64, ExecutablePage>();
QCryptographicHash hash(QCryptographicHash::Sha1);
- char* data = 0;
- qint32 data_len = 0;
// Start the Operation
operationStarted();
@@ -353,35 +351,29 @@
}
*/
- // Allocate mem
- data = 0;
- data_len = ptEntries.nextPageOffset(_sym.memSpecs());
- data = (char *)malloc(data_len * sizeof(char));
-
- if (!data) {
- std::cout << "ERROR: Could not allocate memory!" <<
std::endl;
- return;
- }
+ // Create ByteArray
+ QByteArray data;
+ data.resize(ptEntries.nextPageOffset(_sym.memSpecs()));
// Get data
- if ((quint64)vmem->readAtomic(i, data, data_len) != data_len) {
+ if ((quint64)vmem->readAtomic(i, data.data(), data.size()) !=
data.size()) {
std::cout << "ERROR: Could not read data of page!" <<
std::endl;
return;
}
// Calculate hash
hash.reset();
- hash.addData(data, data_len);
+ hash.addData(data);
// Lies the page within the kernel code area?
if (i >= _kernel_code_begin && i <= _kernel_code_end) {
- currentHashes->insert(i, ExecutablePage(i,
KERNEL, "kernel", hash.result(), data, data_len));
+ currentHashes->insert(i, ExecutablePage(i,
KERNEL, "kernel", hash.result(), data));
continue;
}
// Vsyscall page?
if (i == _vsyscall_page) {
- currentHashes->insert(i, ExecutablePage(i,
KERNEL, "kernel", hash.result(), data, data_len));
+ currentHashes->insert(i, ExecutablePage(i,
KERNEL, "kernel", hash.result(), data));
continue;
}
@@ -400,7 +392,7 @@
i <= (currentModuleCore + currentModuleCoreSize)) {
found = true;
currentHashes->insert(i, ExecutablePage(i, MODULE,
currentModule.member("name").toString(),
- hash.result(),
data, data_len));
+ hash.result(),
data));
break;
}
// else {
@@ -462,11 +454,11 @@
if (flags & 0x1) {
lazy_pages++;
- currentHashes->insert(i, ExecutablePage(i,
LAZY, "vmap-lazy", hash.result(), data, data_len));
+ currentHashes->insert(i, ExecutablePage(i,
LAZY, "vmap-lazy", hash.result(), data));
}
else {
vmap_pages++;
- currentHashes->insert(i, ExecutablePage(i,
VMAP, "vmap", hash.result(), data, data_len));
+ currentHashes->insert(i, ExecutablePage(i,
VMAP, "vmap", hash.result(), data));
}
}
=======================================
--- /trunk/libinsight/include/insight/detect.h Fri Jun 21 02:16:53 2013
+++ /trunk/libinsight/include/insight/detect.h Fri Jun 21 02:46:56 2013
@@ -18,24 +18,18 @@
struct ExecutablePage
{
ExecutablePage() : address(0), type(UNDEFINED), module(""),
- hash(), data(0), data_len(0) {}
+ hash(), data() {}
ExecutablePage(quint64 address, PageType type, QString module,
- QByteArray hash, char *data, quint32 data_len) :
+ QByteArray hash, QByteArray data) :
address(address), type(type), module(module),
- hash(hash), data(data), data_len(data_len) {}
-
- ~ExecutablePage()
- {
- //free(data);
- }
+ hash(hash), data(data) {}
quint64 address;
PageType type;
QString module;
QByteArray hash;
- char *data;
- quint32 data_len;
+ QByteArray data;
};
Detect(KernelSymbols &sym);
Reply all
Reply to author
Forward
0 new messages