Revert "Add unique trap id to avoid relying on pointers as keys (tkle…

…ngyel#1197)" (tklengyel#1205) This reverts commit c0a3658.
CERT-Polska · Apr 15, 2021 · fc6ecab · fc6ecab
1 parent 789b86f
commit fc6ecab
Show file tree

Hide file tree

Showing 13 changed files with 69 additions and 62 deletions.
diff --git a/configure.ac b/configure.ac
@@ -422,7 +422,7 @@ AC_ARG_ENABLE([plugin_libhooktest],
   [AS_HELP_STRING([--enable-plugin-libhooktest],
     [Enable libhooktest plugin for testing @<:@no@:>@])],
   [plugin_libhooktest="$enableval"],
-  [plugin_libhooktest="no"])
+  [plugin_libhooktest=""])
 AM_CONDITIONAL([PLUGIN_LIBHOOKTEST], [test x$plugin_libhooktest = xyes])
 if test x$plugin_libhooktest = xyes; then
   AC_DEFINE_UNQUOTED(ENABLE_PLUGIN_LIBHOOKTEST, 1, "")

diff --git a/src/libdrakvuf/drakvuf.c b/src/libdrakvuf/drakvuf.c
@@ -424,14 +424,12 @@ bool drakvuf_add_trap(drakvuf_t drakvuf, drakvuf_trap_t* trap)
     if (!trap || !trap->cb)
         return 0;
 
-    if (!trap->id)
-        trap->id = ++drakvuf->trap_counter;
     if (!trap->ah_cb)
         trap->ah_cb = drakvuf_unhook_trap;
 
-    if (g_hash_table_lookup(drakvuf->remove_traps, GSIZE_TO_POINTER(trap->id)))
+    if (g_hash_table_lookup(drakvuf->remove_traps, &trap))
     {
-        g_hash_table_remove(drakvuf->remove_traps, GSIZE_TO_POINTER(trap->id));
+        g_hash_table_remove(drakvuf->remove_traps, &trap);
         return 1;
     }
 
@@ -479,7 +477,9 @@ void drakvuf_remove_trap(drakvuf_t drakvuf, drakvuf_trap_t* trap,
             free_wrapper = (struct free_trap_wrapper*)g_slice_alloc0(sizeof(struct free_trap_wrapper));
             free_wrapper->free_routine = free_routine;
             free_wrapper->trap = trap;
-            g_hash_table_insert(drakvuf->remove_traps, GSIZE_TO_POINTER(trap->id), free_wrapper);
+            g_hash_table_insert(drakvuf->remove_traps,
+                g_memdup(&trap, sizeof(void*)),
+                free_wrapper);
         }
 
         free_wrapper->counter++;

diff --git a/src/libdrakvuf/libdrakvuf.h b/src/libdrakvuf/libdrakvuf.h
@@ -210,7 +210,6 @@ typedef struct drakvuf_trap_info
 struct drakvuf_trap
 {
     trap_type_t type;
-    uint64_t id;
     event_response_t (*cb)(drakvuf_t, drakvuf_trap_info_t*);
     void* data;
 

diff --git a/src/libdrakvuf/private.h b/src/libdrakvuf/private.h
@@ -257,7 +257,6 @@ struct drakvuf
     fd_info_t fd_info_lookup;  // auto-generated for fast drakvuf_loop lookups
     int poll_rc;
 
-    uint64_t trap_counter;     // incremental unique trap ID
     uint64_t event_counter;    // incremental unique trap event ID
 
     ipt_state_t ipt_state[MAX_DRAKVUF_VCPU];

diff --git a/src/libdrakvuf/vmi.c b/src/libdrakvuf/vmi.c
diff --git a/src/libhook/hooks/return.hpp b/src/libhook/hooks/return.hpp
@@ -167,7 +167,7 @@ auto ReturnHook::create(drakvuf_t drakvuf, drakvuf_trap_info* info, cb_wrapper_t
 
     // not using std::make_unique because ctor is private
     auto hook = std::unique_ptr<ReturnHook>(new ReturnHook(drakvuf, cb));
-    hook->trap_ = new drakvuf_trap_t();
+    hook->trap_ = new drakvuf_trap_t;
 
     auto ret_addr = drakvuf_get_function_return_address(drakvuf, info);
     if (!ret_addr)

diff --git a/src/libhook/hooks/syscall.hpp b/src/libhook/hooks/syscall.hpp
@@ -167,7 +167,7 @@ auto SyscallHook::create(drakvuf_t drakvuf, const std::string& syscall_name, cb_
 
     // not using std::make_unique because ctor is private
     auto hook = std::unique_ptr<SyscallHook>(new SyscallHook(drakvuf, syscall_name, cb));
-    hook->trap_ = new drakvuf_trap_t();
+    hook->trap_ = new drakvuf_trap_t;
 
     if (!drakvuf_get_kernel_symbol_rva(hook->drakvuf_, hook->syscall_name_.c_str(), &hook->trap_->breakpoint.rva))
     {

diff --git a/src/plugins/cpuidmon/cpuidmon.h b/src/plugins/cpuidmon/cpuidmon.h
@@ -112,7 +112,7 @@ class cpuidmon: public plugin
 {
 public:
     output_format_t format;
-    drakvuf_trap_t cpuid{};
+    drakvuf_trap_t cpuid;
     drakvuf_t drakvuf;
     bool stealth;
 

diff --git a/src/plugins/debugmon/debugmon.h b/src/plugins/debugmon/debugmon.h
@@ -112,7 +112,7 @@ class debugmon: public plugin
 {
 public:
     output_format_t format;
-    drakvuf_trap_t debug{};
+    drakvuf_trap_t debug;
     drakvuf_t drakvuf;
 
     debugmon(drakvuf_t drakvuf, output_format_t output);

diff --git a/src/plugins/exploitmon/exploitmon.cpp b/src/plugins/exploitmon/exploitmon.cpp
@@ -137,7 +137,7 @@ static bool hook_page(
     event_response_t (*callback)(drakvuf_t, drakvuf_trap_info_t*),
     addr_t data = 0)
 {
-    auto trap = new drakvuf_trap_t();
+    auto trap = new drakvuf_trap_t;
     if (!trap)
         return false;
 

diff --git a/src/plugins/plugins_ex.h b/src/plugins/plugins_ex.h
@@ -575,7 +575,7 @@ drakvuf_trap_t* pluginex::register_trap(drakvuf_trap_info_t* info,
     int64_t ttl,
     ah_cb_t ah_cb)
 {
-    auto trap = new drakvuf_trap_t();
+    auto trap = new drakvuf_trap_t;
 
     if constexpr (std::is_same_v<Params, void>)
     {

diff --git a/src/plugins/poolmon/poolmon.h b/src/plugins/poolmon/poolmon.h
@@ -113,7 +113,7 @@ class poolmon: public plugin
 public:
     output_format_t format;
     GTree* pooltag_tree;
-    drakvuf_trap_t trap{};
+    drakvuf_trap_t trap;
 
     poolmon(drakvuf_t drakvuf, output_format_t output);
     ~poolmon();

diff --git a/src/plugins/ssdtmon/ssdtmon.h b/src/plugins/ssdtmon/ssdtmon.h
@@ -112,8 +112,8 @@ class ssdtmon: public plugin
 {
 public:
     output_format_t format;
-    drakvuf_trap_t ssdtwrite{};
-    drakvuf_trap_t ssdtwrite2{};
+    drakvuf_trap_t ssdtwrite;
+    drakvuf_trap_t ssdtwrite2;
 
     addr_t kiservicetable;
     uint32_t kiservicelimit;