-
Notifications
You must be signed in to change notification settings - Fork 45
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add modules and lsmod plugins (#364)
- Loading branch information
Showing
11 changed files
with
102 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
from dataclasses import dataclass | ||
from typing import Iterator | ||
|
||
from dissect.target.exceptions import UnsupportedPluginError | ||
from dissect.target.helpers.record import TargetRecordDescriptor | ||
from dissect.target.plugin import Plugin, export | ||
from dissect.target.target import Target | ||
|
||
ModuleRecord = TargetRecordDescriptor( | ||
"linux/module", | ||
[ | ||
("string", "name"), | ||
("varint", "size"), | ||
("varint", "refcount"), | ||
("string[]", "used_by"), | ||
("path", "source"), | ||
], | ||
) | ||
|
||
|
||
@dataclass | ||
class Module: | ||
path: str | ||
name: str | ||
size: int | ||
refcnt: int | ||
used_by: list[str] | ||
|
||
|
||
class ModulePlugin(Plugin): | ||
def __init__(self, target: Target): | ||
super().__init__(target) | ||
self._module_base_path = self.target.fs.path("/sys/module") | ||
|
||
def check_compatible(self) -> bool: | ||
if not self._module_base_path.is_dir() or not next(self._module_base_path.iterdir(), None): | ||
raise UnsupportedPluginError("No module paths found.") | ||
|
||
def _iterate_modules(self) -> Iterator[Module]: | ||
for module_path in self._module_base_path.iterdir(): | ||
if module_path.joinpath("initstate").exists(): | ||
holders = [] | ||
if (holders_path := module_path.joinpath("holders")).exists(): | ||
holders = [item.name for item in holders_path.iterdir()] | ||
yield Module( | ||
module_path, | ||
module_path.name, | ||
int(module_path.joinpath("coresize").read_text()), | ||
int(module_path.joinpath("refcnt").read_text()), | ||
holders, | ||
) | ||
|
||
@export(record=ModuleRecord) | ||
def sysmodules(self) -> Iterator[ModuleRecord]: | ||
"""Return information about active kernel modules.""" | ||
for module in self._iterate_modules(): | ||
yield ModuleRecord( | ||
name=module.name, | ||
size=module.size, | ||
refcount=module.refcnt, | ||
used_by=module.used_by, | ||
source=module.path, | ||
_target=self.target, | ||
) | ||
|
||
@export(output="yield") | ||
def lsmod(self) -> Iterator[str]: | ||
"""Return information about active kernel modules in lsmod format""" | ||
yield f"{'Module ':<28} {'Size':<7} Used by" | ||
for module in self._iterate_modules(): | ||
yield f"{module.name:<28} {module.size:<7} {module.refcnt} {','.join(module.used_by)}" |
1 change: 1 addition & 0 deletions
1
tests/data/plugins/os/unix/linux/modules/module/modulea/coresize
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
1 |
1 change: 1 addition & 0 deletions
1
tests/data/plugins/os/unix/linux/modules/module/modulea/holders/holdera
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
. |
1 change: 1 addition & 0 deletions
1
tests/data/plugins/os/unix/linux/modules/module/modulea/initstate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
live |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
3 |
1 change: 1 addition & 0 deletions
1
tests/data/plugins/os/unix/linux/modules/module/moduleb/coresize
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
2 |
1 change: 1 addition & 0 deletions
1
tests/data/plugins/os/unix/linux/modules/module/moduleb/holders/holdera
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
. |
1 change: 1 addition & 0 deletions
1
tests/data/plugins/os/unix/linux/modules/module/moduleb/holders/holderb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
. |
1 change: 1 addition & 0 deletions
1
tests/data/plugins/os/unix/linux/modules/module/moduleb/initstate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
live |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
from dissect.target.filesystem import VirtualFilesystem | ||
from dissect.target.plugins.os.unix.linux.modules import ModulePlugin | ||
from dissect.target.target import Target | ||
|
||
from ._utils import absolute_path | ||
|
||
|
||
def test_modules_plugin(target_unix: Target, fs_unix: VirtualFilesystem) -> None: | ||
test_folder = absolute_path("data/plugins/os/unix/linux/modules/module") | ||
fs_unix.map_dir("/sys/module", test_folder) | ||
|
||
target_unix.add_plugin(ModulePlugin) | ||
results = sorted(list(target_unix.sysmodules()), key=lambda x: x.name) | ||
assert len(results) == 2 | ||
assert results[0].name == "modulea" | ||
assert results[0].size == 1 | ||
assert results[0].refcount == 3 | ||
assert results[0].used_by == ["holdera"] | ||
assert results[1].name == "moduleb" | ||
assert results[1].size == 2 | ||
assert results[1].refcount == 4 | ||
assert results[1].used_by == ["holdera", "holderb"] |