search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Refactoring proc_PID
[signduterre.git] / proc_PID.py
blobbe8f0fa1da07fb3c920e05538f5cdac4f45e33fc
1 # proc_PID
2 #
3 # Signature-du-Terroir module to handle /proc/<pid>
4 #
5 # Help text
6 help_text = """
7 Start a command that will stall on reading STDIN, eg, grep, cat, dd, perl, python, ruby, bash.
8 Or enter the PID of an existing, running, task.
9
10 Use /proc/<pid>/{exe, maps} to collect information, eg, all loaded libraries, the file paths,
11 inode numbers, and mem addresses. Then use dbugfs to read out the inode numbers. The results can be
12 hashed with sha512sum (recommended) or returned raw.
13
14 System commands
15 reset() : Empty cache, next call to get_info() will run the command
16 get_info(command) : Run command and read all info, if command differs from current_command
17 get_info(PID) : Read all info from running process PID, if command differs from current pid
18
19 Values
20 current_command : Command (path) for which the current values are relevant
21 address_list : The start, end, and offset addresses for each file (path) loaded (/proc/<pid>/maps). Ie, each address_list[path] is a list of address lists.
22 map_list : Information for /proc/<pid>/maps - [path]={'permissions', 'device', 'inode'}
23 path_list : All files (paths) loaded for the current command (/proc/<pid>/maps).
24 mapsfile : The first file path in /proc/<pid>/maps, ie, the file with the command
25 file_system : Device, /dev/..., on which mapsfile is stored
26 exe : The path to which /proc/<pid>/exe links
27
28 Methods returning contents of /proc/<pid>/maps as text tables
29 paths (command, key_list) : A table of all paths with one or more of ['permissions', 'device', 'inode'] (inode is default)
30
31 The following methods return the SHA512 hash. They use the prefix to start the hash
32 Files are read using the inode numbers with debugfs (sudo only)
33 inodeSHA (command, file, prefix): The file contents based on the inode number in /proc/<pid>/maps, if 'file' is '', the mapsfile is used.
34 mapsSHA (command, prefix) : All files in /proc/<pid>/maps, based on inode number
35
36 For debugging purposes:
37 fileSHA (command, prefix) : Simple file read from disk using mapsfile
38 exeSHA (command, prefix) : File read using the exe link
39
40 The following methods return the WHOLE, binary file content
41 Files are read using the inode numbers with debugfs (sudo only)
42 inode (command, file): The file based on the inode number in /proc/<pid>/maps
43 maps (command) : All files in /proc/<pid>/maps, based on inode number
44
45 For debugging purposes:
46 file (command) : Simple file read from disk using mapsfile
47 exe (command) : File read using the exe link
48
49 Standalone use:
50 > python3 proc_PID.py [path1 ....]
51 Will run for each path:
52 fileSHA (path)
53 exeSHA (path)
54 inodeSHA (path, '')
55 mapsSHA (path)
56 """
57
58 import sys;
59 import os;
60 import subprocess;
61 import hashlib;
62 import re;
63 import time;
64
65 # Basic support routines
66 def create_process (command):
67 devnull = open('/dev/null', 'w');
68 return subprocess.Popen(command.split(), stdin = subprocess.PIPE, stdout = devnull, stderr = subprocess.PIPE, shell=False, universal_newlines=False);
69
70 def kill_process (process):
71 process.stdin.close();
72 errormess = process.stderr.read();
73 if len(errormess) > 0: print(str(errormess), file=sys.stderr);
74
75 # Define values
76 file_system = None;
77 address_list= {};
78 map_list = {};
79 path_list = [];
80 mapsfile = None;
81 exe = None;
82 current_command = '';
83
84 # Determine the file system on which a file is stored (using df)
85 def get_filesystem(path):
86 command = 'df -h '+path+' |tail -1';
87 process = subprocess.Popen(command, stdin = None, stdout = subprocess.PIPE, stderr = sys.stderr, shell=True, universal_newlines=True);
88 df_output = process.stdout.read();
89 return df_output.split()[0];
90
91 def get_debugfs_command (file_system, inode):
92 if os.getuid() != 0:
93 print("ERROR: must be root to read disk blocks\n", file=sys.stderr);
94 exit(1);
95 return "/sbin/debugfs -f - "+file_system+" -R 'cat <"+str(inode)+">'";
96
97 def reset ():
98 global file_system;
99 global address_list;
100 global map_list;
101 global path_list;
102 global mapsfile;
103 global exe;
104 global current_command;
105 file_system = None;
106 address_list = {};
107 map_list = {};
108 path_list = [];
109 mapsfile = None;
110 exe = None;
111 current_command = '';
112
113 # Start command and read info from /proc/<pid>/
114 # Do nothing if the command is identical to previous one
115 def getinfo (command): # -> pid
116 global file_system;
117 global address_list;
118 global map_list;
119 global path_list;
120 global mapsfile;
121 global exe;
122 global current_command;
123
124 if command == current_command:
125 return -1;
126
127 reset();
128 current_command = command;
129
130 # Do not create a process if it already exists
131 kill_process = False;
132 if isinstance(command, int):
133 pid = command;
134 elif re.search(r'[^0-9]', command) == None:
135 pid = int(command);
136 else:
137 process = create_process(command);
138 pid = process.pid;
139 # Wait a quarter of a second to allow the loading of the command to finish
140 time.sleep(0.25);
141
142 dir = '/proc/'+str(pid);
143 exe = os.readlink(dir+'/exe');
144
145 # Get all mapped memory and files
146 with open(dir+'/maps', 'r') as file:
147 for l in file:
148 record_list = l.split();
149 if len(record_list) == 6 and int(record_list[4]) > 0:
150 (addresses, permissions, offset, device, inode, path) = record_list;
151 if path not in path_list:
152 path_list.append(path);
153 map_list[path] = {'permissions':permissions, 'device':device, 'inode':inode};
154 address_list[path] = [];
155 (address1, address2) = addresses.split('-');
156 address_list[path].append({'start':address1, 'end':address2, 'offset':offset});
157 if kill_process: kill_process(process);
158 mapsfile = path_list[0];
159 file_system = get_filesystem(mapsfile);
160 return pid;
161
162 # Print out running proc stats
163 def paths (command, key_list = 'inode'): # 'key'/['key1', 'key2', ...] -> text-table
164 getinfo (command);
165
166 # Normalize keys
167 if isinstance(key_list, str):
168 key_list = [key_list];
169 # Construct a line for each path,
170 result_table = '';
171 for path in path_list:
172 line = path ;
173 for key in key_list:
174 line += '\t'+map_list[path][key];
175 line += '\n';
176 result_table += line;
177 return result_table;
178
179 # Methods that return the raw file contents (could be LARGE)
180 def file (command):
181 getinfo (command);
182 return_value = b'';
183 with open(mapsfile, 'rb') as file:
184 for l in file:
185 if type(l).__name__ == 'str':
186 l = bytes(l, encoding='utf8');
187 return_value += l;
188 return return_value;
189
190 def exe (command):
191 getinfo (command);
192 return_value = b'';
193 with open(exe, 'rb') as file:
194 for l in file:
195 if type(l).__name__ == 'str':
196 l = bytes(l, encoding='utf8');
197 return_value += l;
198 kill_process(process);
199 return return_value;
200
201 def inode (command, path):
202 getinfo(command);
203
204 # Get file contents on inode number
205 return_value = b'';
206 inode = map_list[path]['inode'];
207 debugfs = subprocess.Popen(get_debugfs_command(file_system, inode), stdin = None, stdout = subprocess.PIPE, stderr = sys.stderr, shell=True, universal_newlines=False);
208 # read out the file contents
209 for l in debugfs.stdout:
210 if type(l).__name__ == 'str':
211 l = bytes(l, encoding='utf8');
212 return_value += l;
213
214 return return_value;
215
216 def maps (command):
217 getinfo(command);
218
219 # Get file contents on inode number
220 return_value = b'';
221 for file in path_list:
222 inode = map_list[file]['inode'];
223 debugfs = subprocess.Popen(get_debugfs_command(file_system, inode), stdin = None, stdout = subprocess.PIPE, stderr = sys.stderr, shell=True, universal_newlines=False);
224 # read out the file contents
225 for l in debugfs.stdout:
226 if type(l).__name__ == 'str':
227 l = bytes(l, encoding='utf8');
228 return_value += l;
229
230 return return_value;
231
232 # Methods that return the SHA512sum
233 def fileSHA (command, prefix=''):
234 getinfo (command);
235 filehash = hashlib.sha512(bytes(prefix, encoding='ascii'));
236 with open(mapsfile, 'rb') as file:
237 for l in file:
238 if type(l).__name__ == 'str':
239 l = bytes(l, encoding='utf8');
240 filehash.update(l);
241 return str(filehash.hexdigest());
242
243 def exeSHA (command, prefix=''):
244 getinfo(command);
245 exehash = hashlib.sha512(bytes(prefix, encoding='ascii'));
246 with open(exe, 'rb') as file:
247 for l in file:
248 if type(l).__name__ == 'str':
249 l = bytes(l, encoding='utf8');
250 exehash.update(l);
251 return str(exehash.hexdigest());
252
253 def inodeSHA (command, path='', prefix=''):
254 getinfo(command);
255 if len(path) == 0: path = mapsfile;
256
257 # Get file contents on inode number
258 mapshash = hashlib.sha512(bytes(prefix, encoding='ascii'));
259 inode = map_list[path]['inode'];
260 debugfs = subprocess.Popen(get_debugfs_command(file_system, inode), stdin = None, stdout = subprocess.PIPE, stderr = sys.stderr, shell=True, universal_newlines=False);
261 # read out the file contents
262 for l in debugfs.stdout:
263 if type(l).__name__ == 'str':
264 l = bytes(l, encoding='utf8');
265 mapshash.update(l);
266
267 return str(mapshash.hexdigest());
268
269 def mapsSHA (command, prefix=''):
270 getinfo(command);
271
272 # Get file contents on inode number
273 mapshash = hashlib.sha512(bytes(prefix, encoding='ascii'));
274 for path in path_list:
275 inode = map_list[path]['inode'];
276 debugfs = subprocess.Popen(get_debugfs_command(file_system, inode), stdin = None, stdout = subprocess.PIPE, stderr = sys.stderr, shell=True, universal_newlines=False);
277 # read out the file contents
278 for l in debugfs.stdout:
279 if type(l).__name__ == 'str':
280 l = bytes(l, encoding='utf8');
281 mapshash.update(l);
282
283 return str(mapshash.hexdigest());
284
285 if __name__ == "__main__":
286 if len(sys.argv) == 1:
287 print(help_text);
288 else:
289 for command in sys.argv[1:]:
290 result = fileSHA(command);
291 print(mapsfile+(len("/proc/<pid>/inode") - len(mapsfile))*' ', result);
292 result = exeSHA(command);
293 print("/proc/<pid>/exe"+(len("/proc/<pid>/inode") - len("/proc/<pid>/exe"))*' ', result);
294 if os.getuid() == 0:
295 result = inodeSHA(command);
296 print("/proc/<pid>/inode"+(len(mapsfile) - len("/proc/<pid>/inode"))*' ', result);
297 result = mapsSHA(command);
298 print("/proc/<pid>/maps"+(len("/proc/<pid>/inode") - len("/proc/<pid>/all"))*' ', result);
299
300 print("");
301 result = paths(command);
302 print(result);
303 print("");
Signature-du-Terroir signs system state