Skip to content

Linux fixes for syscalls, filetracer and added linux support for fileextractor #1864

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lfreijo wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Linux fixes for syscalls, filetracer and added linux support for fileextractor #1864

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
6c6d861
syscalls: Fix NULL pointer crash when enumerating kernel modules
lfreijo Jan 29, 2026
1c9d34f
Add Linux support for filetracer, fileextractor, and syscalls plugins
lfreijo Jan 12, 2026
53f0d37
Remove debug fprintf statements and restore code comments
lfreijo Jan 14, 2026
894590e
Apply astyle formatting
lfreijo Jan 14, 2026
9d3a463
Add do_syscall_64 fallback for Linux fileextractor plugin
lfreijo Jan 14, 2026
1f3da2f
Fix CI build failures for fileextractor Linux support
lfreijo Jan 18, 2026
632c701
Fix __LINUX_OFFSET_MAX shadowing from filetracer_ns
lfreijo Jan 18, 2026
5c41c5b
Use local FE_ prefixed enums to avoid all namespace conflicts
lfreijo Jan 18, 2026
4cef9cd
Fix syscall plugin to correctly report diverse Linux/Android syscall …
lfreijo Jan 23, 2026
3b9b18f
Add futex syscall argument definitions for Linux mutex tracking
lfreijo Jan 23, 2026
0c6e235
Reduce cognitive complexity of linux_cb function
lfreijo Jan 23, 2026
94bb50e
Update linux.h License
lfreijo Jan 27, 2026
36e4f23
Update linux.cpp license
lfreijo Jan 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions src/libinjector/linux/methods/linux_read_file.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,9 @@ event_response_t handle_read_file(drakvuf_t drakvuf, drakvuf_trap_info_t* info)
if (!call_open_syscall_cb(injector, info->regs))
return cleanup(drakvuf, info, true);

// Use FILE_BUF_SIZE for the first read, not injector->buffer.len which is 0
if (!setup_read_syscall(injector, info->regs, injector->fd,
injector->virtual_memory_addr, injector->buffer.len))
injector->virtual_memory_addr, FILE_BUF_SIZE))
return cleanup(drakvuf, info, true);

return VMI_EVENT_RESPONSE_SET_REGISTERS;
Expand All @@ -234,8 +235,9 @@ event_response_t handle_read_file(drakvuf_t drakvuf, drakvuf_trap_info_t* info)
if (!write_buffer_to_file(drakvuf, info, injector->buffer.len))
return cleanup(drakvuf, info, true);

// Always use FILE_BUF_SIZE for the read buffer size
if (!setup_read_syscall(injector, info->regs, injector->fd,
injector->virtual_memory_addr, injector->buffer.len))
injector->virtual_memory_addr, FILE_BUF_SIZE))
return cleanup(drakvuf, info, true);

return override_step(base_injector, STEP4, VMI_EVENT_RESPONSE_SET_REGISTERS);
Expand All @@ -253,6 +255,8 @@ event_response_t handle_read_file(drakvuf_t drakvuf, drakvuf_trap_info_t* info)
// restore regs
copy_gprs(info->regs, &injector->saved_regs);

injector->rc = INJECTOR_SUCCEEDED;

return VMI_EVENT_RESPONSE_SET_REGISTERS;
}
case STEP6: // cleanup
Expand Down
2 changes: 2 additions & 0 deletions src/plugins/Makefile.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,8 @@ sources += fileextractor/fileextractor.h
sources += fileextractor/private.h
sources += fileextractor/win.cpp
sources += fileextractor/win.h
sources += fileextractor/linux.cpp
sources += fileextractor/linux.h
endif

if PLUGIN_OBJMON
Expand Down
9 changes: 7 additions & 2 deletions src/plugins/fileextractor/fileextractor.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,15 +107,18 @@

#include "fileextractor.h"
#include "win.h"
#include "linux.h"

fileextractor::fileextractor(drakvuf_t drakvuf, const fileextractor_config* config, output_format_t output) : pluginex(drakvuf, output)
{
auto os = drakvuf_get_os_type(drakvuf);
if (os == VMI_OS_WINDOWS)
this->wf = std::make_unique<win_fileextractor>(drakvuf, config, output);
else if (os == VMI_OS_LINUX)
this->lf = std::make_unique<linux_fileextractor>(drakvuf, config, output);
else
{
PRINT_DEBUG("[FILEEXTRACTOR] Other platforms no supported yet\n");
PRINT_DEBUG("[FILEEXTRACTOR] Unsupported platform\n");
throw -1;
}
}
Expand All @@ -125,9 +128,11 @@ bool fileextractor::stop_impl()
auto os = drakvuf_get_os_type(this->drakvuf);
if (os == VMI_OS_WINDOWS)
return this->wf->stop();
else if (os == VMI_OS_LINUX)
return this->lf->stop();
else
{
PRINT_DEBUG("[FILEEXTRACTOR] Other platforms no supported yet\n");
PRINT_DEBUG("[FILEEXTRACTOR] Unsupported platform\n");
return true;
}
}
2 changes: 2 additions & 0 deletions src/plugins/fileextractor/fileextractor.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,13 +107,15 @@

#include "plugins/plugins_ex.h"
#include "win.h"
#include "linux.h"

#include <memory>

class fileextractor : public pluginex
{
public:
std::unique_ptr<win_fileextractor> wf;
std::unique_ptr<linux_fileextractor> lf;

fileextractor(drakvuf_t drakvuf, const fileextractor_config* config, output_format_t output);
~fileextractor() = default;
Expand Down
Loading
Loading