18 LOG(
"[LIX-DEPLOYER] Agent with tag %d has just been initialized, error: 0x%08x.",
31 LOG(
"[LIX-DEPLOYER] Agent with tag %d has just been initialized, error: 0x%08x.",
69 ERROR(
"[ERROR] IntGetAgentContent failed with status: 0x%08x.", status);
94 ERROR(
"[ERROR] IntLixTaskGetAgentsAsCli failed with status: 0x%08x.", status);
102 ERROR(
"[LIX-DEPLOYER] Found an invalid agent tag %d ...", Tag);
127 DWORD writeLength = 0;
132 TRACE(
"[LIX-DEPLOYER] File '%s' deployed.", Agent->Name);
133 pRegs->
Rax = writeLength;
138 writeLength = maxWriteLength;
152 ERROR(
"[ERROR] IntVirtMemWrite failed with status: 0x%08x.", status);
160 pRegs->
Rax = writeLength;
217 if (pHandler == NULL)
249 TRACE(
"[LIX-DEPLOYER] A file with already running or pending.\n");
255 ERROR(
"[ERROR] IntLixAgentThreadInject failed with status: 0x%08x\n", status);
259 LOG(
"[LIX-DEPLOYER] File '%s' scheduled for injection ...", Name);
284 if (CommandLine == NULL)
290 if (pHandler == NULL)
320 TRACE(
"[LIX-DEPLOYER] A file already running or pending...\n");
326 ERROR(
"[ERROR] IntLixAgentThreadInject failed with status: 0x%08x\n", status);
330 LOG(
"[LIX-DEPLOYER] Command line '%s' scheduled for execution...", CommandLine);
341 _In_ const char *Name,
369 BYTE *pContent = NULL;
370 DWORD contentSize = 0;
373 TRACE(
"[LIX-DEPLOYER] Requested to inject agent with tag '%d' ...", AgentTag);
385 ERROR(
"[ERROR] IntLixDepGetInternalContent failed with status: 0x%08x.", status);
394 ERROR(
"[ERROR] IntLixDepGetInternalArgs failed with status: 0x%08x.", status);
398 if (strlen(pArgsLocal) == 0)
405 strlcpy(pArgsLocal, Args,
sizeof(pArgsLocal));
413 strlcpy(pArgsLocal, Args,
sizeof(pArgsLocal));
416 if ((pContent == NULL) || (contentSize == 0))
418 ERROR(
"[ERROR] No proper agent found.");
423 if (pHandler == NULL)
457 TRACE(
"[DEPLOYER] A file already running or pending...\n");
463 ERROR(
"[ERROR] IntLixAgentThreadInject failed with status: 0x%08x\n", status);
467 LOG(
"[LIX-DEPLOYER] File '%s' scheduled for execution using command line '%s' ...", Name, pArgs->
Exec.
Args);
static INTSTATUS IntLixDepComplete(LIX_AGENT *Agent)
Describes a handlers that contains the data required by the agent.
char Args[LIX_AGENT_MAX_ARGS_LENGTH]
The command line to be executed.
IG_ARCH_REGS Regs
The current state of the guest registers.
DWORD Index
The VCPU number.
QWORD SystemCr3
The Cr3 used to map the kernel.
#define INT_STATUS_SUCCESS
struct _LIX_AGENT_THREAD_DEPLOY_FILE_ARGS::@111 Umh
QWORD UhmWaitExec
The value of UMH_WAIT_EXEC of current guest.
Arguments of the run command-line agent.
Describes an agent-thread running inside the guest.
QWORD UhmWaitProc
The value of UMH_WAIT_PROC of current guest.
#define INT_SUCCESS(Status)
static INTSTATUS IntLixDepGetInternalArgs(DWORD Tag, DWORD Length, char *Args)
Describe an agent running inside the guest.
Arguments of the exec agent.
#define INT_STATUS_NOT_NEEDED_HINT
INTSTATUS IntLixDepInjectFile(BYTE *Content, DWORD Size, const CHAR *Name)
Injects an agent that deploy a file with the provided content and name on the disk.
Arguments of the deploy-file agent.
QWORD KernelVersion
The current guest kernel version.
char Name[LIX_AGENT_MAX_NAME_LENGTH]
The name of the deployed file.
int INTSTATUS
The status data type.
static INTSTATUS IntLixDepDeployFileHypercall(LIX_AGENT *Agent)
Writes a chunk of the file into a allocated buffer by the agent.
INTSTATUS IntLixAgentThreadInject(LIX_AGENT_TAG Tag, DWORD TagEx, AGENT_TYPE AgentType, PFUNC_AgentCallbackHypercall HypercallCallback, PFUNC_AgentCallbackCompletion CompletionCallback, const char *Name, BYTE *ContentAddress, DWORD ContentSize)
Schedule an thread-agent injection inside the guest.
DWORD OSVersion
Os version.
#define INT_STATUS_NOT_FOUND
QWORD UhmWaitProc
The value of UMH_WAIT_PROC of current guest.
struct _LIX_AGENT_THREAD_DEPLOY_FILE_EXEC_ARGS::@115 Umh
#define LIX_CREATE_VERSION(K, Patch, Sublevel)
INTSTATUS IntLixDepRunCommand(const CHAR *CommandLine)
Injects an agent that creates a process that will execute the provided command line.
The process killer agent.
QWORD UhmWaitExec
The value of UMH_WAIT_EXEC of current guest.
struct _LIX_AGENT_THREAD_DEPLOY_FILE_ARGS::@110 FilePath
BYTE * Address
A pointer to the content provided by the integrator.
static INTSTATUS IntLixDepRunCommandComplete(LIX_AGENT *Agent)
BOOLEAN Guest64
True if this is a 64-bit guest, False if it is a 32-bit guest.
INTSTATUS IntLixTaskGetAgentsAsCli(char *CommandLine, DWORD Length)
Returns a string with the command lines of all active agents.
#define LIX_FIELD(Structure, Field)
Macro used to access fields inside the LIX_OPAQUE_FIELDS structure.
struct _LIX_AGENT_HANDLER::@101 Args
size_t strlcpy(char *dst, const char *src, size_t dest_size)
unsigned char gLixGatherAgentx64[7784]
#define INT_STATUS_ALREADY_INITIALIZED_HINT
struct _LIX_AGENT_THREAD_DEPLOY_FILE_EXEC_ARGS::@113 FilePath
void IntLixAgentSendEvent(AGENT_EVENT_TYPE Event, DWORD AgentTag, DWORD ErrorCode)
Send an event to the integrator that contains the AGENT_EVENT_TYPE, tag of the agent and the last err...
INTSTATUS IntVirtMemSafeWrite(QWORD Cr3, QWORD VirtualAddress, DWORD Size, void *Buffer, DWORD Ring)
Safely modify guest memory.
QWORD UhmWaitProc
The value of UMH_WAIT_PROC of current guest.
static INTSTATUS IntLixDepGetInternalContent(DWORD Tag, BYTE **Address, DWORD *Length)
INTSTATUS IntLixDepInjectProcess(DWORD AgentTag, BYTE *Content, DWORD Size, const char *Name, const char *Args)
Injects an agent that deploy a file to the disk and creates a process that execute the deployed file...
Execute a file (process).
QWORD KernelVersion
The current guest kernel version.
#define LIX_MAX_PATH
The maximum length of a dentry-path.
DWORD CurrentOffset
Used when the HypecallCallback is called as an offset in the content buffer.
INTSTATUS IntSetGprs(DWORD CpuNumber, PIG_ARCH_REGS Regs)
Sets the values of the guest GPRs.
INTSTATUS IntGetAgentContent(DWORD AgentTag, BOOLEAN Is64, DWORD *Size, BYTE **Content)
char Root
The root directory (eg. '/')
MM Mm
Guest memory information, such as paging mode, system Cr3 value, etc.
GUEST_STATE gGuest
The current guest state.
void * Content
The content of the arguments.
LIX_AGENT_HANDLER * IntLixAgentThreadGetHandlerByTag(LIX_AGENT_TAG AgentTag, LIX_AGENT_TAG ThreadTag)
Iterates through all thread-agent handlers and search the entry that has the provided tag...
struct _LIX_AGENT_THREAD_DEPLOY_FILE_EXEC_ARGS::@114 Exec
char Args[LIX_AGENT_MAX_ARGS_LENGTH]
The arguments given to the process.
QWORD FilePathOffset
The offset of struct file.path.
#define INT_STATUS_INVALID_PARAMETER_1
char Name[LIX_AGENT_MAX_NAME_LENGTH]
The name of the deployed file.
VCPU_STATE * gVcpu
The state of the current VCPU.
QWORD UhmWaitExec
The value of UMH_WAIT_EXEC of current guest.
Process agent. A process will be injected & started inside the guest.
unsigned char gLixKillerAgentx64[7640]
The agent has been initialized.
BYTE Version
The version field of the version string.
struct _LIX_AGENT_THREAD::@97 Content
struct _LIX_AGENT_THREAD_RUN_CLI_ARGS::@117 Umh
struct _LIX_AGENT_THREAD_RUN_CLI_ARGS::@116 Exec
#define INT_STATUS_INVALID_PARAMETER_2
File agent. A file will be dropped inside the guest.
LINUX_GUEST * gLixGuest
Global variable holding the state of a Linux guest.
DWORD Size
The size of the content provided by the integrator.
#define INT_STATUS_INVALID_PARAMETER_3
#define LIX_AGENT_MAX_ARGS_LENGTH
1.8.13