Navigation

← Previous Changeset
Next Changeset →

Changeset 242

Timestamp:

04/12/07 11:33:15 (2 years ago)

Author:

kindlund

Message:

Fixed Registry code so that each Registry $object can be serialized to memory or disk.
The only gotcha, is that $object→closeFiles() must be called before calling any Storable function on it, since Storable can't serialize any open file handle.

Files:

honeyclient/trunk/lib/HoneyClient/Agent/Integrity/Registry.pm (modified) (10 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeyclient/trunk/lib/HoneyClient/Agent/Integrity/Registry.pm

r240	r242
87	87	=head1 DESCRIPTION
88	88
89		This library allows the ~~Agent~~ module to easily baseline and check
	89	This library allows the Integrity module to easily baseline and check
90	90	the Windows OS registry hives for any changes that may occur, while
91	91	instrumenting a target application.
…	…
102	102	use warnings;
103	103	use Carp ();
104
105		~~# Traps signals, allowing END: blocks to perform cleanup.~~
106		~~#use sigtrap qw(die untrapped normal-signals error-signals);~~
107	104
108	105	# Include Global Configuration Processing Library
…	…
445	442	_checkpoint_parsers => { },
446	443
447		~~# A hashtable of file names, where the hash key is the file parser~~
448		~~# and the hash value is the file name.~~
449		~~# (For internal use only.)~~
450		~~_filenames => { },~~
451
452	444	# A hashtable of current key info objects, where the hash key is the
453	445	# file parser and the hash value is the info object.
…	…
487	479	$parser = $self->{_baseline_parsers}->{$hive};
488	480	if (defined($parser)) {
489		$fname = $self->{_filenames}->{$parser};
490		$LOG->debug("Deleting baseline of hive '" . $hive . "' in '" .
491		$fname . "'.");
492		if (!unlink($fname)) {
493		$LOG->fatal("Error: Unable to unlink '" . $hive . "' hive data in '" . $fname ."'.");
494		Carp::croak("Error: Unable to unlink '" . $hive . "' hive data in '" . $fname ."'.");
	481	$fname = $parser->getFilename();
	482	if (defined($fname) && (-f $fname)) {
	483	$LOG->debug("Deleting baseline of hive '" . $hive . "' in '" .
	484	$fname . "'.");
	485	if (!unlink($fname)) {
	486	$LOG->fatal("Error: Unable to unlink '" . $hive . "' hive data in '" . $fname ."'.");
	487	Carp::croak("Error: Unable to unlink '" . $hive . "' hive data in '" . $fname ."'.");
	488	}
495	489	}
496		~~delete($self->{_filenames}->{$parser});~~
497	490	delete($self->{_baseline_parsers}->{$hive});
498	491	}
499	492	$parser = $self->{_checkpoint_parsers}->{$hive};
500	493	if (defined($parser)) {
501		$fname = $self->{_filenames}->{$parser};
502		$LOG->debug("Deleting checkpoint of hive '" . $hive . "' in '" .
503		$fname . "'.");
504		if (!unlink($fname)) {
505		$LOG->fatal("Error: Unable to unlink '" . $hive . "' hive data in '" . $fname ."'.");
506		Carp::croak("Error: Unable to unlink '" . $hive . "' hive data in '" . $fname ."'.");
	494	$fname = $parser->getFilename();
	495	if (defined($fname) && (-f $fname)) {
	496	$LOG->debug("Deleting checkpoint of hive '" . $hive . "' in '" .
	497	$fname . "'.");
	498	if (!unlink($fname)) {
	499	$LOG->fatal("Error: Unable to unlink '" . $hive . "' hive data in '" . $fname ."'.");
	500	Carp::croak("Error: Unable to unlink '" . $hive . "' hive data in '" . $fname ."'.");
	501	}
507	502	}
508		~~delete($self->{_filenames}->{$parser});~~
509	503	delete($self->{_checkpoint_parsers}->{$hive});
510	504	}
…	…
547	541
548	542	$parser_collection->{$hive} = $parser;
549		~~$self->{_filenames}->{$parser} = $fname;~~
550	543	}
551	544	}
…	…
618	611	if (!defined($self->{_currentKeys}->{$parser})) {
619	612	$LOG->fatal("Error: Unable to read registry keys from '" .
620		$~~self->{_filenames}->{$parser}~~ . "'.");
	613	$parser->getFilename() . "'.");
621	614	Carp::croak("Error: Unable to read registry keys from '" .
622		$~~self->{_filenames}->{$parser}~~ . "'.");
	615	$parser->getFilename() . "'.");
623	616	}
624	617
…	…
686	679
687	680	# Get the corresponding file names.
688		my $src_filename = $s~~elf->{_filenames}->{$src_parser}~~;
689		my $tgt_filename = $~~self->{_filenames}->{$tgt_parser}~~;
	681	my $src_filename = $src_parser->getFilename();
	682	my $tgt_filename = $tgt_parser->getFilename();
690	683
691	684	my $fname_tmp = tmpnam();
…	…
1470	1463	$before_parser = HoneyClient::Agent::Integrity::Registry::Parser->init(input_file => $args{'before_file'},
1471	1464	index_groups => 1);
1472		~~$self->{_filenames}->{$before_parser} = $args{'before_file'};~~
1473	1465	}
1474	1466
…	…
1480	1472	$after_parser = HoneyClient::Agent::Integrity::Registry::Parser->init(input_file => $args{'after_file'},
1481	1473	index_groups => 1);
1482		~~$self->{_filenames}->{$after_parser} = $args{'after_file'};~~
1483	1474	}
1484	1475
…	…
1561	1552	$LOG->debug(Dumper(\%args));
1562	1553
1563		return values(%{$self->{_filenames}});
	1554	my @parsers = values(%{$self->{_baseline_parsers}});
	1555	push (@parsers, values(%{$self->{_checkpoint_parsers}}));
	1556
	1557	my @files;
	1558	foreach my $parser (@parsers) {
	1559	push (@files, $parser->getFilename());
	1560	}
	1561
	1562	return @files;
1564	1563	}
1565	1564

Navigation

Changeset 242

Legend:

honeyclient/trunk/lib/HoneyClient/Agent/Integrity/Registry.pm

Download in other formats: