minor project updates
improved error checking removed (some) spurious code
This commit is contained in:
Patrick Wardle
Binary file not shown.
@@ -15,7 +15,7 @@
|
||||
7DD0A9351F35A04B000EA15D /* Signing.m in Sources */ = {isa = PBXBuildFile; fileRef = 7DD0A9271F35A04B000EA15D /* Signing.m */; };
|
||||
7DD0A9361F35A04B000EA15D /* Signing.h in Headers */ = {isa = PBXBuildFile; fileRef = 7DD0A9281F35A04B000EA15D /* Signing.h */; };
|
||||
7DD0A9371F35A04B000EA15D /* Consts.h in Headers */ = {isa = PBXBuildFile; fileRef = 7DD0A9291F35A04B000EA15D /* Consts.h */; };
|
||||
7DD0A9471F37F373000EA15D /* procInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 7DD0A9461F37F373000EA15D /* procInfo.h */; };
|
||||
CD5A50262104AFF100218BDF /* procInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = CD5A50252104AFF100218BDF /* procInfo.h */; };
|
||||
/* End PBXBuildFile section */
|
||||
|
||||
/* Begin PBXFileReference section */
|
||||
@@ -28,7 +28,7 @@
|
||||
7DD0A9271F35A04B000EA15D /* Signing.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Signing.m; path = procInfo/Signing.m; sourceTree = SOURCE_ROOT; };
|
||||
7DD0A9281F35A04B000EA15D /* Signing.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Signing.h; path = procInfo/Signing.h; sourceTree = SOURCE_ROOT; };
|
||||
7DD0A9291F35A04B000EA15D /* Consts.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Consts.h; path = procInfo/Consts.h; sourceTree = SOURCE_ROOT; };
|
||||
7DD0A9461F37F373000EA15D /* procInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = procInfo.h; path = procInfo/procInfo.h; sourceTree = "<group>"; };
|
||||
CD5A50252104AFF100218BDF /* procInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = procInfo.h; path = ../../ProcInfoExample/lib/procInfo.h; sourceTree = "<group>"; };
|
||||
/* End PBXFileReference section */
|
||||
|
||||
/* Begin PBXFrameworksBuildPhase section */
|
||||
@@ -42,17 +42,10 @@
|
||||
/* End PBXFrameworksBuildPhase section */
|
||||
|
||||
/* Begin PBXGroup section */
|
||||
7D6E875D1F381BC600D6BD7C /* include */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
7DD0A9461F37F373000EA15D /* procInfo.h */,
|
||||
);
|
||||
name = include;
|
||||
sourceTree = "<group>";
|
||||
};
|
||||
7D6E87751F3BD0C200D6BD7C /* lib */ = {
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
CD5A50252104AFF100218BDF /* procInfo.h */,
|
||||
7D6E87761F3BD0FA00D6BD7C /* libprocInfo.a */,
|
||||
);
|
||||
name = lib;
|
||||
@@ -63,7 +56,6 @@
|
||||
isa = PBXGroup;
|
||||
children = (
|
||||
7D83A9E61EB6465D001506F0 /* src */,
|
||||
7D6E875D1F381BC600D6BD7C /* include */,
|
||||
7D6E87751F3BD0C200D6BD7C /* lib */,
|
||||
);
|
||||
sourceTree = "<group>";
|
||||
@@ -91,8 +83,8 @@
|
||||
isa = PBXHeadersBuildPhase;
|
||||
buildActionMask = 2147483647;
|
||||
files = (
|
||||
CD5A50262104AFF100218BDF /* procInfo.h in Headers */,
|
||||
7DD0A9331F35A04B000EA15D /* Utilities.h in Headers */,
|
||||
7DD0A9471F37F373000EA15D /* procInfo.h in Headers */,
|
||||
7DD0A9371F35A04B000EA15D /* Consts.h in Headers */,
|
||||
7DD0A9361F35A04B000EA15D /* Signing.h in Headers */,
|
||||
);
|
||||
@@ -163,7 +155,7 @@
|
||||
);
|
||||
runOnlyForDeploymentPostprocessing = 0;
|
||||
shellPath = /bin/sh;
|
||||
shellScript = "#move library into top-level lib folder\nmv $CODESIGNING_FOLDER_PATH $SRCROOT/lib/\n\n#copy header file into top-level lib folder\ncp $SRCROOT/procInfo/procInfo.h $SRCROOT/lib/";
|
||||
shellScript = "#move library into top-level lib folder\nmv $CODESIGNING_FOLDER_PATH $SRCROOT/lib/";
|
||||
};
|
||||
/* End PBXShellScriptBuildPhase section */
|
||||
|
||||
|
||||
+8
-3
@@ -254,13 +254,18 @@ bail:
|
||||
uint8_t digestSHA256[CC_SHA256_DIGEST_LENGTH] = {0};
|
||||
|
||||
//load file
|
||||
if(nil == (fileContents = [NSData dataWithContentsOfFile:self.path]))
|
||||
fileContents = [NSData dataWithContentsOfFile:self.path];
|
||||
if( (0 == fileContents.length) ||
|
||||
(NULL == fileContents.bytes) )
|
||||
{
|
||||
//bail
|
||||
goto bail;
|
||||
}
|
||||
|
||||
//sha1 it
|
||||
//clear buffer
|
||||
bzero(digestSHA256, CC_SHA256_DIGEST_LENGTH);
|
||||
|
||||
//sha it
|
||||
CC_SHA256(fileContents.bytes, (unsigned int)fileContents.length, digestSHA256);
|
||||
|
||||
//now init
|
||||
@@ -271,7 +276,7 @@ bail:
|
||||
for(NSUInteger index=0; index < CC_SHA256_DIGEST_LENGTH; index++)
|
||||
{
|
||||
//format/append
|
||||
[self.sha256 appendFormat:@"%02lX", (unsigned long)digestSHA256[index]];
|
||||
[self.sha256 appendFormat:@"%02X", digestSHA256[index]];
|
||||
}
|
||||
|
||||
bail:
|
||||
|
||||
@@ -124,16 +124,6 @@ NSMutableDictionary* extractSigningInfo(pid_t pid, NSString* path, SecCSFlags fl
|
||||
}
|
||||
}
|
||||
|
||||
//invalid params
|
||||
else
|
||||
{
|
||||
//set error
|
||||
signingInfo[KEY_SIGNATURE_STATUS] = [NSNumber numberWithInt:errSecParam];
|
||||
|
||||
//bail
|
||||
goto bail;
|
||||
}
|
||||
|
||||
//extract code signing id
|
||||
if(nil != [(__bridge NSDictionary*)signingDetails objectForKey:(__bridge NSString*)kSecCodeInfoIdentifier])
|
||||
{
|
||||
|
||||
@@ -1,204 +0,0 @@
|
||||
//
|
||||
// File: procInfo.h
|
||||
// Project: Proc Info
|
||||
//
|
||||
// Created by: Patrick Wardle
|
||||
// Copyright: 2017 Objective-See
|
||||
// License: Creative Commons Attribution-NonCommercial 4.0 International License
|
||||
//
|
||||
|
||||
#ifndef procInfo_h
|
||||
#define procInfo_h
|
||||
|
||||
#import <libproc.h>
|
||||
#import <sys/sysctl.h>
|
||||
#import <Foundation/Foundation.h>
|
||||
|
||||
/* CLASSES */
|
||||
|
||||
@class Binary;
|
||||
@class Process;
|
||||
|
||||
/* DEFINES */
|
||||
|
||||
//from audit_kevents.h
|
||||
#define EVENT_EXIT 1
|
||||
#define EVENT_FORK 2
|
||||
#define EVENT_EXECVE 23
|
||||
#define EVENT_EXEC 27
|
||||
#define EVENT_SPAWN 43190
|
||||
|
||||
//signers
|
||||
enum Signer{None, Apple, AppStore, DevID, AdHoc};
|
||||
|
||||
//signature status
|
||||
#define KEY_SIGNATURE_STATUS @"signatureStatus"
|
||||
|
||||
//signer
|
||||
#define KEY_SIGNATURE_SIGNER @"signatureSigner"
|
||||
|
||||
//signing auths
|
||||
#define KEY_SIGNATURE_AUTHORITIES @"signatureAuthorities"
|
||||
|
||||
//code signing id
|
||||
#define KEY_SIGNATURE_IDENTIFIER @"signatureIdentifier"
|
||||
|
||||
//entitlements
|
||||
#define KEY_SIGNATURE_ENTITLEMENTS @"signatureEntitlements"
|
||||
|
||||
/* TYPEDEFS */
|
||||
|
||||
//block for library
|
||||
typedef void (^ProcessCallbackBlock)(Process* _Nonnull);
|
||||
|
||||
/* OBJECT: PROCESS INFO */
|
||||
|
||||
@interface ProcInfo : NSObject
|
||||
|
||||
//init w/ flag
|
||||
// flag dictates if CPU-intensive logic (code signing, etc) should be preformed
|
||||
-(id _Nullable)init:(BOOL)goEasy;
|
||||
|
||||
//start monitoring
|
||||
-(void)start:(ProcessCallbackBlock _Nonnull )callback;
|
||||
|
||||
//stop monitoring
|
||||
-(void)stop;
|
||||
|
||||
//get list of running processes
|
||||
-(NSMutableArray* _Nonnull)currentProcesses;
|
||||
|
||||
@end
|
||||
|
||||
/* OBJECT: PROCESS */
|
||||
|
||||
@interface Process : NSObject
|
||||
|
||||
/* PROPERTIES */
|
||||
|
||||
//pid
|
||||
@property pid_t pid;
|
||||
|
||||
//ppid
|
||||
@property pid_t ppid;
|
||||
|
||||
//user id
|
||||
@property uid_t uid;
|
||||
|
||||
//type
|
||||
// used by process mon
|
||||
@property u_int16_t type;
|
||||
|
||||
//exit code
|
||||
@property u_int32_t exit;
|
||||
|
||||
//path
|
||||
@property(nonatomic, retain)NSString* _Nullable path;
|
||||
|
||||
//args
|
||||
@property(nonatomic, retain)NSMutableArray* _Nonnull arguments;
|
||||
|
||||
//ancestors
|
||||
@property(nonatomic, retain)NSMutableArray* _Nonnull ancestors;
|
||||
|
||||
//signing info
|
||||
@property(nonatomic, retain)NSMutableDictionary* _Nonnull signingInfo;
|
||||
|
||||
//Binary object
|
||||
// has path, hash, etc
|
||||
@property(nonatomic, retain)Binary* _Nonnull binary;
|
||||
|
||||
//timestamp
|
||||
@property(nonatomic, retain)NSDate* _Nonnull timestamp;
|
||||
|
||||
/* METHODS */
|
||||
|
||||
//init with a pid
|
||||
// method will then (try) fill out rest of object
|
||||
-(id _Nullable)init:(pid_t)processID;
|
||||
|
||||
//generate signing info
|
||||
// also classifies if Apple/from App Store/etc.
|
||||
-(void)generateSigningInfo:(SecCSFlags)flags;
|
||||
|
||||
//set process's path
|
||||
-(void)pathFromPid;
|
||||
|
||||
//generate list of ancestors
|
||||
-(void)enumerateAncestors;
|
||||
|
||||
//class method
|
||||
// get's parent of arbitrary process
|
||||
+(pid_t)getParentID:(pid_t)child;
|
||||
|
||||
@end
|
||||
|
||||
/* OBJECT: BINARY */
|
||||
|
||||
@interface Binary : NSObject
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
/* PROPERTIES */
|
||||
|
||||
//path
|
||||
@property(nonatomic, retain)NSString* _Nonnull path;
|
||||
|
||||
//name
|
||||
@property(nonatomic, retain)NSString* _Nonnull name;
|
||||
|
||||
//icon
|
||||
@property(nonatomic, retain)NSImage* _Nonnull icon;
|
||||
|
||||
//file attributes
|
||||
@property(nonatomic, retain)NSDictionary* _Nullable attributes;
|
||||
|
||||
//spotlight meta data
|
||||
@property(nonatomic, retain)NSDictionary* _Nullable metadata;
|
||||
|
||||
//bundle
|
||||
// nil for non-apps
|
||||
@property(nonatomic, retain)NSBundle* _Nullable bundle;
|
||||
|
||||
//signing info
|
||||
@property(nonatomic, retain)NSDictionary* _Nonnull signingInfo;
|
||||
|
||||
//hash
|
||||
@property(nonatomic, retain)NSMutableString* _Nonnull sha256;
|
||||
|
||||
//identifier
|
||||
// either signing id or sha256 hash
|
||||
@property(nonatomic, retain)NSString* _Nonnull identifier;
|
||||
|
||||
/* METHODS */
|
||||
|
||||
//init w/ a path
|
||||
-(id _Nonnull)init:(NSString* _Nonnull)path;
|
||||
|
||||
/* the following methods are rather CPU-intensive
|
||||
as such, if the proc monitoring is run with the 'goEasy' option, they aren't automatically invoked
|
||||
*/
|
||||
|
||||
//get an icon for a process
|
||||
// for apps, this will be app's icon, otherwise just a standard system one
|
||||
-(void)getIcon;
|
||||
|
||||
//generate signing info (statically)
|
||||
-(void)generateSigningInfo:(SecCSFlags)flags;
|
||||
|
||||
/* the following methods are not invoked automatically
|
||||
as such, if you code has to manually invoke them if you want this info
|
||||
*/
|
||||
|
||||
//generate hash
|
||||
// algo: sha256
|
||||
-(void)generateHash;
|
||||
|
||||
//generate id
|
||||
// either signing id, or sha256 hash
|
||||
-(void)generateIdentifier;
|
||||
|
||||
@end
|
||||
|
||||
#endif
|
||||
Reference in New Issue
Block a user