__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
/*
* eset_rtp (ESET Real-time file system protection module)
* Copyright (C) 1992-2025 ESET, spol. s r.o.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* In case of any questions, you can contact us at ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovakia.
*/
#include "ertp_event.h"
#include <linux/cred.h>
#include <linux/mnt_namespace.h>
#include <linux/nsproxy.h>
#include <linux/slab.h>
#include <linux/version.h>
#include "ertp.h"
#include "ertp_cache.h"
#include "ertp_logs.h"
#if (LINUX_VERSION_CODE > KERNEL_VERSION(5, 17, 0))
#include <linux/magic.h>
#endif
#ifndef FUSE_SUPER_MAGIC
#define FUSE_SUPER_MAGIC 0x65735546
#endif
#define ERTP_EVENT_RESULT_NOT_SET 0x80000000
#define ERTP_FD_PATH_STR_SIZE 128
#define ERTP_ID_STR_SIZE 32
static int get_unused_fd(void) { return get_unused_fd_flags(0); }
static atomic_t ertp_event_ids = ATOMIC_INIT(0);
static struct mnt_namespace *global_mnt_ns = NULL;
static struct kmem_cache *ertp_event_generic_allocator = NULL;
static struct kmem_cache *ertp_event_memory_allocator = NULL;
static struct kmem_cache *ertp_event_remove_allocator = NULL;
static int ertp_event_allocator_init(void) {
ertp_event_generic_allocator = kmem_cache_create(
"ertp_event_generic_allocator", sizeof(struct ertp_event_generic),
__alignof__(struct ertp_event_generic), SLAB_RECLAIM_ACCOUNT, NULL);
ertp_event_memory_allocator = kmem_cache_create(
"ertp_event_memory_allocator", sizeof(struct ertp_event_memory),
__alignof__(struct ertp_event_memory), SLAB_RECLAIM_ACCOUNT, NULL);
ertp_event_remove_allocator = kmem_cache_create(
"ertp_event_remove_allocator", sizeof(struct ertp_event_remove),
__alignof__(struct ertp_event_remove), SLAB_RECLAIM_ACCOUNT, NULL);
if (!ertp_event_generic_allocator || !ertp_event_memory_allocator ||
!ertp_event_remove_allocator) {
return -ENOMEM;
}
return 0;
}
static void ertp_event_allocator_deinit(void) {
if (ertp_event_generic_allocator) {
kmem_cache_destroy(ertp_event_generic_allocator);
}
if (ertp_event_memory_allocator) {
kmem_cache_destroy(ertp_event_memory_allocator);
}
if (ertp_event_remove_allocator) {
kmem_cache_destroy(ertp_event_remove_allocator);
}
}
int ertp_event_init(void) {
int err = 0;
if (current->nsproxy) {
global_mnt_ns = current->nsproxy->mnt_ns;
}
if (!global_mnt_ns) {
ertp_pr_error("could not determine global mount namespace");
}
err = ertp_path_init();
if (err) {
return err;
}
return ertp_event_allocator_init();
}
void ertp_event_deinit(void) {
ertp_event_allocator_deinit();
ertp_path_deinit();
}
static bool is_current_process_in_global_mnt_namespace(void) {
if (current->nsproxy && global_mnt_ns) {
return current->nsproxy->mnt_ns == global_mnt_ns;
}
return true;
}
struct ertp_event *ertp_event_ref(struct ertp_event *event) {
if (!event || IS_ERR(event)) return NULL;
BUG_ON(atomic_read(&event->count) == 0);
atomic_inc(&event->count);
return event;
}
void ertp_event_unref(struct ertp_event *event) {
if (!event || IS_ERR(event)) return;
BUG_ON(atomic_read(&event->count) == 0);
if (!atomic_dec_and_test(&event->count)) return;
event->destroy(event);
}
int ertp_event_get_result(struct ertp_event *event) {
int result;
spin_lock(&event->result_lock);
result = event->result;
spin_unlock(&event->result_lock);
return result;
}
void ertp_event_disable_context(struct ertp_event *event) {
event->save_context = false;
}
const char *ertp_event_type_to_str(enum ertp_event_type type) {
switch (type) {
case ERTP_EVENT_TYPE_OPEN:
return "OPEN";
case ERTP_EVENT_TYPE_CLOSE:
return "CLOSE";
case ERTP_EVENT_TYPE_EXEC:
return "EXEC";
}
return "(unknown)";
}
const char *ertp_event_class_to_str(enum ertp_event_class class) {
switch (class) {
case ERTP_EVENT_CLASS_GENERIC:
return "GENERIC";
case ERTP_EVENT_CLASS_MEMORY:
return "MEMORY";
case ERTP_EVENT_CLASS_REMOVE:
return "REMOVE";
}
return "(unknown)";
}
void ertp_event_finished(struct ertp_event *event_base, int result) {
ertp_pr_edlog("Event finished and unblocked (id: %d, result: %d)",
event_base->id, result);
spin_lock(&event_base->result_lock);
event_base->result = result;
spin_unlock(&event_base->result_lock);
complete_all(&event_base->wait_scanner);
}
void ertp_event_unblock(struct ertp_event *event_base, int result) {
ertp_pr_edlog("Event unblocked (id: %d, result: %d)", event_base->id, result);
spin_lock(&event_base->result_lock);
if (event_base->result == ERTP_EVENT_RESULT_NOT_SET) {
event_base->result = result;
}
spin_unlock(&event_base->result_lock);
complete_all(&event_base->wait_scanner);
}
static int ertp_open_event_dev_file(struct ertp_event_memory *event) {
struct file *file;
int flags;
int fd;
char str_path[ERTP_FD_PATH_STR_SIZE];
fd = get_unused_fd();
if (fd < 0) {
return fd;
}
flags = O_RDONLY;
flags |= event->flags & O_LARGEFILE;
str_path[0] = '\0';
strlcat(str_path, "/dev/", ERTP_FD_PATH_STR_SIZE);
strlcat(str_path, event->dev_info->name, ERTP_FD_PATH_STR_SIZE);
file = filp_open(str_path, flags, 0);
if (!file || IS_ERR(file)) {
ertp_pr_edlog("cannot open mem_dev file for event %d with path %s",
event->base.id, str_path);
put_unused_fd(fd);
return 1;
}
event->file = file;
event->fd = fd;
return 0;
}
static void ertp_event_flex_buffer_clear(
struct ertp_event_flex_buffer *buffer) {
buffer->data = NULL;
buffer->size = 0;
}
void ertp_event_flex_buffer_init(struct ertp_event_flex_buffer *buffer) {
ertp_event_flex_buffer_clear(buffer);
}
void ertp_event_flex_buffer_deinit(struct ertp_event_flex_buffer *buffer) {
kfree(buffer->data);
ertp_event_flex_buffer_clear(buffer);
}
static int ertp_event_flex_buffer_alloc(struct ertp_event_flex_buffer *buffer,
size_t size) {
void *buf = kzalloc(size, GFP_KERNEL);
if (unlikely(!buf)) {
return -ENOMEM;
}
if (buffer->data) {
BUG();
}
buffer->data = buf;
buffer->size = size;
return 0;
}
bool ertp_event_flex_buffer_empty(struct ertp_event_flex_buffer *buffer) {
return buffer->data == NULL || buffer->size == 0;
}
static void ertp_path_serialize(const struct ertp_path *path,
struct eset_rtp_flexible_member *flex,
struct ertp_event_flex_buffer *buffer,
size_t *offset) {
size_t off = *offset;
if (unlikely(!path->ptr)) {
BUG();
}
if (unlikely(off >= buffer->size)) {
BUG();
}
if (unlikely(path->size > buffer->size - off)) {
BUG();
}
memcpy(buffer->data + off, path->ptr, path->size);
flex->offset = (uint32_t)off;
flex->size = (uint32_t)path->size;
*offset = off + path->size;
}
static size_t ertp_event_generic_flex_members_size(
const struct ertp_event *event_base) {
struct ertp_event_generic *event = ERTP_EVENT_GENERIC(event_base);
return event->file_path->size + event->process_path->size;
}
static int ertp_event_generic_serialize(
struct ertp_event *event_base, struct eset_rtp_event *buf,
struct ertp_event_flex_buffer *flex_buffer) {
int err = 0;
struct ertp_event_generic *event = ERTP_EVENT_GENERIC(event_base);
struct eset_rtp_event_generic *event_buffer = &buf->data.generic;
size_t offset = 0;
int fd;
ertp_pr_edlog(
"GENERIC event serialize (id: %d, type: %s, prio: %s, deadline: %s [%s])",
event_base->id, ertp_event_type_to_str(event->type),
ertp_qos_event_data_debug_get_prio_str(&event_base->qos_data),
ertp_qos_event_data_is_after_deadline(&event_base->qos_data) ? "yes"
: "no",
ertp_qos_event_data_debug_get_type_str(&event_base->qos_data));
switch (event->type) {
case ERTP_EVENT_TYPE_OPEN:
buf->type = ERTP_TYPE_OPEN_EVENT;
break;
case ERTP_EVENT_TYPE_CLOSE:
buf->type = ERTP_TYPE_CLOSE_EVENT;
break;
case ERTP_EVENT_TYPE_EXEC:
buf->type = ERTP_TYPE_EXEC_EVENT;
break;
default:
BUG();
}
err = ertp_event_flex_buffer_alloc(
flex_buffer, ertp_event_generic_flex_members_size(event_base));
if (err) {
ertp_pr_edlog("cannot alloc flex buffer for event %d with path %s",
event->base.id, event->file_path->ptr);
goto error;
}
ertp_path_serialize(event->file_path, &event_buffer->file_path, flex_buffer,
&offset);
ertp_path_serialize(event->process_path, &event_buffer->process_path,
flex_buffer, &offset);
fd = get_unused_fd();
if (fd < 0) {
ertp_pr_edlog(
"cannot install file descriptor into user space for event %d with path "
"%s",
event->base.id, event->file_path->ptr);
goto error;
}
fd_install(fd, event->file);
event->file = NULL;
buf->data.generic.id = event_base->id;
buf->data.generic.fd = fd;
buf->data.generic.pid = event->pid;
buf->data.generic.uid = event->uid.val;
buf->data.generic.gid = event->gid.val;
buf->data.generic.file_id = event->ino;
buf->data.generic.device_number = event->dev;
buf->data.generic.under_fuse = event->under_fuse;
buf->data.generic.mnt_namespace = event->mnt_namespace;
buf->data.generic.file_size = event->file_size;
buf->data.generic.ctime.tv_sec = event->ctime.tv_sec;
buf->data.generic.ctime.tv_nsec = event->ctime.tv_nsec;
buf->data.generic.mtime.tv_sec = event->mtime.tv_sec;
buf->data.generic.mtime.tv_nsec = event->mtime.tv_nsec;
buf->data.generic.mode = event->mode;
buf->data.generic.flags = event->modified ? ERTP_EVENT_FLAG_MODIFIED : 0;
return 0;
error:
return err;
}
static size_t ertp_event_memory_flex_members_size(
const struct ertp_event *event_base) {
struct ertp_event_memory *event = ERTP_EVENT_MEMORY(event_base);
return event->process_path->size;
}
static int ertp_event_memory_serialize(
struct ertp_event *event_base, struct eset_rtp_event *buf,
struct ertp_event_flex_buffer *flex_buffer) {
int err = 0;
struct ertp_event_memory *event = ERTP_EVENT_MEMORY(event_base);
struct eset_rtp_event_memory *event_buffer = &buf->data.memory;
size_t offset = 0;
ertp_pr_edlog(
"MEMORY event serialize (id: %d, type: %s, prio: %s, deadline: %s [%s])",
event_base->id, ertp_event_type_to_str(event->type),
ertp_qos_event_data_debug_get_prio_str(&event_base->qos_data),
ertp_qos_event_data_is_after_deadline(&event_base->qos_data) ? "yes"
: "no",
ertp_qos_event_data_debug_get_type_str(&event_base->qos_data));
switch (event->type) {
case ERTP_EVENT_TYPE_EXEC:
buf->type = ERTP_TYPE_MEMORY_EXEC_EVENT;
break;
default:
BUG();
}
err = ertp_event_flex_buffer_alloc(
flex_buffer, ertp_event_memory_flex_members_size(event_base));
if (err) {
goto error;
}
ertp_path_serialize(event->process_path, &event_buffer->process_path,
flex_buffer, &offset);
err = ertp_open_event_dev_file(event);
if (unlikely(err)) {
ertp_pr_edlog("cannot open mem file for event (id: %d, errno: %d)",
event_base->id, err);
goto error;
}
fd_install(event->fd, event->file);
buf->data.memory.id = event_base->id;
buf->data.memory.fd = event->fd;
buf->data.memory.pid = event->pid;
buf->data.memory.uid = event->uid.val;
buf->data.memory.gid = event->gid.val;
buf->data.memory.file_size = event->size;
return 0;
error:
return err;
}
static size_t ertp_event_remove_flex_members_size(
const struct ertp_event *event_base) {
return 0;
}
static int ertp_event_remove_serialize(
struct ertp_event *event_base, struct eset_rtp_event *buf,
struct ertp_event_flex_buffer *flex_buffer) {
struct ertp_event_remove *event = ERTP_EVENT_REMOVE(event_base);
ertp_pr_edlog("REMOVE event serialize (id: %d, prio: %s, deadline: %s [%s])",
event_base->id,
ertp_qos_event_data_debug_get_prio_str(&event_base->qos_data),
ertp_qos_event_data_is_after_deadline(&event_base->qos_data)
? "yes"
: "no",
ertp_qos_event_data_debug_get_type_str(&event_base->qos_data));
buf->type = ERTP_TYPE_REMOVE_EVENT;
buf->data.remove.id = event_base->id;
buf->data.remove.file_id = event->ino;
buf->data.remove.device_number = event->dev;
return 0;
}
static void ertp_event_generic_free(struct ertp_event *event_base) {
struct ertp_event_generic *event = ERTP_EVENT_GENERIC(event_base);
path_put(&event->path);
ertp_path_unref(event->file_path);
ertp_path_unref(event->process_path);
if (event->file) {
fput(event->file);
}
kmem_cache_free(ertp_event_generic_allocator, event);
}
static void ertp_event_memory_free(struct ertp_event *event_base) {
struct ertp_event_memory *event = ERTP_EVENT_MEMORY(event_base);
ertp_path_unref(event->process_path);
kmem_cache_free(ertp_event_memory_allocator, event);
}
static void ertp_event_remove_free(struct ertp_event *event_base) {
struct ertp_event_remove *event = ERTP_EVENT_REMOVE(event_base);
kmem_cache_free(ertp_event_remove_allocator, event);
}
static inline void ertp_event_base_init(struct ertp_event *event) {
ertp_heap_node_init(&event->node);
atomic_set(&event->count, 1);
event->id = atomic_inc_return(&ertp_event_ids);
init_completion(&event->wait_qos);
init_completion(&event->wait_scanner);
event->result = ERTP_EVENT_RESULT_NOT_SET;
spin_lock_init(&event->result_lock);
event->save_context = true;
ertp_event_stats_init(&event->stats);
if (unlikely(!event->destroy || !event->serialize ||
!event->flex_members_size)) {
BUG();
}
}
static inline enum ertp_qos_event_type get_qos_type_for_generic_event(
enum ertp_event_type type, unsigned int flags) {
if (type == ERTP_EVENT_TYPE_EXEC) {
return ERTP_QOS_EVENT_TYPE_READ;
}
return ((flags & O_ACCMODE) == O_RDONLY) ? ERTP_QOS_EVENT_TYPE_READ
: ERTP_QOS_EVENT_TYPE_WRITE;
}
static struct file *open_file_for_scanner(const struct file *file,
const char *path) {
struct file *file_for_scanner;
int flags;
flags = O_RDONLY;
flags |= file->f_flags & O_LARGEFILE;
file_for_scanner = ertp_dentry_open(&file->f_path, flags);
if (IS_ERR(file_for_scanner) && !d_unlinked(file->f_path.dentry)) {
file_for_scanner = filp_open(path, flags, 0);
}
return file_for_scanner;
}
struct ertp_event *ertp_event_generic_new(
const struct ertp_event_generic_info *params) {
struct file *file = NULL;
int ret_val = -ENODATA;
struct ertp_event *event_base;
struct ertp_event_generic *event =
kmem_cache_zalloc(ertp_event_generic_allocator, GFP_KERNEL);
if (unlikely(!event)) {
return ERR_PTR(-ENOMEM);
}
if (unlikely(params->signal_handler == ERTP_SIGNAL_HANDLER_UNINITIALIZED)) {
ertp_pr_error("signal handler is not initialized");
BUG();
}
if (unlikely(!ertp_get_inode(params->file))) {
ertp_pr_edlog("cannot create generic event for file %s: inode not found",
params->file_path->ptr);
goto error;
}
file = open_file_for_scanner(params->file, params->file_path->ptr);
if (unlikely(IS_ERR(file))) {
ertp_pr_edlog(
"cannot create generic event for file %s: file opening failed with "
"error %ld)",
params->file_path->ptr, PTR_ERR(file));
ret_val = PTR_ERR(file);
goto error;
}
event_base = ERTP_EVENT(event);
event_base->class = ERTP_EVENT_CLASS_GENERIC;
event_base->qos_data.type =
get_qos_type_for_generic_event(params->type, params->file->f_flags);
event_base->destroy = &ertp_event_generic_free;
event_base->serialize = &ertp_event_generic_serialize;
event_base->flex_members_size = &ertp_event_generic_flex_members_size;
event_base->signal_handler = params->signal_handler;
ertp_event_base_init(event_base);
event->type = params->type;
event->modified = params->modified;
event->file = file;
path_get(¶ms->file->f_path);
event->path = params->file->f_path;
event->under_fuse = (ertp_get_sb_magic(params->file) == FUSE_SUPER_MAGIC);
event->file_path = ertp_path_ref(params->file_path);
current_uid_gid(&event->uid, &event->gid);
event->pid = current->tgid;
event->process_path = ertp_path_ref(params->process_path);
event->mnt_namespace = !is_current_process_in_global_mnt_namespace();
event->ino = params->attr_info.ino;
event->dev = new_encode_dev(params->attr_info.dev);
event->file_size = params->attr_info.size;
event->ctime = params->attr_info.ctime;
event->mtime = params->attr_info.mtime;
event->mode = params->attr_info.mode;
ertp_pr_edlog(
"GENERIC event created (id: %d, type: %s, ino: %lld, dev: %lld, size: "
"%llub, fuse: %d, mnt_ns: %d, file: %s, process: %s)",
event_base->id, ertp_event_type_to_str(event->type), event->ino,
event->dev, event->file_size, event->under_fuse, event->mnt_namespace,
event->file_path->ptr, event->process_path->ptr);
return event_base;
error:
kmem_cache_free(ertp_event_generic_allocator, event);
return ERR_PTR(ret_val);
}
struct ertp_event *ertp_event_memory_new(
const struct ertp_event_memory_info *params, unsigned int timeout) {
struct ertp_event *event_base;
struct ertp_event_memory *event;
char id_str[ERTP_ID_STR_SIZE];
int ret_val = -ENODATA;
event = kmem_cache_zalloc(ertp_event_memory_allocator, GFP_KERNEL);
if (unlikely(!event)) {
return ERR_PTR(-ENOMEM);
}
if (unlikely(params->signal_handler == ERTP_SIGNAL_HANDLER_UNINITIALIZED)) {
ertp_pr_error("signal handler is not initialized");
BUG();
}
event_base = ERTP_EVENT(event);
event_base->class = ERTP_EVENT_CLASS_MEMORY;
event_base->qos_data.type = ERTP_QOS_EVENT_TYPE_READ;
event_base->destroy = &ertp_event_memory_free;
event_base->serialize = &ertp_event_memory_serialize;
event_base->flex_members_size = &ertp_event_memory_flex_members_size;
event_base->signal_handler = params->signal_handler;
ertp_event_base_init(event_base);
snprintf(id_str, ERTP_ID_STR_SIZE, "%d", event_base->id);
ret_val = ertp_mem_dev_create(id_str, event, timeout);
if (ret_val) {
goto error;
}
event->type = params->type;
current_uid_gid(&event->uid, &event->gid);
event->pid = current->tgid;
event->process_path = ertp_path_ref(params->process_path);
event->size = params->size;
event->memory = params->memory_to_scan;
ertp_pr_edlog(
"MEMORY event created (id: %d, type: %s, size: %lu, mem_dev file: %s, "
"process: %s)",
event_base->id, ertp_event_type_to_str(event->type), event->size,
event->dev_info->name, event->process_path->ptr);
return event_base;
error:
kmem_cache_free(ertp_event_memory_allocator, event);
return ERR_PTR(ret_val);
}
struct ertp_event *ertp_event_remove_new(
const struct ertp_event_remove_info *params) {
struct ertp_event *event_base;
struct ertp_event_remove *event;
struct kstat stat;
int ret_attr;
if (unlikely(!params->path)) {
ertp_pr_edlog("cannot create remove event: invalid path");
return ERR_PTR(-EINVAL);
}
if (unlikely(params->signal_handler == ERTP_SIGNAL_HANDLER_UNINITIALIZED)) {
ertp_pr_error("signal handler is not initialized");
BUG();
}
ret_attr = vfs_getattr_nosec(params->path, &stat, STATX_BASIC_STATS, 0);
if (ret_attr != 0) {
ertp_pr_edlog("cannot create remove event: getattr failed with error %d",
ret_attr);
return ERR_PTR(ret_attr);
}
event = kmem_cache_zalloc(ertp_event_remove_allocator, GFP_KERNEL);
if (!event) {
return ERR_PTR(-ENOMEM);
}
event_base = ERTP_EVENT(event);
event_base->class = ERTP_EVENT_CLASS_REMOVE;
event_base->qos_data.type = ERTP_QOS_EVENT_TYPE_WRITE;
event_base->destroy = &ertp_event_remove_free;
event_base->serialize = &ertp_event_remove_serialize;
event_base->flex_members_size = &ertp_event_remove_flex_members_size;
event_base->signal_handler = params->signal_handler;
ertp_event_base_init(event_base);
event->ino = stat.ino;
event->dev = new_encode_dev(stat.dev);
ertp_pr_edlog(
"REMOVE event created (id: %d, ino: %llu, dev: %llu, file: %s, process: "
"%s)",
event_base->id, event->ino, event->dev, params->file_path->ptr,
params->process_path->ptr);
return event_base;
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| .ertp_array.o.cmd | File | 67.01 KB | 0644 |
|
| .ertp_cache.o.cmd | File | 62.05 KB | 0644 |
|
| .ertp_cache_container.o.cmd | File | 51.03 KB | 0644 |
|
| .ertp_debug.o.cmd | File | 61.29 KB | 0644 |
|
| .ertp_dev.o.cmd | File | 70.46 KB | 0644 |
|
| .ertp_event.o.cmd | File | 62.23 KB | 0644 |
|
| .ertp_event_check.o.cmd | File | 62.68 KB | 0644 |
|
| .ertp_excludes.o.cmd | File | 50.98 KB | 0644 |
|
| .ertp_ftrace_hook.o.cmd | File | 88.2 KB | 0644 |
|
| .ertp_ftrace_utils.o.cmd | File | 75.37 KB | 0644 |
|
| .ertp_handlers.o.cmd | File | 88.06 KB | 0644 |
|
| .ertp_handlers_close.o.cmd | File | 88.18 KB | 0644 |
|
| .ertp_handlers_execve.o.cmd | File | 88.54 KB | 0644 |
|
| .ertp_handlers_exit.o.cmd | File | 88.51 KB | 0644 |
|
| .ertp_handlers_mmap.o.cmd | File | 88.69 KB | 0644 |
|
| .ertp_handlers_module.o.cmd | File | 88.39 KB | 0644 |
|
| .ertp_handlers_open.o.cmd | File | 88.58 KB | 0644 |
|
| .ertp_handlers_rename.o.cmd | File | 88.54 KB | 0644 |
|
| .ertp_handlers_unlink.o.cmd | File | 88.54 KB | 0644 |
|
| .ertp_heap.o.cmd | File | 67 KB | 0644 |
|
| .ertp_logs.o.cmd | File | 15.1 KB | 0644 |
|
| .ertp_memory_dev.o.cmd | File | 70.16 KB | 0644 |
|
| .ertp_mod.o.cmd | File | 88.99 KB | 0644 |
|
| .ertp_path.o.cmd | File | 65.63 KB | 0644 |
|
| .ertp_qos.o.cmd | File | 67.84 KB | 0644 |
|
| .ertp_qos_event_data.o.cmd | File | 61.74 KB | 0644 |
|
| .ertp_qos_queue.o.cmd | File | 61.73 KB | 0644 |
|
| .ertp_stats.o.cmd | File | 61.66 KB | 0644 |
|
| .ertp_sysfs.o.cmd | File | 68.08 KB | 0644 |
|
| .eset_rtp.ko.cmd | File | 256 B | 0644 |
|
| .eset_rtp.mod.cmd | File | 612 B | 0644 |
|
| .eset_rtp.mod.o.cmd | File | 67.08 KB | 0644 |
|
| .eset_rtp.o.cmd | File | 139 B | 0644 |
|
| .modules.order.cmd | File | 95 B | 0644 |
|
| Makefile | File | 1.44 KB | 0644 |
|
| ertp.h | File | 2.24 KB | 0644 |
|
| ertp_array.c | File | 4.44 KB | 0644 |
|
| ertp_array.h | File | 2.02 KB | 0644 |
|
| ertp_array.o | File | 37.93 KB | 0644 |
|
| ertp_cache.c | File | 6.42 KB | 0644 |
|
| ertp_cache.h | File | 1.51 KB | 0644 |
|
| ertp_cache.o | File | 152.7 KB | 0644 |
|
| ertp_cache_container.c | File | 4.91 KB | 0644 |
|
| ertp_cache_container.h | File | 1.84 KB | 0644 |
|
| ertp_cache_container.o | File | 38.19 KB | 0644 |
|
| ertp_debug.c | File | 1.32 KB | 0644 |
|
| ertp_debug.h | File | 1.25 KB | 0644 |
|
| ertp_debug.o | File | 14.66 KB | 0644 |
|
| ertp_dev.c | File | 13.64 KB | 0644 |
|
| ertp_dev.o | File | 245.34 KB | 0644 |
|
| ertp_event.c | File | 20.85 KB | 0644 |
|
| ertp_event.h | File | 4.98 KB | 0644 |
|
| ertp_event.o | File | 258.2 KB | 0644 |
|
| ertp_event_check.c | File | 8.15 KB | 0644 |
|
| ertp_event_check.h | File | 1.92 KB | 0644 |
|
| ertp_event_check.o | File | 157.53 KB | 0644 |
|
| ertp_excludes.c | File | 6.42 KB | 0644 |
|
| ertp_excludes.h | File | 1.48 KB | 0644 |
|
| ertp_excludes.o | File | 56.93 KB | 0644 |
|
| ertp_ftrace_hook.c | File | 4.54 KB | 0644 |
|
| ertp_ftrace_hook.h | File | 1.37 KB | 0644 |
|
| ertp_ftrace_hook.o | File | 50.73 KB | 0644 |
|
| ertp_ftrace_utils.c | File | 1.7 KB | 0644 |
|
| ertp_ftrace_utils.h | File | 1.63 KB | 0644 |
|
| ertp_ftrace_utils.o | File | 17.97 KB | 0644 |
|
| ertp_handlers.c | File | 7.86 KB | 0644 |
|
| ertp_handlers.h | File | 1.21 KB | 0644 |
|
| ertp_handlers.o | File | 44.59 KB | 0644 |
|
| ertp_handlers_close.c | File | 3.08 KB | 0644 |
|
| ertp_handlers_close.h | File | 1.72 KB | 0644 |
|
| ertp_handlers_close.o | File | 292.04 KB | 0644 |
|
| ertp_handlers_execve.c | File | 4.37 KB | 0644 |
|
| ertp_handlers_execve.h | File | 1.75 KB | 0644 |
|
| ertp_handlers_execve.o | File | 299.2 KB | 0644 |
|
| ertp_handlers_exit.c | File | 1.97 KB | 0644 |
|
| ertp_handlers_exit.h | File | 1.49 KB | 0644 |
|
| ertp_handlers_exit.o | File | 284.45 KB | 0644 |
|
| ertp_handlers_mmap.c | File | 1.92 KB | 0644 |
|
| ertp_handlers_mmap.h | File | 1.11 KB | 0644 |
|
| ertp_handlers_mmap.o | File | 280.8 KB | 0644 |
|
| ertp_handlers_module.c | File | 4.2 KB | 0644 |
|
| ertp_handlers_module.h | File | 1.53 KB | 0644 |
|
| ertp_handlers_module.o | File | 295.03 KB | 0644 |
|
| ertp_handlers_open.c | File | 3.77 KB | 0644 |
|
| ertp_handlers_open.h | File | 1.72 KB | 0644 |
|
| ertp_handlers_open.o | File | 291.44 KB | 0644 |
|
| ertp_handlers_rename.c | File | 5.14 KB | 0644 |
|
| ertp_handlers_rename.h | File | 1.75 KB | 0644 |
|
| ertp_handlers_rename.o | File | 292.21 KB | 0644 |
|
| ertp_handlers_unlink.c | File | 3.47 KB | 0644 |
|
| ertp_handlers_unlink.h | File | 1.49 KB | 0644 |
|
| ertp_handlers_unlink.o | File | 287.87 KB | 0644 |
|
| ertp_heap.c | File | 9.87 KB | 0644 |
|
| ertp_heap.h | File | 2.04 KB | 0644 |
|
| ertp_heap.o | File | 30 KB | 0644 |
|
| ertp_logs.c | File | 1.14 KB | 0644 |
|
| ertp_logs.h | File | 2.59 KB | 0644 |
|
| ertp_logs.o | File | 10.13 KB | 0644 |
|
| ertp_memory_dev.c | File | 8.34 KB | 0644 |
|
| ertp_memory_dev.h | File | 1.33 KB | 0644 |
|
| ertp_memory_dev.o | File | 224.05 KB | 0644 |
|
| ertp_mod.c | File | 3.18 KB | 0644 |
|
| ertp_mod.o | File | 28.85 KB | 0644 |
|
| ertp_path.c | File | 4.38 KB | 0644 |
|
| ertp_path.h | File | 1.31 KB | 0644 |
|
| ertp_path.o | File | 185.7 KB | 0644 |
|
| ertp_qos.c | File | 17.06 KB | 0644 |
|
| ertp_qos.h | File | 2.18 KB | 0644 |
|
| ertp_qos.o | File | 254.39 KB | 0644 |
|
| ertp_qos_event_data.c | File | 2.41 KB | 0644 |
|
| ertp_qos_event_data.h | File | 1.61 KB | 0644 |
|
| ertp_qos_event_data.o | File | 129.95 KB | 0644 |
|
| ertp_qos_queue.c | File | 4.32 KB | 0644 |
|
| ertp_qos_queue.h | File | 1.98 KB | 0644 |
|
| ertp_qos_queue.o | File | 34.61 KB | 0644 |
|
| ertp_stats.c | File | 8.53 KB | 0644 |
|
| ertp_stats.h | File | 1.53 KB | 0644 |
|
| ertp_stats.o | File | 46.95 KB | 0644 |
|
| ertp_sysfs.c | File | 5.51 KB | 0644 |
|
| ertp_sysfs.o | File | 185.59 KB | 0644 |
|
| ertp_types.h | File | 1.15 KB | 0644 |
|
| eset_rtp.h | File | 4.2 KB | 0644 |
|
| eset_rtp.ko | File | 4.46 MB | 0644 |
|
| eset_rtp.mod | File | 755 B | 0644 |
|
| eset_rtp.mod.c | File | 8.4 KB | 0644 |
|
| eset_rtp.mod.o | File | 159.15 KB | 0644 |
|
| eset_rtp.o | File | 4.29 MB | 0644 |
|
| eset_rtp_sysfs.h | File | 1.26 KB | 0644 |
|
| modules.order | File | 20 B | 0644 |
|