__  __    __   __  _____      _            _          _____ _          _ _ 
 |  \/  |   \ \ / / |  __ \    (_)          | |        / ____| |        | | |
 | \  / |_ __\ V /  | |__) | __ ___   ____ _| |_ ___  | (___ | |__   ___| | |
 | |\/| | '__|> <   |  ___/ '__| \ \ / / _` | __/ _ \  \___ \| '_ \ / _ \ | |
 | |  | | |_ / . \  | |   | |  | |\ V / (_| | ||  __/  ____) | | | |  __/ | |
 |_|  |_|_(_)_/ \_\ |_|   |_|  |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
 if you need WebShell for Seo everyday contact me on Telegram
 Telegram Address : @jackleet
        
        

            For_More_Tools:
            
                Telegram: @jackleet | Bulk Smtp support mail sender  | Business Mail Collector  |  Mail Bouncer All Mail | Bulk Office Mail Validator | Html Letter private

Upload:

Command:

[email protected]: ~ $ 
/*
 * eset_wap (ESET Web Access Protection module)
 * Copyright (C) 1992-2025 ESET, spol. s r.o.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * In case of any questions, you can contact us at ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovakia.
 */

#include "ewap_ftrace.h"

#include <linux/compiler.h>
#include <linux/kallsyms.h>
#include <linux/kernel.h>
#include <linux/kprobes.h>
#include <linux/version.h>

#include "ewap_helpers.h"

static unsigned long ewap_lookup_address(const char *symbol_name)
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
{
  struct kprobe probe = {.symbol_name = symbol_name};
  unsigned long ret;
  int kprobe_ret;

  ewap_pr_log(EWAP_LOG_HOOKS,
              "looking up address of symbol %s (through kprobes)", symbol_name);

  kprobe_ret = register_kprobe(&probe);
  if (unlikely(kprobe_ret < 0)) {
    ewap_pr_log(EWAP_LOG_ERRORS, "address lookup failed with return: %d",
                kprobe_ret);
    return 0;
  }

  ewap_pr_log(EWAP_LOG_HOOKS, "address lookup succeeded");

  ret = (unsigned long)probe.addr;
  unregister_kprobe(&probe);
  return ret;
}
#else
{
  unsigned long ret;

  ewap_pr_log(EWAP_LOG_HOOKS,
              "looking up address of symbol %s (through kallsyms_lookup_name)",
              symbol_name);

  ret = kallsyms_lookup_name(symbol_name);
  if (unlikely(ret == 0)) {
    ewap_pr_log(EWAP_LOG_ERRORS, "address lookup failed");
  }

  ewap_pr_log(EWAP_LOG_HOOKS, "address lookup succeeded");

  return ret;
}
#endif
static int resolve_hook_address(struct ewap_ftrace_hook *hook) {
  hook->address = ewap_lookup_address(hook->name);
  if (unlikely(!hook->address)) {
    ewap_pr_log(EWAP_LOG_ERRORS, "unresolved symbol: %s\n", hook->name);
    return -ENOENT;
  }

  *((unsigned long *)hook->original) = hook->address + MCOUNT_INSN_SIZE;
  ewap_pr_log(EWAP_LOG_HOOKS, "addr 0x%08lx", hook->address);
  ewap_pr_log(EWAP_LOG_HOOKS, "orig 0x%08lx",
              *((unsigned long *)hook->original));

  return 0;
}

#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0))
#define ewap_ftrace_regs_t struct ftrace_regs
#define EWAP_GET_PT_REGS(fregs) ftrace_get_regs(fregs)
#else
#define ewap_ftrace_regs_t struct pt_regs
#define EWAP_GET_PT_REGS(fregs) (fregs)
#endif

static void notrace ewap_ftrace_thunk(unsigned long ip, unsigned long parent_ip,
                                      struct ftrace_ops *ops,
                                      ewap_ftrace_regs_t *fregs) {
  struct pt_regs *regs = EWAP_GET_PT_REGS(fregs);
  struct ewap_ftrace_hook *hook =
      container_of(ops, struct ewap_ftrace_hook, ops);

  regs->ip = (unsigned long)hook->handler;
}

#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0))
#define EWAP_FTRACE_FLAGS                             \
  (FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY | \
   FTRACE_OPS_FL_RECURSION_SAFE)
#else
#define EWAP_FTRACE_FLAGS (FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY)
#endif

int ewap_ftrace_register(struct ewap_ftrace_hook *hook) {
  int err;

  err = resolve_hook_address(hook);
  if (unlikely(err)) {
    return err;
  }

  hook->ops.func = ewap_ftrace_thunk;
  hook->ops.flags = EWAP_FTRACE_FLAGS;

  err = ftrace_set_filter_ip(&hook->ops, hook->address, 0, 0);
  if (err) {
    ewap_pr_log(EWAP_LOG_ERRORS, "ftrace_set_filter_ip() for %s failed: %d\n",
                hook->name, err);
    return err;
  }

  err = register_ftrace_function(&hook->ops);
  if (err) {
    ewap_pr_log(EWAP_LOG_ERRORS,
                "register_ftrace_function() for %s failed: %d\n", hook->name,
                err);
    ftrace_set_filter_ip(&hook->ops, hook->address, 1, 0);
    return err;
  }

  ewap_pr_log(EWAP_LOG_HOOKS, "registered ftrace hook for %s", hook->name);

  return 0;
}

void ewap_ftrace_unregister(struct ewap_ftrace_hook *hook) {
  int err;

  err = unregister_ftrace_function(&hook->ops);
  if (err) {
    ewap_pr_log(EWAP_LOG_ERRORS,
                "unregister_ftrace_function() for %s failed: %d\n", hook->name,
                err);
  }

  err = ftrace_set_filter_ip(&hook->ops, hook->address, 1, 0);
  if (err) {
    ewap_pr_log(EWAP_LOG_ERRORS, "ftrace_set_filter_ip() for %s failed: %d\n",
                hook->name, err);
  }
}

Filemanager

DIR : / var/ opt/ eset/ efs/ ewap/ eset_wap/
Name Type Size Permission Actions
.eset_wap.ko.cmd File 256 B 0644
.eset_wap.mod.cmd File 249 B 0644
.eset_wap.mod.o.cmd File 67.08 KB 0644
.eset_wap.o.cmd File 139 B 0644
.ewap_connect_data.o.cmd File 96.69 KB 0644
.ewap_dev.o.cmd File 96.57 KB 0644
.ewap_ftrace.o.cmd File 75.29 KB 0644
.ewap_mod.o.cmd File 96.6 KB 0644
.ewap_path.o.cmd File 65.26 KB 0644
.ewap_pid_map.o.cmd File 50.9 KB 0644
.ewap_probes.o.cmd File 105.74 KB 0644
.ewap_tcp_map.o.cmd File 96.57 KB 0644
.ewap_tracepoints.o.cmd File 70.71 KB 0644
.modules.order.cmd File 95 B 0644
Makefile File 1020 B 0644
eset_wap.h File 1.87 KB 0644
eset_wap.ko File 1.83 MB 0644
eset_wap.mod File 212 B 0644
eset_wap.mod.c File 4.51 KB 0644
eset_wap.mod.o File 154.31 KB 0644
eset_wap.o File 1.67 MB 0644
ewap_connect_data.c File 13.81 KB 0644
ewap_connect_data.h File 1.71 KB 0644
ewap_connect_data.o File 430.97 KB 0644
ewap_dev.c File 5.8 KB 0644
ewap_dev.h File 975 B 0644
ewap_dev.o File 404.02 KB 0644
ewap_ftrace.c File 4.7 KB 0644
ewap_ftrace.h File 1.18 KB 0644
ewap_ftrace.o File 24.3 KB 0644
ewap_helpers.h File 2.34 KB 0644
ewap_mod.c File 2.22 KB 0644
ewap_mod.o File 20.96 KB 0644
ewap_path.c File 3.4 KB 0644
ewap_path.h File 1.25 KB 0644
ewap_path.o File 170.65 KB 0644
ewap_pid_map.c File 4.41 KB 0644
ewap_pid_map.h File 1.7 KB 0644
ewap_pid_map.o File 39.04 KB 0644
ewap_probes.c File 5.89 KB 0644
ewap_probes.h File 987 B 0644
ewap_probes.o File 452.57 KB 0644
ewap_tcp_map.c File 6.28 KB 0644
ewap_tcp_map.h File 2.09 KB 0644
ewap_tcp_map.o File 49.36 KB 0644
ewap_tracepoints.c File 1.87 KB 0644
ewap_tracepoints.h File 1.18 KB 0644
ewap_tracepoints.o File 150.1 KB 0644
modules.order File 20 B 0644

Copyright reserved © 2026 xtooler.online Shell Coded By Mr.X

Filemanager