diff options
author | We-unite <3205135446@qq.com> | 2024-09-02 16:45:07 +0800 |
---|---|---|
committer | We-unite <3205135446@qq.com> | 2024-09-02 16:45:07 +0800 |
commit | 08207d77be79afc6f75d1611726b92bdf622717f (patch) | |
tree | 918991217807ff18025b998407b87bcd31d4ddc3 /listener/basefunc.go | |
parent | f9f8f35ccd8b505a827d40f95c52ed039512b79d (diff) | |
download | godo-08207d77be79afc6f75d1611726b92bdf622717f.tar.gz godo-08207d77be79afc6f75d1611726b92bdf622717f.zip |
In the listener, I change the order coroutines are started to avoid
'send on a closed channel'. Besides, the method to get syscall names
and numbers are not so universial, so let's go back to check unistd.h.
In the filter, the output is set to be written to ./log dir. Pid tree
are shown in logs/tree.log, and detail info in pids.log, while file info
in the logs/files.log. tree.log shows a tree just like `tree` command,
the other two files are written in json.
What's more, the flags while opening files are also checked ans showed
in files.log.
Diffstat (limited to '')
-rw-r--r-- | listener/basefunc.go | 54 |
1 files changed, 30 insertions, 24 deletions
diff --git a/listener/basefunc.go b/listener/basefunc.go index 2f39507..dcaf68a 100644 --- a/listener/basefunc.go +++ b/listener/basefunc.go | |||
@@ -4,46 +4,52 @@ import ( | |||
4 | "bufio" | 4 | "bufio" |
5 | "fmt" | 5 | "fmt" |
6 | "os" | 6 | "os" |
7 | "os/exec" | ||
8 | "path/filepath" | 7 | "path/filepath" |
8 | "regexp" | ||
9 | "strconv" | 9 | "strconv" |
10 | "strings" | 10 | "strings" |
11 | "time" | 11 | "time" |
12 | ) | 12 | ) |
13 | 13 | ||
14 | func figureOutSyscalls() error { | 14 | func figureOutSyscalls() error { |
15 | cmd := exec.Command("ausyscall", "--dump") | 15 | var targetFile string |
16 | stdout, err := cmd.StdoutPipe() | 16 | err := filepath.Walk("/usr/include", func(path string, info os.FileInfo, err error) error { |
17 | if err != nil { | ||
18 | return err | ||
19 | } | ||
20 | if strings.HasSuffix(path, "asm/unistd_64.h") { | ||
21 | targetFile = path | ||
22 | return filepath.SkipDir // 找到后提前退出遍历 | ||
23 | } | ||
24 | return nil | ||
25 | }) | ||
17 | if err != nil { | 26 | if err != nil { |
18 | return err | 27 | return err |
19 | } | 28 | } |
20 | 29 | ||
21 | if err := cmd.Start(); err != nil { | 30 | // 如果没有找到目标文件 |
31 | if targetFile == "" { | ||
32 | return fmt.Errorf("file asm/unistd_64.h not found in /usr/include") | ||
33 | } | ||
34 | |||
35 | NRRegex := regexp.MustCompile(`#define __NR_(.*?) (\d+)$`) | ||
36 | file, err := os.Open("/usr/include/asm/unistd_64.h") | ||
37 | if err != nil { | ||
22 | return err | 38 | return err |
23 | } | 39 | } |
40 | defer file.Close() | ||
24 | 41 | ||
25 | scanner := bufio.NewScanner(stdout) | 42 | scanner := bufio.NewScanner(file) |
26 | for i := 0; scanner.Scan(); i++ { | 43 | for scanner.Scan() { |
27 | if i == 0 { | ||
28 | continue | ||
29 | } | ||
30 | line := scanner.Text() | 44 | line := scanner.Text() |
31 | parts := strings.Split(line, "\t") | 45 | if NRRegex.MatchString(line) { |
32 | if len(parts) != 2 { | 46 | match := NRRegex.FindStringSubmatch(line) |
33 | return fmt.Errorf("invalid ausyscall format") | 47 | num, err := strconv.Atoi(match[2]) |
48 | if err != nil { | ||
49 | return err | ||
50 | } | ||
51 | syscallTable[num] = match[1] | ||
34 | } | 52 | } |
35 | num, err := strconv.Atoi(parts[0]) | ||
36 | if err != nil { | ||
37 | return err | ||
38 | } | ||
39 | syscallTable[num] = parts[1] | ||
40 | } | ||
41 | |||
42 | if err := scanner.Err(); err != nil { | ||
43 | return err | ||
44 | } | ||
45 | if err := cmd.Wait(); err != nil { | ||
46 | return err | ||
47 | } | 53 | } |
48 | return nil | 54 | return nil |
49 | } | 55 | } |