1 files changed, 129 insertions, 0 deletions
diff --git a/listener/basefunc.go b/listener/basefunc.go
new file mode 100644
index 0000000..2f39507
--- /dev/null
+++ b/listener/basefunc.go
@@ -0,0 +1,129 @@
+package main
+import (
+        "bufio"
+        "fmt"
+        "os"
+        "os/exec"
+        "path/filepath"
+        "strconv"
+        "strings"
+        "time"
+)
+func figureOutSyscalls() error {
+        cmd := exec.Command("ausyscall", "--dump")
+        stdout, err := cmd.StdoutPipe()
+        if err != nil {
+                return err
+        }
+        if err := cmd.Start(); err != nil {
+                return err
+        }
+        scanner := bufio.NewScanner(stdout)
+        for i := 0; scanner.Scan(); i++ {
+                if i == 0 {
+                        continue
+                }
+                line := scanner.Text()
+                parts := strings.Split(line, "\t")
+                if len(parts) != 2 {
+                        return fmt.Errorf("invalid ausyscall format")
+                }
+                num, err := strconv.Atoi(parts[0])
+                if err != nil {
+                        return err
+                }
+                syscallTable[num] = parts[1]
+        }
+        if err := scanner.Err(); err != nil {
+                return err
+        }
+        if err := cmd.Wait(); err != nil {
+                return err
+        }
+        return nil
+}
+func getPid() (int, error) {
+        // 指定要搜索的关键词
+        keyword := "/usr/bin/containerd"
+        // 获取/proc目录下的所有子目录
+        procDir, err := filepath.Glob("/proc/*")
+        if err != nil {
+                return 0, err
+        }
+        // 遍历子目录，查找包含关键词的进程
+        for _, dir := range procDir {
+                pid, err := strconv.Atoi(filepath.Base(dir))
+                if err != nil {
+                        continue // 跳过非PID的目录
+                }
+                // 检查进程是否包含关键词
+                if containsKeyword(pid, keyword) {
+                        return pid, nil
+                }
+        }
+        err = fmt.Errorf("Error: no containerd process found.")
+        return 0, err
+}
+func containsKeyword(pid int, keyword string) bool {
+        // 构造完整的进程命令路径
+        cmdPath := fmt.Sprintf("/proc/%d/cmdline", pid)
+        // 打开文件
+        file, err := os.Open(cmdPath)
+        if err != nil {
+                return false
+        }
+        defer file.Close()
+        // 读取文件内容
+        scanner := bufio.NewScanner(file)
+        scanner.Split(bufio.ScanLines)
+        for scanner.Scan() {
+                line := scanner.Text()
+                if strings.Contains(line, keyword) {
+                        return true
+                }
+        }
+        return false
+}
+func getTimeFromStr(timeStr string) (time.Time, error) {
+        timestampFloat, err := strconv.ParseFloat(timeStr, 64)
+        if err != nil {
+                return time.Unix(0, 0), err
+        }
+        secs := int64(timestampFloat)
+        nsecs := int64((timestampFloat - float64(secs)) * 1e9)
+        // 只精确到毫秒就够了
+        t := time.Unix(secs, nsecs).Truncate(time.Millisecond)
+        return t, nil
+}
+func hexToAscii(hexString string) string {
+        bytes := []byte{}
+        for i := 0; i < len(hexString); i += 2 {
+                hexPair := hexString[i : i+2]
+                // 将十六进制数转换为十进制数
+                decimal, err := strconv.ParseInt(hexPair, 16, 8)
+                if err != nil {
+                        return "Invalid hex string"
+                }
+                char := byte(decimal)
+                bytes = append(bytes, char)
+        }
+        asciiString := strings.ReplaceAll(string(bytes), "\000", " ")
+        return asciiString
+}

diff --git a/listener/basefunc.go b/listener/basefunc.go new file mode 100644 index 0000000..2f39507 --- /dev/null +++ b/listener/basefunc.go
@@ -0,0 +1,129 @@
	1	package main
	2
	3	import (
	4	"bufio"
	5	"fmt"
	6	"os"
	7	"os/exec"
	8	"path/filepath"
	9	"strconv"
	10	"strings"
	11	"time"
	12	)
	13
	14	func figureOutSyscalls() error {
	15	cmd := exec.Command("ausyscall", "--dump")
	16	stdout, err := cmd.StdoutPipe()
	17	if err != nil {
	18	return err
	19	}
	20
	21	if err := cmd.Start(); err != nil {
	22	return err
	23	}
	24
	25	scanner := bufio.NewScanner(stdout)
	26	for i := 0; scanner.Scan(); i++ {
	27	if i == 0 {
	28	continue
	29	}
	30	line := scanner.Text()
	31	parts := strings.Split(line, "\t")
	32	if len(parts) != 2 {
	33	return fmt.Errorf("invalid ausyscall format")
	34	}
	35	num, err := strconv.Atoi(parts[0])
	36	if err != nil {
	37	return err
	38	}
	39	syscallTable[num] = parts[1]
	40	}
	41
	42	if err := scanner.Err(); err != nil {
	43	return err
	44	}
	45	if err := cmd.Wait(); err != nil {
	46	return err
	47	}
	48	return nil
	49	}
	50
	51	func getPid() (int, error) {
	52	// 指定要搜索的关键词
	53	keyword := "/usr/bin/containerd"
	54
	55	// 获取/proc目录下的所有子目录
	56	procDir, err := filepath.Glob("/proc/*")
	57	if err != nil {
	58	return 0, err
	59	}
	60
	61	// 遍历子目录，查找包含关键词的进程
	62	for _, dir := range procDir {
	63	pid, err := strconv.Atoi(filepath.Base(dir))
	64	if err != nil {
	65	continue // 跳过非PID的目录
	66	}
	67
	68	// 检查进程是否包含关键词
	69	if containsKeyword(pid, keyword) {
	70	return pid, nil
	71	}
	72	}
	73	err = fmt.Errorf("Error: no containerd process found.")
	74	return 0, err
	75	}
	76
	77	func containsKeyword(pid int, keyword string) bool {
	78	// 构造完整的进程命令路径
	79	cmdPath := fmt.Sprintf("/proc/%d/cmdline", pid)
	80
	81	// 打开文件
	82	file, err := os.Open(cmdPath)
	83	if err != nil {
	84	return false
	85	}
	86	defer file.Close()
	87
	88	// 读取文件内容
	89	scanner := bufio.NewScanner(file)
	90	scanner.Split(bufio.ScanLines)
	91	for scanner.Scan() {
	92	line := scanner.Text()
	93	if strings.Contains(line, keyword) {
	94	return true
	95	}
	96	}
	97	return false
	98	}
	99
	100	func getTimeFromStr(timeStr string) (time.Time, error) {
	101	timestampFloat, err := strconv.ParseFloat(timeStr, 64)
	102	if err != nil {
	103	return time.Unix(0, 0), err
	104	}
	105	secs := int64(timestampFloat)
	106	nsecs := int64((timestampFloat - float64(secs)) * 1e9)
	107
	108	// 只精确到毫秒就够了
	109	t := time.Unix(secs, nsecs).Truncate(time.Millisecond)
	110	return t, nil
	111	}
	112
	113	func hexToAscii(hexString string) string {
	114	bytes := []byte{}
	115	for i := 0; i < len(hexString); i += 2 {
	116	hexPair := hexString[i : i+2]
	117	// 将十六进制数转换为十进制数
	118	decimal, err := strconv.ParseInt(hexPair, 16, 8)
	119	if err != nil {
	120	return "Invalid hex string"
	121	}
	122	char := byte(decimal)
	123	bytes = append(bytes, char)
	124	}
	125
	126	asciiString := strings.ReplaceAll(string(bytes), "\000", " ")
	127
	128	return asciiString
	129	}