diff options
Diffstat (limited to '')
-rw-r--r-- | listener/basefunc.go | 54 | ||||
-rw-r--r-- | listener/godo.go | 4 |
2 files changed, 32 insertions, 26 deletions
diff --git a/listener/basefunc.go b/listener/basefunc.go index 2f39507..dcaf68a 100644 --- a/listener/basefunc.go +++ b/listener/basefunc.go | |||
@@ -4,46 +4,52 @@ import ( | |||
4 | "bufio" | 4 | "bufio" |
5 | "fmt" | 5 | "fmt" |
6 | "os" | 6 | "os" |
7 | "os/exec" | ||
8 | "path/filepath" | 7 | "path/filepath" |
8 | "regexp" | ||
9 | "strconv" | 9 | "strconv" |
10 | "strings" | 10 | "strings" |
11 | "time" | 11 | "time" |
12 | ) | 12 | ) |
13 | 13 | ||
14 | func figureOutSyscalls() error { | 14 | func figureOutSyscalls() error { |
15 | cmd := exec.Command("ausyscall", "--dump") | 15 | var targetFile string |
16 | stdout, err := cmd.StdoutPipe() | 16 | err := filepath.Walk("/usr/include", func(path string, info os.FileInfo, err error) error { |
17 | if err != nil { | ||
18 | return err | ||
19 | } | ||
20 | if strings.HasSuffix(path, "asm/unistd_64.h") { | ||
21 | targetFile = path | ||
22 | return filepath.SkipDir // 找到后提前退出遍历 | ||
23 | } | ||
24 | return nil | ||
25 | }) | ||
17 | if err != nil { | 26 | if err != nil { |
18 | return err | 27 | return err |
19 | } | 28 | } |
20 | 29 | ||
21 | if err := cmd.Start(); err != nil { | 30 | // 如果没有找到目标文件 |
31 | if targetFile == "" { | ||
32 | return fmt.Errorf("file asm/unistd_64.h not found in /usr/include") | ||
33 | } | ||
34 | |||
35 | NRRegex := regexp.MustCompile(`#define __NR_(.*?) (\d+)$`) | ||
36 | file, err := os.Open("/usr/include/asm/unistd_64.h") | ||
37 | if err != nil { | ||
22 | return err | 38 | return err |
23 | } | 39 | } |
40 | defer file.Close() | ||
24 | 41 | ||
25 | scanner := bufio.NewScanner(stdout) | 42 | scanner := bufio.NewScanner(file) |
26 | for i := 0; scanner.Scan(); i++ { | 43 | for scanner.Scan() { |
27 | if i == 0 { | ||
28 | continue | ||
29 | } | ||
30 | line := scanner.Text() | 44 | line := scanner.Text() |
31 | parts := strings.Split(line, "\t") | 45 | if NRRegex.MatchString(line) { |
32 | if len(parts) != 2 { | 46 | match := NRRegex.FindStringSubmatch(line) |
33 | return fmt.Errorf("invalid ausyscall format") | 47 | num, err := strconv.Atoi(match[2]) |
48 | if err != nil { | ||
49 | return err | ||
50 | } | ||
51 | syscallTable[num] = match[1] | ||
34 | } | 52 | } |
35 | num, err := strconv.Atoi(parts[0]) | ||
36 | if err != nil { | ||
37 | return err | ||
38 | } | ||
39 | syscallTable[num] = parts[1] | ||
40 | } | ||
41 | |||
42 | if err := scanner.Err(); err != nil { | ||
43 | return err | ||
44 | } | ||
45 | if err := cmd.Wait(); err != nil { | ||
46 | return err | ||
47 | } | 53 | } |
48 | return nil | 54 | return nil |
49 | } | 55 | } |
diff --git a/listener/godo.go b/listener/godo.go index 0e1dc73..4f09b67 100644 --- a/listener/godo.go +++ b/listener/godo.go | |||
@@ -108,11 +108,11 @@ func coroutine(client *libaudit.AuditClient) error { | |||
108 | wg.Add(1) | 108 | wg.Add(1) |
109 | go deal() | 109 | go deal() |
110 | wg.Add(1) | 110 | wg.Add(1) |
111 | go procWatch() | ||
112 | wg.Add(1) | ||
113 | go receive(client) | 111 | go receive(client) |
114 | wg.Add(1) | 112 | wg.Add(1) |
115 | go orgnaze() | 113 | go orgnaze() |
114 | wg.Add(1) | ||
115 | go procWatch() | ||
116 | 116 | ||
117 | wg.Wait() | 117 | wg.Wait() |
118 | time.Sleep(2 * time.Second) | 118 | time.Sleep(2 * time.Second) |