From 78de56b9f2d862bbdac8a02a72dd95500b7ef83e Mon Sep 17 00:00:00 2001
From: We-unite <3205135446@qq.com>
Date: Mon, 5 Aug 2024 16:59:51 +0800
Subject: Try t use coroutine, but starvation

---
 src/godo.go | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

(limited to 'src/godo.go')

diff --git a/src/godo.go b/src/godo.go
index 2ba32d6..77e677c 100644
--- a/src/godo.go
+++ b/src/godo.go
@@ -44,7 +44,6 @@ func main() {
 	var auditCmd *exec.Cmd
 
 	pidSyscall := []string{"execve"}
-	// pidSyscall := []string{"fork", "vfork", "clone", "execve", "exit", "exit_group"}
 	// 设置监听规则
 	for i := 0; i < len(pidSyscall); i++ {
 		auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i])
@@ -52,7 +51,7 @@ func main() {
 	}
 
 	// 监听文件的消息
-	fileSyscall := []string{"open"}
+	fileSyscall := []string{"open", "write", "close"}
 	// fileSyscall := []string{"open", "write", "creat", "unlink", "opendir", "mkdir", "rmdir", "chmod", "fchmod", "chown", "fchown", "lchown", "flock"}
 	for i := 0; i < len(fileSyscall); i++ {
 		auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", fileSyscall[i])
@@ -118,16 +117,14 @@ func procWatch() error {
 			case netlink.PROC_EVENT_FORK:
 				data := procEvent.Data.(netlink.ProcEventFork)
 				cooked := Event{
-					tag:       NEWPID,
-					ppid:      int(data.ParentTgid),
-					pid:       int(data.ChildPid),
-					timestamp: time.Now(),
+					tag:        NEWPID,
+					timestamp:  time.Now(),
+					pid:        int(data.ChildPid),
+					tgid:       int(data.ChildTgid),
+					ppid:       int(data.ParentPid),
+					parentTgid: int(data.ParentTgid),
 				}
 				checkProc(&cooked)
-				if data.ChildPid != data.ChildTgid {
-					cooked.ppid = int(data.ChildTgid)
-					cooked.pid = int(data.ChildPid)
-				}
 				cookedChan <- cooked
 			case netlink.PROC_EVENT_EXIT:
 				data := procEvent.Data.(netlink.ProcEventExit)
@@ -146,7 +143,7 @@ func procWatch() error {
 }
 
 func checkProc(pCooked *Event) {
-	fileName := fmt.Sprintf("/proc/%d/cmdline", pCooked.pid)
+	fileName := fmt.Sprintf("/proc/%d/task/%d/cmdline", pCooked.tgid, pCooked.pid)
 	fd, err := os.Open(fileName)
 	if err != nil {
 		fmt.Printf("Err: %v\n", err)
@@ -162,7 +159,7 @@ func checkProc(pCooked *Event) {
 	pCooked.argc = len(pCooked.argv)
 	fd.Close()
 
-	fileName = fmt.Sprintf("/proc/%d/cwd", pCooked.pid)
+	fileName = fmt.Sprintf("/proc/%d/task/%d/cwd", pCooked.tgid, pCooked.pid)
 	pCooked.cwd, err = os.Readlink(fileName)
 	if err != nil {
 		fmt.Printf("Err readlink %s: %v\n", fileName, err)
-- 
cgit v1.2.3-70-g09d2