1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
package main
import (
"bufio"
"fmt"
"os"
"path/filepath"
"regexp"
"strconv"
"strings"
"time"
)
func figureOutSyscalls() error {
var targetFile string
err := filepath.Walk("/usr/include", func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if strings.HasSuffix(path, "asm/unistd_64.h") {
targetFile = path
return filepath.SkipDir // 找到后提前退出遍历
}
return nil
})
if err != nil {
return err
}
// 如果没有找到目标文件
if targetFile == "" {
return fmt.Errorf("file asm/unistd_64.h not found in /usr/include")
}
NRRegex := regexp.MustCompile(`#define __NR_(.*?) (\d+)$`)
file, err := os.Open("/usr/include/asm/unistd_64.h")
if err != nil {
return err
}
defer file.Close()
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := scanner.Text()
if NRRegex.MatchString(line) {
match := NRRegex.FindStringSubmatch(line)
num, err := strconv.Atoi(match[2])
if err != nil {
return err
}
syscallTable[num] = match[1]
}
}
return nil
}
func getPid() (int, error) {
// 指定要搜索的关键词
keyword := "/usr/bin/containerd"
// 获取/proc目录下的所有子目录
procDir, err := filepath.Glob("/proc/*")
if err != nil {
return 0, err
}
// 遍历子目录,查找包含关键词的进程
for _, dir := range procDir {
pid, err := strconv.Atoi(filepath.Base(dir))
if err != nil {
continue // 跳过非PID的目录
}
// 检查进程是否包含关键词
if containsKeyword(pid, keyword) {
return pid, nil
}
}
err = fmt.Errorf("Error: no containerd process found.")
return 0, err
}
func containsKeyword(pid int, keyword string) bool {
// 构造完整的进程命令路径
cmdPath := fmt.Sprintf("/proc/%d/cmdline", pid)
// 打开文件
file, err := os.Open(cmdPath)
if err != nil {
return false
}
defer file.Close()
// 读取文件内容
scanner := bufio.NewScanner(file)
scanner.Split(bufio.ScanLines)
for scanner.Scan() {
line := scanner.Text()
if strings.Contains(line, keyword) {
return true
}
}
return false
}
func getTimeFromStr(timeStr string) (time.Time, error) {
timestampFloat, err := strconv.ParseFloat(timeStr, 64)
if err != nil {
return time.Unix(0, 0), err
}
secs := int64(timestampFloat)
nsecs := int64((timestampFloat - float64(secs)) * 1e9)
// 只精确到毫秒就够了
t := time.Unix(secs, nsecs).Truncate(time.Millisecond)
return t, nil
}
func hexToAscii(hexString string) string {
bytes := []byte{}
for i := 0; i < len(hexString); i += 2 {
hexPair := hexString[i : i+2]
// 将十六进制数转换为十进制数
decimal, err := strconv.ParseInt(hexPair, 16, 8)
if err != nil {
return "Invalid hex string"
}
char := byte(decimal)
bytes = append(bytes, char)
}
asciiString := strings.ReplaceAll(string(bytes), "\000", " ")
return asciiString
}
|
