refact: #2

Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
alegrey91 · Apr 9, 2024 · 3d260fe · 3d260fe
1 parent 7de5264
commit 3d260fe
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 19 deletions.
diff --git a/ebpf/ebpf.c b/ebpf/ebpf.c
@@ -37,7 +37,7 @@ __bpf_strncmp(const void *x, const void *y, __u64 len) {
 // the frontend app that the function started its
 // execution
 SEC("uprobe/enter_function")
-inline int enter_function(struct pt_regs *ctx) {
+int enter_function(struct pt_regs *ctx) {
 	struct syscall_data data = {};
 	data.tracingStatus = 1;
 	bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &data, sizeof(data));
@@ -48,7 +48,7 @@ inline int enter_function(struct pt_regs *ctx) {
 // the frontend app that the function finished its
 // execution
 SEC("uprobe/exit_function")
-inline int exit_function(struct pt_regs *ctx) {
+int exit_function(struct pt_regs *ctx) {
 	struct syscall_data data = {};
 	data.tracingStatus = 2;
 	bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &data, sizeof(data));
@@ -62,10 +62,10 @@ int start_trace(struct trace_event_raw_sys_enter* args) {
 	char comm[16];
 	bpf_get_current_comm(&comm, sizeof(comm));
 	// skip if the command is not the one we want to trace
-	if (__bpf_strncmp(comm, "ps", sizeof(comm)) != 0) {
+	if (__bpf_strncmp(comm, "randomic.test", sizeof(comm)) != 0) {
 		// this is for debugging purposes, check output with:
 		// sudo cat /sys/kernel/debug/tracing/trace_pipe
-		//bpf_printk("command doesn't match: %s\n", comm)
+		bpf_printk("command doesn't match: %s\n", comm);
 		return 1;
 	}
 
@@ -75,3 +75,4 @@ int start_trace(struct trace_event_raw_sys_enter* args) {
 	return 0;
 }
 
+char __license[] SEC("license") = "GPL";
diff --git a/main.go b/main.go
@@ -22,8 +22,8 @@ type event struct {
 	TracingStatus uint32
 }
 
-//go:embed ebpf/*
-var eBPFDir embed.FS
+//go:embed output/*
+var eBPFObject embed.FS
 var version = "test"
 
 func main() {
@@ -60,15 +60,17 @@ func main() {
 		os.Exit(1)
 	}
 
-	/* read, replace and compile the bpf program
-	source, _ := eBPFDir.ReadFile("ebpf/ebpf.c")
-	src := strings.Replace(string(source), "$CMD", filepath.Base(command[0]), -1)
-	bpfModule := bcc.NewModule(src, []string{})
-	defer bpfModule.Close()
+	/*
+		Read, replace and compile the bpf program
+		source, _ := eBPFDir.ReadFile("ebpf/ebpf.c")
+		src := strings.Replace(string(source), "$CMD", filepath.Base(command[0]), -1)
+		bpfModule := bcc.NewModule(src, []string{})
+		defer bpfModule.Close()
 	*/
-	bpfModule, err := bpf.NewModuleFromFile("ebpf.o")
+	objectFile, err := eBPFObject.ReadFile("output/ebpf.o")
+	bpfModule, err := bpf.NewModuleFromBuffer(objectFile, "ebpf.o")
 	if err != nil {
-		fmt.Printf("error loading BPF object file\n")
+		fmt.Printf("error loading BPF object file: %v\n", err)
 		os.Exit(-1)
 	}
 	defer bpfModule.Close()
@@ -83,7 +85,7 @@ func main() {
 	*/
 	enterFuncProbe, err := bpfModule.GetProgram("enter_function")
 	if err != nil {
-		fmt.Printf("error loading program 'enter_function'\n")
+		fmt.Printf("error loading program 'enter_function': %v\n", err)
 		os.Exit(-1)
 	}
 
@@ -96,7 +98,7 @@ func main() {
 	*/
 	exitFuncProbe, err := bpfModule.GetProgram("exit_function")
 	if err != nil {
-		fmt.Printf("error loading program 'exit_function'\n")
+		fmt.Printf("error loading program 'exit_function': %v\n", err)
 		os.Exit(-1)
 	}
 
@@ -109,7 +111,7 @@ func main() {
 	*/
 	traceFunction, err := bpfModule.GetProgram("start_trace")
 	if err != nil {
-		fmt.Printf("error loading program 'start_trace'\n")
+		fmt.Printf("error loading program 'start_trace': %v\n", err)
 		os.Exit(-1)
 	}
 
@@ -125,6 +127,8 @@ func main() {
 		fmt.Printf("error finding %s function offset: %v\n", *functionName, err)
 		os.Exit(-1)
 	}
+	fmt.Printf("found offset for func: %s@%d\n", *functionName, offset)
+	fmt.Printf("attaching uprobe/enter_function at: %s, offset: %d\n", command[0], offset)
 	enterLink, err := enterFuncProbe.AttachUprobe(-1, command[0], offset)
 	if err != nil {
 		fmt.Printf("error attaching uprobe at function: %s, offset: %d", *functionName, offset)
@@ -139,14 +143,16 @@ func main() {
 			log.Fatal(err)
 		}
 	*/
-	// for each RET instruction, attach a "uprobe/exit_function"
+	// for each RET instruction, attach the "uprobe/exit_function"
 	exitLinks := make([]*bpf.BPFLink, 0)
 	functionRetOffsets, err := getFunctionRetOffsets(command[0], *functionName)
 	for _, offsetRet := range functionRetOffsets {
-		exitLink, err := exitFuncProbe.AttachUprobe(-1, command[0], uint32(offsetRet))
+		fmt.Printf("found offset for func: %s@%d\n", *functionName, offset+uint32(offsetRet))
+		fmt.Printf("attaching uprobe/exit_function at RET: %s, offset: %d\n", command[0], offset+uint32(offsetRet))
+		exitLink, err := exitFuncProbe.AttachUprobe(-1, command[0], offset+uint32(offsetRet))
 		exitLinks = append(exitLinks, exitLink)
 		if err != nil {
-			fmt.Printf("error attaching uprobe at function RET: %s, offset: %d", *functionName, offset)
+			fmt.Printf("error attaching uprobe at function RET: %s, offset: %d", *functionName, offset+uint32(offsetRet))
 			os.Exit(-1)
 		}
 		defer func() {