merge JVM memshell and detach

.gitignore

@@ -40,4 +40,6 @@ Cargo.lock
 *.json
 *CMakeFiles*
 *vcpkg_installed
-*node_modules
+*node_modules
+*.output/
+build

rasp/Makefile

@@ -6,7 +6,7 @@ DEBUG_SYMBOLS ?= debug
 LIB_OUTPUT ?= $(OUTPUT)/lib-$(VERSION)
 VCPKG_OVERLAY_PORTS ?= $(abspath overlay-ports)
 
-.PHONY: all help install clean set-version agent-plugin nsenter pangolin jattach JVMProbe python-probe python-loader go-probe go-probe-ebpf node-probe php-probe librasp rasp-server NSMount
+.PHONY: all help install clean set-version agent-plugin nsenter pangolin jattach  JVMAgent JVMProbe python-probe python-loader go-probe go-probe-ebpf node-probe php-probe librasp rasp-server NSMount
 
 all: rasp-$(VERSION).tar.gz rasp-$(VERSION)-debug.tar.gz SHA256SUMS
 
@@ -112,11 +112,16 @@ else
 endif
 
 
+JVMAgent:
+	cd jvm/JVMAgent && \
+	mkdir -p output && \
+	BUILD_VERSION=${VERSION} ./gradlew shadow && \
+	cp build/libs/JVMAgent-1.0-SNAPSHOT-all.jar output/SmithAgent.jar
 JVMProbe:
 	cd jvm/JVMProbe && \
 	mkdir -p output && \
 	BUILD_VERSION=${VERSION} ./gradlew shadow && \
-	cp build/libs/JVMProbe-1.0-SNAPSHOT-all.jar output/SmithAgent.jar
+	cp build/libs/JVMProbe-1.0-SNAPSHOT-all.jar output/SmithProbe.jar
 
 
 pangolin:
@@ -405,7 +410,7 @@ else
 endif
 
 
-$(OUTPUT): set-version agent-plugin nsenter pangolin jattach JVMProbe python-probe python-loader go-probe go-probe-ebpf node-probe php-probe rasp-server librasp NSMount
+$(OUTPUT): set-version agent-plugin nsenter pangolin jattach JVMAgent JVMProbe python-probe python-loader go-probe go-probe-ebpf node-probe php-probe rasp-server librasp NSMount
 	mkdir -p $(OUTPUT) $(LIB_OUTPUT) $(LIB_OUTPUT)/golang $(LIB_OUTPUT)/java $(LIB_OUTPUT)/node $(LIB_OUTPUT)/php $(LIB_OUTPUT)/python
 
 	cp plugin/settings.toml $(OUTPUT)/settings.toml
@@ -425,7 +430,8 @@ endif
 	cp NSMount/bin/NSMount $(OUTPUT)/NSMount
 	cp pangolin/bin/pangolin $(LIB_OUTPUT)/pangolin
 
-	cp jvm/JVMProbe/output/SmithAgent.jar $(LIB_OUTPUT)/java/SmithAgent.jar
+	cp jvm/JVMAgent/output/SmithAgent.jar 
+	cp jvm/JVMProbe/output/SmithProbe.jar $(LIB_OUTPUT)/java/SmithProbe.jar
 	cp jvm/jattach/build/jattach $(LIB_OUTPUT)/java/jattach
 
 	cp python/python-loader/bin/python_loader $(LIB_OUTPUT)/python

rasp/jvm/JVMAgent/README.md

@@ -0,0 +1,145 @@
+<!-- PROJECT LOGO -->
+<p align="center">
+  <h3 align="center">JVMProbe</h3>
+
+  <p align="center">
+    JVM runtime application self-protection.
+    <br />
+    <br />
+    <a href="https://github.com/bytedance/Elkeid/issues">Report Bug</a>
+    ·
+    <a href="https://github.com/bytedance/Elkeid/issues">Request Feature</a>
+  </p>
+</p>
+
+
+
+<!-- TABLE OF CONTENTS -->
+<details open="open">
+  <summary>Table of Contents</summary>
+  <ol>
+    <li>
+      <a href="#about-the-project">About The Project</a>
+      <ul>
+        <li><a href="#built-with">Built With</a></li>
+      </ul>
+    </li>
+    <li>
+      <a href="#getting-started">Getting Started</a>
+      <ul>
+        <li><a href="#prerequisites">Prerequisites</a></li>
+        <li><a href="#installation">Installation</a></li>
+      </ul>
+    </li>
+    <li><a href="#usage">Usage</a></li>
+    <li><a href="#roadmap">Roadmap</a></li>
+    <li><a href="#contributing">Contributing</a></li>
+    <li><a href="#license">License</a></li>
+    <li><a href="#contact">Contact</a></li>
+    <li><a href="#acknowledgements">Acknowledgements</a></li>
+  </ol>
+</details>
+
+
+
+<!-- ABOUT THE PROJECT -->
+## About The Project
+
+Modify class bytecode by using [ASM](https://asm.ow2.io), transfer api call arguments/stacktrace by unix socket.
+
+### Built With
+
+* [OpenJDK](https://openjdk.java.net)
+* [Gradle](https://gradle.org)
+
+
+
+<!-- GETTING STARTED -->
+## Getting Started
+
+### Prerequisites
+
+* OpenJDK
+  ```sh
+  wget https://download.java.net/openjdk/jdk11/ri/openjdk-11+28_linux-x64_bin.tar.gz
+  ```
+
+### Installation
+
+1. Clone the repo
+   ```sh
+   git clone https://github.com/bytedance/Elkeid.git
+   ```
+2. Build
+   ```sh
+   mkdir -p output && ./gradlew shadow && cp build/libs/JVMProbe-1.0-SNAPSHOT-all.jar output/SmithAgent.jar
+   ```
+
+
+
+<!-- USAGE EXAMPLES -->
+## Usage
+
+Start server:
+```sh
+# each message is be composed of a 4-byte length header, and a json string.
+socat UNIX-LISTEN:"/var/run/smith_agent.sock" -
+```
+
+Loader mode:
+```sh
+java -javaagent:SmithAgent.jar -jar application.jar
+```
+
+Attach mode by using [jattach](https://github.com/apangin/jattach):
+```sh
+jattach $(pidof java) load instrument false SmithAgent.jar
+```
+
+
+
+<!-- ROADMAP -->
+## Roadmap
+
+See the [open issues](https://github.com/bytedance/Elkeid/issues) for a list of proposed features (and known issues).
+
+
+
+<!-- CONTRIBUTING -->
+## Contributing
+
+Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are **greatly appreciated**.
+
+1. Fork the Project
+2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the Branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
+
+
+
+<!-- LICENSE -->
+## License
+
+Distributed under the Apache-2.0 License.
+
+
+
+<!-- CONTACT -->
+## Contact
+
+Bytedance - [@bytedance](https://github.com/bytedance)
+
+Project Link: [https://github.com/bytedance/Elkeid](https://github.com/bytedance/Elkeid)
+
+
+
+<!-- ACKNOWLEDGEMENTS -->
+## Acknowledgements
+* [ASM](https://asm.ow2.io)
+* [snakeyaml](https://github.com/asomov/snakeyaml)
+* [jackson](https://github.com/FasterXML/jackson)
+* [commons-lang](https://commons.apache.org/proper/commons-lang)
+* [netty](https://netty.io)
+* [Disruptor](https://github.com/LMAX-Exchange/disruptor)
+* [Javassist](https://www.javassist.org)

rasp/jvm/JVMAgent/build.gradle

@@ -0,0 +1,38 @@
+plugins {
+    id 'java-library'
+    id 'com.github.johnrengelman.shadow' version '6.0.0'
+}
+
+group 'com.security'
+version '1.0-SNAPSHOT'
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.11'
+    implementation group: 'io.netty', name: 'netty-all', version: '4.1.85.Final'
+}
+
+compileJava {
+    options.release.set(8)
+}
+
+jar {
+    manifest {
+        attributes 'Agent-Class': 'com.security.smithloader.SmithAgent'
+        attributes 'Premain-Class': 'com.security.smithloader.SmithAgent'
+        attributes 'Can-Retransform-Classes': 'true'
+        attributes 'Boot-Class-Path': 'SmithAgent.jar'
+        attributes 'Specification-Title': 'Smith Agent'
+        attributes 'Specification-Version': '1.0'
+        attributes 'Implementation-Title': 'Smith Agent'
+        attributes 'Implementation-Version': "$System.env.BUILD_VERSION"
+    }
+}
+
+shadowJar {
+    relocate 'org.apache.commons', 'agent.org.apache.commons'
+    relocate 'META-INF/native/libnetty', 'META-INF/native/librasp_netty'
+}

rasp/jvm/JVMAgent/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists