forked from BishopFox/sliver
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ps_linux.go
154 lines (136 loc) · 2.98 KB
/
ps_linux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
// +build linux
package ps
import (
"fmt"
"io"
"io/ioutil"
"os"
"os/user"
"strconv"
"strings"
"syscall"
)
// UnixProcess is an implementation of Process
// that contains Unix-specific fields and information.
type UnixProcess struct {
pid int
ppid int
state rune
pgrp int
sid int
binary string
owner string
}
// Pid returns the process identifier
func (p *UnixProcess) Pid() int {
return p.pid
}
// PPid returns the parent process identifier
func (p *UnixProcess) PPid() int {
return p.ppid
}
// Executable returns the process name
func (p *UnixProcess) Executable() string {
return p.binary
}
// Owner returns the username the process belongs to
func (p *UnixProcess) Owner() string {
return p.owner
}
func getProcessOwner(pid int) (string, error) {
filename := fmt.Sprintf("/proc/%d/task", pid)
f, _ := os.Open(filename)
defer f.Close()
fileStat := &syscall.Stat_t{}
err := syscall.Fstat(int(f.Fd()), fileStat)
if err != nil {
return "", err
}
usr, err := user.LookupId(fmt.Sprintf("%d", fileStat.Uid))
if err != nil {
return "", err
}
return usr.Username, err
}
// Refresh reloads all the data associated with this process.
func (p *UnixProcess) Refresh() error {
statPath := fmt.Sprintf("/proc/%d/stat", p.pid)
dataBytes, err := ioutil.ReadFile(statPath)
if err != nil {
return err
}
// First, parse out the image name
data := string(dataBytes)
binStart := strings.IndexRune(data, '(') + 1
binEnd := strings.IndexRune(data[binStart:], ')')
p.binary = data[binStart : binStart+binEnd]
// Move past the image name and start parsing the rest
data = data[binStart+binEnd+2:]
_, err = fmt.Sscanf(data,
"%c %d %d %d",
&p.state,
&p.ppid,
&p.pgrp,
&p.sid)
return err
}
func findProcess(pid int) (Process, error) {
ps, err := processes()
if err != nil {
return nil, err
}
for _, p := range ps {
if p.Pid() == pid {
return p, nil
}
}
return nil, fmt.Errorf("no process found for pid %d", pid)
}
func processes() ([]Process, error) {
d, err := os.Open("/proc")
if err != nil {
return nil, err
}
defer d.Close()
results := make([]Process, 0, 50)
for {
fis, err := d.Readdir(10)
if err == io.EOF {
break
}
if err != nil {
return nil, err
}
for _, fi := range fis {
// We only care about directories, since all pids are dirs
if !fi.IsDir() {
continue
}
// We only care if the name starts with a numeric
name := fi.Name()
if name[0] < '0' || name[0] > '9' {
continue
}
// From this point forward, any errors we just ignore, because
// it might simply be that the process doesn't exist anymore.
pid, err := strconv.ParseInt(name, 10, 0)
if err != nil {
continue
}
p, err := newUnixProcess(int(pid))
if err != nil {
continue
}
p.owner, err = getProcessOwner(int(pid))
if err != nil {
continue
}
results = append(results, p)
}
}
return results, nil
}
func newUnixProcess(pid int) (*UnixProcess, error) {
p := &UnixProcess{pid: pid}
return p, p.Refresh()
}