Home Explore Help
Register Sign In
beoran
/
galago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 4bbfc942be
Branches Tags
galago
/
cmd
/
gost
/
main.go

main.go 1.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"os"
    6. 

  6. 	"os/exec"
    7. 

  7. 	"syscall"
    8. 

  8. 	sec "github.com/seccomp/libseccomp-golang"
    9. 

  9. )
    10. 

  10. 

  11. /*
    12. 

  12.  * Register setup:
    13. 

  13.  * rax  system call number
    14. 

  14.  * rdi  arg0
    15. 

  15.  * rcx  return address for syscall/sysret, C arg3
    16. 

  16.  * rsi  arg1
    17. 

  17.  * rdx  arg2
    18. 

  18.  * r10  arg3 	(--> moved to rcx for C)
    19. 

  19.  * r8   arg4
    20. 

  20.  * r9   arg5
    21. 

  21.  * r11  eflags for syscall/sysret, temporary for C
    22. 

  22.  * r12-r15,rbp,rbx saved by C code, not touched.
    23. 

  23.  */
    24. 

  24. 

  25. func main() {
    26. 

  26. 	var regs syscall.PtraceRegs
    27. 

  27. 

  28. 

  29. 	fmt.Printf("Run %v\n", os.Args[1:])
    30. 

  30. 

  31. 	// Uncommenting this will cause the open syscall to return with Operation Not Permitted error
    32. 

  32. 	// disallow("open")
    33. 

  33. 

  34. 	cmd := exec.Command(os.Args[1], os.Args[2:]...)
    35. 

  35. 	cmd.Stderr = os.Stderr
    36. 

  36. 	cmd.Stdin = os.Stdin
    37. 

  37. 	cmd.Stdout = os.Stdout
    38. 

  38. 	cmd.SysProcAttr = &syscall.SysProcAttr{
    39. 

  39. 		Ptrace: true,
    40. 

  40. 	}
    41. 

  41. 

  42. 	cmd.Start()
    43. 

  43. 	err := cmd.Wait()
    44. 

  44. 	if err != nil {
    45. 

  45. 		fmt.Printf("Wait returned: %v\n", err)
    46. 

  46. 	}
    47. 

  47. 

  48. 	pid := cmd.Process.Pid
    49. 

  49. 	exit := true
    50. 

  50. 

  51. 	for {
    52. 

  52. 		if exit {
    53. 

  53. 			err = syscall.PtraceGetRegs(pid, &regs)
    54. 

  54. 			if err != nil {
    55. 

  55. 				break
    56. 

  56. 			}
    57. 

  57. 

  58. 			// Uncomment to show each syscall as it's called
    59. 

  59. 			name := getSyscallName(regs.Orig_rax)
    60. 

  60. 			fmt.Printf("%s: %d(%x,%x,%x)\n", name, regs.Rax, regs.Rdi, regs.Rsi, regs.Rdx)
    61. 

  61. 		}
    62. 

  62. 

  63. 		err = syscall.PtraceSyscall(pid, 0)
    64. 

  64. 		if err != nil {
    65. 

  65. 			panic(err)
    66. 

  66. 		}
    67. 

  67. 

  68. 		_, err = syscall.Wait4(pid, nil, 0, nil)
    69. 

  69. 		if err != nil {
    70. 

  70. 			panic(err)
    71. 

  71. 		}
    72. 

  72. 

  73. 		exit = !exit
    74. 

  74. 	}
    75. 

  75. 

  76. }
    77. 

  77. 

  78. 

  79. 

  80. func getSyscallName(syscallID uint64) string {
    81. 

  81. 	name, _ := sec.ScmpSyscall(syscallID).GetName()
    82. 

  82.     return name
    83. 

  83. }
    84.