ebpf-challenge/GetRuntimeAddresses/main.go

package main

import (
	"flag"
	"fmt"
	"os"
	"time"

	"github.com/optimyze-interviews/OezguerKesim/GetRuntimeAddresses/ebpf"
	"github.com/optimyze-interviews/OezguerKesim/GetRuntimeAddresses/symbolyze"
)

var (
	symbol = flag.String("symbol", "_PyRuntime", "Symbol to search for")
	glob   = flag.String("glob", "*python3*", "pattern an ELF-file must match (see filepath.Match)")
	debug  = flag.Bool("debug", false, "run in debug mode")
)

func main() {
	flag.Parse()

	mapFD, err := ebpf.CreateMap()
	if err != nil {
		fmt.Printf("Failed to create eBPF map: %s\n", err)
		os.Exit(1)
	}

	fmt.Printf("Created eBPF map (FD: %d)\n", mapFD)

	scanner := symbolyze.NewScanner(*symbol, *glob)
	scanner.OnFound(mapFD.Set)
	scanner.Debug(*debug)

	go scanner.RunEvery(time.Second)

	time.Sleep(10 * time.Second)
	scanner.Stop()

	err = scanner.Errors()
	if err != nil {
		fmt.Printf("Failed to run the symbolyze scanner: %s", err)
		os.Exit(1)
	}

	mapContents, err := mapFD.GetMap()
	if err != nil {
		fmt.Printf("Failed to get the map contents: %s", err)
		os.Exit(1)
	}

	fmt.Printf("Printing contents of map %d\n", mapFD)
	for k, v := range mapContents {
		fmt.Printf("\t%d -> 0x%x\n", k, v)
	}
	os.Exit(0)
}
Initial import 2020-01-14 15:32:06 +01:00			`package main`

			`import (`
Added commandline flags 2020-01-16 00:02:59 +01:00			`"flag"`
Initial import 2020-01-14 15:32:06 +01:00			`"fmt"`
			`"os"`
RunEvery() and better Error-handling added 1. symbolyze.Scanner now implements the RunEvery(time.Duration) method that will call scanner.Run() periodically. It should be called to run in its own goroutine. The loop can be stopped by calling scanner.Stop(). 2. The scanner now collects all errors from all observers in a private error type `errors []error`. It's Error() returns a cumulated list of errors, seperated by a newline. 2020-01-18 20:27:23 +01:00			`"time"`
Initial import 2020-01-14 15:32:06 +01:00
			`"github.com/optimyze-interviews/OezguerKesim/GetRuntimeAddresses/ebpf"`
modular solution, first working draft symbolyze/ now contains a module that exposes a Finder type with a simple API, like: finder := symbolyze.New("_PyRuntime", "python3") finder.Debug(true) finder.OnFound(mapFD.Set) finder.Run() Instead of writing (pid, offset) directly to a eBPF-map, it implements an observer-pattern and expects a callback. TODOs/next steps: - Write documentation - Add tests - Experiment and re-evaluate design 2020-01-15 20:42:53 +01:00			`"github.com/optimyze-interviews/OezguerKesim/GetRuntimeAddresses/symbolyze"`
Initial import 2020-01-14 15:32:06 +01:00			`)`

Added commandline flags 2020-01-16 00:02:59 +01:00			`var (`
			`symbol = flag.String("symbol", "_PyRuntime", "Symbol to search for")`
			`glob = flag.String("glob", "python3", "pattern an ELF-file must match (see filepath.Match)")`
			`debug = flag.Bool("debug", false, "run in debug mode")`
			`)`

Initial import 2020-01-14 15:32:06 +01:00			`func main() {`
Added commandline flags 2020-01-16 00:02:59 +01:00			`flag.Parse()`

Initial import 2020-01-14 15:32:06 +01:00			`mapFD, err := ebpf.CreateMap()`
			`if err != nil {`
			`fmt.Printf("Failed to create eBPF map: %s\n", err)`
			`os.Exit(1)`
			`}`

			`fmt.Printf("Created eBPF map (FD: %d)\n", mapFD)`

Rename symbolyze.New -> symbolze.NewScanner 2020-01-16 00:13:03 +01:00			`scanner := symbolyze.NewScanner(symbol, glob)`
Cleanup done and documtation added symbolyze.go has been simplified and cleaned up. It now also is documented, f.e.: % go doc Scanner package symbolyze // import "." type Scanner struct { log.Logger // Embedded logger // Has unexported fields. } Scanner represents an engine for scanning for a specific symbol in all ELF-files matching a certain pattern. The pattern is described in fileapth.Match(). Once a Scanner is created with New(), it should be populated with Observer functions using OnFound(). Optionally, the scanner can be put into debugging mode by a call to DebugOn() prior to a call to Run(). A call to Scanner.Run() then starts the engine and it will scan all pids in /proc. Whenever a match is found, all observers will be called with the (pid, offset), concurrently. func New(symbol, pathglob string) Scanner func (S Scanner) DebugOn() func (S Scanner) OnFound(fun Observer) func (S *Scanner) Run() error 2020-01-15 23:26:30 +01:00			`scanner.OnFound(mapFD.Set)`
RunEvery() and better Error-handling added 1. symbolyze.Scanner now implements the RunEvery(time.Duration) method that will call scanner.Run() periodically. It should be called to run in its own goroutine. The loop can be stopped by calling scanner.Stop(). 2. The scanner now collects all errors from all observers in a private error type `errors []error`. It's Error() returns a cumulated list of errors, seperated by a newline. 2020-01-18 20:27:23 +01:00			`scanner.Debug(*debug)`

			`go scanner.RunEvery(time.Second)`

			`time.Sleep(10 * time.Second)`
			`scanner.Stop()`
Added commandline flags 2020-01-16 00:02:59 +01:00
typo fixed: scanner.Run() -> scanner.Errors() 2020-01-19 02:26:15 +01:00			`err = scanner.Errors()`
Cleanup done and documtation added symbolyze.go has been simplified and cleaned up. It now also is documented, f.e.: % go doc Scanner package symbolyze // import "." type Scanner struct { log.Logger // Embedded logger // Has unexported fields. } Scanner represents an engine for scanning for a specific symbol in all ELF-files matching a certain pattern. The pattern is described in fileapth.Match(). Once a Scanner is created with New(), it should be populated with Observer functions using OnFound(). Optionally, the scanner can be put into debugging mode by a call to DebugOn() prior to a call to Run(). A call to Scanner.Run() then starts the engine and it will scan all pids in /proc. Whenever a match is found, all observers will be called with the (pid, offset), concurrently. func New(symbol, pathglob string) Scanner func (S Scanner) DebugOn() func (S Scanner) OnFound(fun Observer) func (S *Scanner) Run() error 2020-01-15 23:26:30 +01:00			`if err != nil {`
			`fmt.Printf("Failed to run the symbolyze scanner: %s", err)`
			`os.Exit(1)`
			`}`
first steps of exploration 2020-01-15 12:48:36 +01:00
Rough solution for Tasks 1, 2, 3 main.go: - reading /proc - iteration over entries in NNN/maps - filter glob-search for "python3" in pathname - find symbol and its offset in pathnanme - calculate offset in memory - add pid and offset to map TODO: encapsulating this into a module ebpf.go: - added type MapFD int, changing all function on a FD to methods This allows us to enrich the data type going forward - added bpf_update_elem() from the manpage ebpf2. .updateElement() is the verbatim wrapper to it. - added .Add/.Change/.Set methods, which call .updateElement with specific flags TODO: re-implement ebpf.go with pure go, using direct syscalls. 2020-01-15 19:04:56 +01:00			`mapContents, err := mapFD.GetMap()`
Initial import 2020-01-14 15:32:06 +01:00			`if err != nil {`
			`fmt.Printf("Failed to get the map contents: %s", err)`
			`os.Exit(1)`
			`}`

			`fmt.Printf("Printing contents of map %d\n", mapFD)`
			`for k, v := range mapContents {`
			`fmt.Printf("\t%d -> 0x%x\n", k, v)`
			`}`
			`os.Exit(0)`
			`}`