Özgür Kesim
fb59ca1072
symbolyze/ now contains a module that exposes a Finder type with a
simple API, like:
finder := symbolyze.New("_PyRuntime", "*python3*")
finder.Debug(true)
finder.OnFound(mapFD.Set)
finder.Run()
Instead of writing (pid, offset) directly to a eBPF-map, it implements
an observer-pattern and expects a callback.
TODOs/next steps:
- Write documentation
- Add tests
- Experiment and re-evaluate design
40 lines
778 B
Go
40 lines
778 B
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/optimyze-interviews/OezguerKesim/GetRuntimeAddresses/ebpf"
|
|
"github.com/optimyze-interviews/OezguerKesim/GetRuntimeAddresses/symbolyze"
|
|
)
|
|
|
|
func main() {
|
|
mapFD, err := ebpf.CreateMap()
|
|
if err != nil {
|
|
fmt.Printf("Failed to create eBPF map: %s\n", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
fmt.Printf("Created eBPF map (FD: %d)\n", mapFD)
|
|
|
|
//
|
|
// Solution to your tasks goes here
|
|
//
|
|
|
|
finder := symbolyze.New("_PyRuntime", "*python3*")
|
|
finder.OnFound(mapFD.Set)
|
|
finder.Run()
|
|
|
|
mapContents, err := mapFD.GetMap()
|
|
if err != nil {
|
|
fmt.Printf("Failed to get the map contents: %s", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
fmt.Printf("Printing contents of map %d\n", mapFD)
|
|
for k, v := range mapContents {
|
|
fmt.Printf("\t%d -> 0x%x\n", k, v)
|
|
}
|
|
os.Exit(0)
|
|
}
|