added return value of bash module. #52
Conversation
cfc4n
added
enhancement
|
please fix all issues,and merge all commits into one commit with command git reset --soft HEAD~3
git commit
git push -fand This PR will autorefresh |
| @@ -104,6 +104,7 @@ func (this *MBashProbe) setupManagers() { | |||
| } | |||
|
|
|||
| this.logger.Printf("HOOK binrayPath:%s, FunctionName:readline\n", binaryPath) | |||
| this.logger.Printf("HOOK binrayPath:%s, FunctionName:execute_command\n", binaryPath) | |||
There was a problem hiding this comment.
Is it repeated here? Line 106 and 107
There was a problem hiding this comment.
107 is another hook, execute_command
| { | ||
| Section: "uretprobe/bash_retval", | ||
| EbpfFuncName: "uretprobe_bash_retval", | ||
| AttachToFuncName: "execute_command", |
There was a problem hiding this comment.
Can you give some source code about bash return like https://github.com/ehids/ecapture/blob/master/kern/README.md .
There was a problem hiding this comment.
you want func_prototype or others?
proto like this
int
execute_command (command)
COMMAND *command;
{
struct fd_bitmap *bitmap;
int result;
current_fds_to_close = (struct fd_bitmap *)NULL;
bitmap = new_fd_bitmap (FD_BITMAP_DEFAULT_SIZE);
begin_unwind_frame ("execute-command");
add_unwind_protect (dispose_fd_bitmap, (char *)bitmap);
/* Just do the command, but not asynchronously. */
result = execute_command_internal (command, 0, NO_PIPE, NO_PIPE, bitmap);
dispose_fd_bitmap (bitmap);
discard_unwind_frame ("execute-command");
#if defined (PROCESS_SUBSTITUTION)
/* don't unlink fifos if we're in a shell function; wait until the function
returns. */
if (variable_context == 0)
unlink_fifo_list ();
#endif /* PROCESS_SUBSTITUTION */
QUIT;
return (result);
}
the bash workflow like this
main()
|
reader_loop() 解析
|--------------------------->read_command()-->parse_command()-->yyparse()-->yylex()-->read_token()-->read_token_word()
| | | | |
execute_command() <-------------- current_command <--------------- global_command <------------token------------word
|
execute_command_internal()
|
execute_xxxx_command()
|
execute_simple_command()
|
|--->expand_words()-->expand_word_list_internal()
| 子进程
|------------------------------------->execute_disk_command()------------->shell_execve()-->execve()
| 磁盘命令 | | |
|函数及内置命令 make_child() | |FAILED
| | | |
execute_builtin_or_function() fork()----------->pid ->execute_shell_script()
|
--------->return(result)
父进程
|
I have run the command up, is that works? I want to add falgs on bash command which will be used like this |
|
copy that, Do you have any other issues with this PR? |
|
I have implemented the command func like
|
|
please merge all commits into one commit. ref: https://www.internalpointers.com/post/squash-commits-into-one-git |
|
sorry about these commits, I am not familiar with github's instruction, I am trying to merge all commits now. |
|
加下 https://raw.githubusercontent.com/ehids/ecapture/master/images/wechat_gzhh.png 微信公众号,里面回复“微信群”,会给发给你群二维码,我们群里沟通吧。 |
|
群二维码过期啦 |
cfc4n
changed the title
the commond which been exec successfully will return 0,otherwhise will return errcode.
