Created
December 9, 2020 08:52
-
-
Save Jongy/ecf46708fb4f398d7c3089d817d70c70 to your computer and use it in GitHub Desktop.
Terminal history from my talk https://www.meetup.com/Silicon-Valley-Linux-Technology/events/274968704/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ socat file:`tty`,raw,echo=0,escape=0xc tcp:10.0.2.3:9999,connect-timeout=0.5 | |
| MicroPython v1.12-165-g7f2a08834-dirty on 2020-12-07; Linux version 4.15.0-72-generic with x86_64 | |
| Type "help()" for more information. | |
| >>> | |
| >>> | |
| >>> | |
| >>> | |
| >>> 5 + 5 | |
| 10 | |
| >>> | |
| >>> | |
| >>> printk | |
| Symbol("printk", 0xffffffff810f2ca0, exported=True) | |
| >>> printk("!!\n") | |
| 2 | |
| >>> printk("!!\n") | |
| 2 | |
| >>> printk("!! %d %s\n", 5 "hello from python!") | |
| Traceback (most recent call last): | |
| File "<stdin>", line 1 | |
| SyntaxError: invalid syntax | |
| >>> printk("!! %d %s\n", 5, "hello from python!") | |
| 23 | |
| >>> printk("buf: %*pE\n", 5, "aaa\x15a") | |
| 13 | |
| >>> printk("IPv4: %pI4\n", "\x7f\x00\x00\x01") | |
| 15 | |
| >>> | |
| >>> | |
| >>> | |
| >>> | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === task_struct = lookup_struct("task_struct") | |
| === | |
| === from kernel_ffi import current | |
| === p = task_struct(current()) | |
| === | |
| === | |
| >>> p | |
| StructPtr(0xffff88822b9a2b00, Struct(72704, 'task_struct', ...)) | |
| >>> p. | |
| __dir__ __class__ __getattr__ __init__ | |
| __int__ __module__ __qualname__ __repr__ | |
| ____ptr __dict__ __eq__ __setattr__ | |
| utime ____struct flags pending | |
| fs prio state stack | |
| cpu rcu security pid | |
| parent tasks vmacache mempolicy | |
| rss_stat files cred seccomp | |
| signal stime gtime sched_info | |
| on_rq usage ptrace wake_entry | |
| on_cpu last_wakee wake_cpu se | |
| rt dl btrace_seq policy | |
| mm active_mm exit_state exit_code | |
| jobctl in_execve in_iowait tgid | |
| children sibling ptraced pids | |
| vfork_done nvcsw nivcsw start_time | |
| min_flt maj_flt cpu_timers real_cred | |
| comm nameidata sysvsem sysvshm | |
| nsproxy sighand blocked sas_ss_sp | |
| task_works loginuid sessionid alloc_lock | |
| pi_lock wake_q pi_waiters bio_list | |
| plug io_context ioac cgroups | |
| cg_list closid rmid il_prev | |
| node_stamp numa_work numa_entry numa_group | |
| tlb_ubc task_frag delays nr_dirtied | |
| ret_stack trace utask thread | |
| >>> p.pid | |
| 15995 | |
| >>> p.comm | |
| ArrayPtr(0xffff88822b9a3550, 16, Scalar(8, 'char', True)) | |
| >>> p.comm.read() | |
| 'kmpy-server' | |
| >>> p.comm = "hello i am micropython" | |
| Traceback (most recent call last): | |
| File "<stdin>", line 1, in <module> | |
| File "struct_access.py", line 1, in __setattr__ | |
| File "struct_access.py", line 1, in _write_accessor | |
| ValueError: Buffer overflow! | |
| >>> p.comm = "hello i am micro" | |
| >>> % | |
| $ socat file:`tty`,raw,echo=0,escape=0xc tcp:10.0.2.3:9999,connect-timeout=0.5 | |
| MicroPython v1.12-165-g7f2a08834-dirty on 2020-12-07; Linux version 4.15.0-72-generic with x86_64 | |
| Type "help()" for more information. | |
| >>> | |
| >>> | |
| >>> | |
| >>> | |
| >>> | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === task_struct = lookup_struct("task_struct") | |
| === | |
| === from kernel_ffi import current | |
| === p = task_struct(current()) | |
| === | |
| === | |
| === | |
| === | |
| >>> | |
| >>> | |
| >>> p | |
| StructPtr(0xffff888230398000, Struct(72704, 'task_struct', ...)) | |
| >>> p.comm.read() | |
| 'kmpy-server' | |
| >>> p.comm = "hello\0" | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === | |
| === | |
| === from struct_access import container_of | |
| === | |
| === def ps(): | |
| === p = task_struct(current()) | |
| === p1 = p | |
| === while True: | |
| === print("pid {} comm {!r}".format(p.pid, p.comm.read())) | |
| === p = container_of(p.tasks.next, "task_struct", "tasks") | |
| === if p == p1: | |
| === break | |
| === | |
| === | |
| >>> | |
| >>> | |
| >>> ps() | |
| pid 3288 comm 'hello' | |
| pid 3303 comm 'pause' | |
| pid 3319 comm 'containerd-shim' | |
| pid 3345 comm 'pause' | |
| pid 3369 comm 'containerd-shim' | |
| pid 3395 comm 'pause' | |
| pid 3435 comm 'containerd-shim' | |
| pid 3439 comm 'containerd-shim' | |
| pid 3473 comm 'kube-scheduler' | |
| pid 3479 comm 'kube-controller' | |
| pid 3521 comm 'containerd-shim' | |
| pid 3553 comm 'kube-apiserver' | |
| pid 3625 comm 'containerd-shim' | |
| pid 3644 comm 'etcd' | |
| pid 4153 comm 'containerd-shim' | |
| pid 4179 comm 'pause' | |
| pid 4196 comm 'containerd-shim' | |
| pid 4247 comm 'pause' | |
| pid 4303 comm 'containerd-shim' | |
| pid 4327 comm 'kube-proxy' | |
| pid 4794 comm 'containerd-shim' | |
| pid 4823 comm 'flanneld' | |
| pid 5264 comm 'containerd-shim' | |
| pid 5273 comm 'containerd-shim' | |
| pid 5345 comm 'pause' | |
| pid 5410 comm 'pause' | |
| pid 5459 comm 'containerd-shim' | |
| pid 5482 comm 'coredns' | |
| pid 5593 comm 'containerd-shim' | |
| pid 5611 comm 'coredns' | |
| pid 0 comm 'swapper/0' | |
| pid 1 comm 'systemd' | |
| pid 2 comm 'kthreadd' | |
| pid 3 comm 'kworker/0:0' | |
| pid 4 comm 'kworker/0:0H' | |
| pid 5 comm 'kworker/u8:0' | |
| pid 6 comm 'mm_percpu_wq' | |
| pid 7 comm 'ksoftirqd/0' | |
| pid 8 comm 'rcu_sched' | |
| pid 9 comm 'rcu_bh' | |
| pid 10 comm 'migration/0' | |
| pid 11 comm 'watchdog/0' | |
| pid 12 comm 'cpuhp/0' | |
| pid 13 comm 'cpuhp/1' | |
| pid 14 comm 'watchdog/1' | |
| pid 15 comm 'migration/1' | |
| pid 16 comm 'ksoftirqd/1' | |
| pid 17 comm 'kworker/1:0' | |
| pid 18 comm 'kworker/1:0H' | |
| pid 19 comm 'cpuhp/2' | |
| pid 20 comm 'watchdog/2' | |
| pid 21 comm 'migration/2' | |
| pid 22 comm 'ksoftirqd/2' | |
| pid 23 comm 'kworker/2:0' | |
| pid 24 comm 'kworker/2:0H' | |
| pid 25 comm 'cpuhp/3' | |
| pid 26 comm 'watchdog/3' | |
| pid 27 comm 'migration/3' | |
| pid 28 comm 'ksoftirqd/3' | |
| pid 29 comm 'kworker/3:0' | |
| pid 30 comm 'kworker/3:0H' | |
| pid 31 comm 'kdevtmpfs' | |
| pid 32 comm 'netns' | |
| pid 33 comm 'rcu_tasks_kthre' | |
| pid 34 comm 'kauditd' | |
| pid 35 comm 'kworker/0:1' | |
| pid 36 comm 'khungtaskd' | |
| pid 37 comm 'oom_reaper' | |
| pid 38 comm 'writeback' | |
| pid 39 comm 'kcompactd0' | |
| pid 40 comm 'ksmd' | |
| pid 41 comm 'khugepaged' | |
| pid 42 comm 'crypto' | |
| pid 43 comm 'kintegrityd' | |
| pid 44 comm 'kblockd' | |
| pid 45 comm 'ata_sff' | |
| pid 46 comm 'md' | |
| pid 47 comm 'edac-poller' | |
| pid 48 comm 'devfreq_wq' | |
| pid 49 comm 'watchdogd' | |
| pid 50 comm 'kworker/1:1' | |
| pid 51 comm 'kworker/2:1' | |
| pid 52 comm 'kworker/3:1' | |
| pid 53 comm 'kworker/u8:1' | |
| pid 54 comm 'kswapd0' | |
| pid 55 comm 'kworker/u9:0' | |
| pid 56 comm 'ecryptfs-kthrea' | |
| pid 98 comm 'kthrotld' | |
| pid 99 comm 'acpi_thermal_pm' | |
| pid 100 comm 'scsi_eh_0' | |
| pid 101 comm 'scsi_tmf_0' | |
| pid 102 comm 'scsi_eh_1' | |
| pid 103 comm 'scsi_tmf_1' | |
| pid 104 comm 'kworker/u8:2' | |
| pid 105 comm 'kworker/u8:3' | |
| pid 109 comm 'ipv6_addrconf' | |
| pid 118 comm 'kstrp' | |
| pid 135 comm 'charger_manager' | |
| pid 208 comm 'kworker/0:1H' | |
| pid 215 comm 'kworker/1:1H' | |
| pid 286 comm 'raid5wq' | |
| pid 319 comm 'kworker/2:1H' | |
| pid 327 comm 'kworker/3:1H' | |
| pid 334 comm 'jbd2/sda-8' | |
| pid 335 comm 'ext4-rsv-conver' | |
| pid 409 comm 'systemd-journal' | |
| pid 412 comm 'lvmetad' | |
| pid 415 comm 'rpciod' | |
| pid 416 comm 'xprtiod' | |
| pid 418 comm 'iscsi_eh' | |
| pid 419 comm 'kworker/3:2' | |
| pid 420 comm 'ib-comp-wq' | |
| pid 421 comm 'ib-comp-unb-wq' | |
| pid 422 comm 'ib_mcast' | |
| pid 423 comm 'ib_nl_sa_wq' | |
| pid 424 comm 'rdma_cm' | |
| pid 432 comm 'systemd-udevd' | |
| pid 463 comm 'loop0' | |
| pid 464 comm 'loop1' | |
| pid 465 comm 'kworker/1:2' | |
| pid 466 comm 'loop2' | |
| pid 468 comm 'loop3' | |
| pid 469 comm 'loop4' | |
| pid 547 comm 'kworker/u8:4' | |
| pid 558 comm 'spl_system_task' | |
| pid 559 comm 'spl_delay_taskq' | |
| pid 560 comm 'spl_dynamic_tas' | |
| pid 561 comm 'spl_kmem_cache' | |
| pid 574 comm 'zvol' | |
| pid 583 comm 'arc_prune' | |
| pid 584 comm 'arc_reclaim' | |
| pid 585 comm 'dbu_evict' | |
| pid 586 comm 'dbuf_evict' | |
| pid 588 comm 'z_vdev_file' | |
| pid 589 comm 'l2arc_feed' | |
| pid 754 comm 'systemd-timesyn' | |
| pid 758 comm 'rpcbind' | |
| pid 980 comm 'systemd-network' | |
| pid 994 comm 'systemd-resolve' | |
| pid 1007 comm 'kworker/0:2' | |
| pid 1034 comm 'kworker/2:2' | |
| pid 1087 comm 'irqbalance' | |
| pid 1093 comm 'systemd-logind' | |
| pid 1094 comm 'zed' | |
| pid 1095 comm 'networkd-dispat' | |
| pid 1096 comm 'lxcfs' | |
| pid 1098 comm 'kubelet' | |
| pid 1103 comm 'cron' | |
| pid 1106 comm 'rsyslogd' | |
| pid 1109 comm 'dbus-daemon' | |
| pid 1198 comm 'atd' | |
| pid 1230 comm 'snapd' | |
| pid 1235 comm 'accounts-daemon' | |
| pid 1240 comm 'unattended-upgr' | |
| pid 1253 comm 'sshd' | |
| pid 1260 comm 'login' | |
| pid 1301 comm 'containerd' | |
| pid 1304 comm 'dockerd' | |
| pid 1308 comm 'agetty' | |
| pid 1591 comm 'polkitd' | |
| pid 2345 comm 'systemd' | |
| pid 2355 comm '(sd-pam)' | |
| pid 2375 comm 'bash' | |
| pid 3197 comm 'containerd-shim' | |
| pid 3216 comm 'pause' | |
| pid 3269 comm 'containerd-shim' | |
| >>> | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === def pgrep_pid(pid): | |
| === p = task_struct(current()) | |
| === p1 = p | |
| === while True: | |
| === if p.pid == pid: | |
| === return p | |
| === | |
| === p = container_of(p.tasks.next, "task_struct", "tasks") | |
| === if p == p1: | |
| === break | |
| === | |
| === | |
| === def pgrep(s): | |
| === p = task_struct(current()) | |
| === p1 = p | |
| === while True: | |
| === if p.comm.read() == s: | |
| === return p | |
| === | |
| === p = container_of(p.tasks.next, "task_struct", "tasks") | |
| === if p == p1: | |
| === break | |
| === | |
| === | |
| >>> | |
| >>> | |
| >>> | |
| >>> | |
| >>> ps() | |
| pid 3288 comm 'hello' | |
| pid 3303 comm 'pause' | |
| pid 3319 comm 'containerd-shim' | |
| pid 3345 comm 'pause' | |
| pid 3369 comm 'containerd-shim' | |
| pid 3395 comm 'pause' | |
| pid 3435 comm 'containerd-shim' | |
| pid 3439 comm 'containerd-shim' | |
| pid 3473 comm 'kube-scheduler' | |
| pid 3479 comm 'kube-controller' | |
| pid 3521 comm 'containerd-shim' | |
| pid 3553 comm 'kube-apiserver' | |
| pid 3625 comm 'containerd-shim' | |
| pid 3644 comm 'etcd' | |
| pid 4153 comm 'containerd-shim' | |
| pid 4179 comm 'pause' | |
| pid 4196 comm 'containerd-shim' | |
| pid 4247 comm 'pause' | |
| pid 4303 comm 'containerd-shim' | |
| pid 4327 comm 'kube-proxy' | |
| pid 4794 comm 'containerd-shim' | |
| pid 4823 comm 'flanneld' | |
| pid 5264 comm 'containerd-shim' | |
| pid 5273 comm 'containerd-shim' | |
| pid 5345 comm 'pause' | |
| pid 5410 comm 'pause' | |
| pid 5459 comm 'containerd-shim' | |
| pid 5482 comm 'coredns' | |
| pid 5593 comm 'containerd-shim' | |
| pid 5611 comm 'coredns' | |
| pid 6898 comm 'docker' | |
| pid 6921 comm 'containerd-shim' | |
| pid 6948 comm 'sh' | |
| pid 0 comm 'swapper/0' | |
| pid 1 comm 'systemd' | |
| pid 2 comm 'kthreadd' | |
| pid 3 comm 'kworker/0:0' | |
| pid 4 comm 'kworker/0:0H' | |
| pid 5 comm 'kworker/u8:0' | |
| pid 6 comm 'mm_percpu_wq' | |
| pid 7 comm 'ksoftirqd/0' | |
| pid 8 comm 'rcu_sched' | |
| pid 9 comm 'rcu_bh' | |
| pid 10 comm 'migration/0' | |
| pid 11 comm 'watchdog/0' | |
| pid 12 comm 'cpuhp/0' | |
| pid 13 comm 'cpuhp/1' | |
| pid 14 comm 'watchdog/1' | |
| pid 15 comm 'migration/1' | |
| pid 16 comm 'ksoftirqd/1' | |
| pid 17 comm 'kworker/1:0' | |
| pid 18 comm 'kworker/1:0H' | |
| pid 19 comm 'cpuhp/2' | |
| pid 20 comm 'watchdog/2' | |
| pid 21 comm 'migration/2' | |
| pid 22 comm 'ksoftirqd/2' | |
| pid 23 comm 'kworker/2:0' | |
| pid 24 comm 'kworker/2:0H' | |
| pid 25 comm 'cpuhp/3' | |
| pid 26 comm 'watchdog/3' | |
| pid 27 comm 'migration/3' | |
| pid 28 comm 'ksoftirqd/3' | |
| pid 29 comm 'kworker/3:0' | |
| pid 30 comm 'kworker/3:0H' | |
| pid 31 comm 'kdevtmpfs' | |
| pid 32 comm 'netns' | |
| pid 33 comm 'rcu_tasks_kthre' | |
| pid 34 comm 'kauditd' | |
| pid 35 comm 'kworker/0:1' | |
| pid 36 comm 'khungtaskd' | |
| pid 37 comm 'oom_reaper' | |
| pid 38 comm 'writeback' | |
| pid 39 comm 'kcompactd0' | |
| pid 40 comm 'ksmd' | |
| pid 41 comm 'khugepaged' | |
| pid 42 comm 'crypto' | |
| pid 43 comm 'kintegrityd' | |
| pid 44 comm 'kblockd' | |
| pid 45 comm 'ata_sff' | |
| pid 46 comm 'md' | |
| pid 47 comm 'edac-poller' | |
| pid 48 comm 'devfreq_wq' | |
| pid 49 comm 'watchdogd' | |
| pid 50 comm 'kworker/1:1' | |
| pid 51 comm 'kworker/2:1' | |
| pid 52 comm 'kworker/3:1' | |
| pid 53 comm 'kworker/u8:1' | |
| pid 54 comm 'kswapd0' | |
| pid 55 comm 'kworker/u9:0' | |
| pid 56 comm 'ecryptfs-kthrea' | |
| pid 98 comm 'kthrotld' | |
| pid 99 comm 'acpi_thermal_pm' | |
| pid 100 comm 'scsi_eh_0' | |
| pid 101 comm 'scsi_tmf_0' | |
| pid 102 comm 'scsi_eh_1' | |
| pid 103 comm 'scsi_tmf_1' | |
| pid 104 comm 'kworker/u8:2' | |
| pid 105 comm 'kworker/u8:3' | |
| pid 109 comm 'ipv6_addrconf' | |
| pid 118 comm 'kstrp' | |
| pid 135 comm 'charger_manager' | |
| pid 208 comm 'kworker/0:1H' | |
| pid 215 comm 'kworker/1:1H' | |
| pid 286 comm 'raid5wq' | |
| pid 319 comm 'kworker/2:1H' | |
| pid 327 comm 'kworker/3:1H' | |
| pid 334 comm 'jbd2/sda-8' | |
| pid 335 comm 'ext4-rsv-conver' | |
| pid 409 comm 'systemd-journal' | |
| pid 412 comm 'lvmetad' | |
| pid 415 comm 'rpciod' | |
| pid 416 comm 'xprtiod' | |
| pid 418 comm 'iscsi_eh' | |
| pid 419 comm 'kworker/3:2' | |
| pid 420 comm 'ib-comp-wq' | |
| pid 421 comm 'ib-comp-unb-wq' | |
| pid 422 comm 'ib_mcast' | |
| pid 423 comm 'ib_nl_sa_wq' | |
| pid 424 comm 'rdma_cm' | |
| pid 432 comm 'systemd-udevd' | |
| pid 463 comm 'loop0' | |
| pid 464 comm 'loop1' | |
| pid 465 comm 'kworker/1:2' | |
| pid 466 comm 'loop2' | |
| pid 468 comm 'loop3' | |
| pid 469 comm 'loop4' | |
| pid 547 comm 'kworker/u8:4' | |
| pid 558 comm 'spl_system_task' | |
| pid 559 comm 'spl_delay_taskq' | |
| pid 560 comm 'spl_dynamic_tas' | |
| pid 561 comm 'spl_kmem_cache' | |
| pid 574 comm 'zvol' | |
| pid 583 comm 'arc_prune' | |
| pid 584 comm 'arc_reclaim' | |
| pid 585 comm 'dbu_evict' | |
| pid 586 comm 'dbuf_evict' | |
| pid 588 comm 'z_vdev_file' | |
| pid 589 comm 'l2arc_feed' | |
| pid 754 comm 'systemd-timesyn' | |
| pid 758 comm 'rpcbind' | |
| pid 980 comm 'systemd-network' | |
| pid 994 comm 'systemd-resolve' | |
| pid 1007 comm 'kworker/0:2' | |
| pid 1034 comm 'kworker/2:2' | |
| pid 1087 comm 'irqbalance' | |
| pid 1093 comm 'systemd-logind' | |
| pid 1094 comm 'zed' | |
| pid 1095 comm 'networkd-dispat' | |
| pid 1096 comm 'lxcfs' | |
| pid 1098 comm 'kubelet' | |
| pid 1103 comm 'cron' | |
| pid 1106 comm 'rsyslogd' | |
| pid 1109 comm 'dbus-daemon' | |
| pid 1198 comm 'atd' | |
| pid 1230 comm 'snapd' | |
| pid 1235 comm 'accounts-daemon' | |
| pid 1240 comm 'unattended-upgr' | |
| pid 1253 comm 'sshd' | |
| pid 1260 comm 'login' | |
| pid 1301 comm 'containerd' | |
| pid 1304 comm 'dockerd' | |
| pid 1308 comm 'agetty' | |
| pid 1591 comm 'polkitd' | |
| pid 2345 comm 'systemd' | |
| pid 2355 comm '(sd-pam)' | |
| pid 2375 comm 'bash' | |
| pid 3197 comm 'containerd-shim' | |
| pid 3216 comm 'pause' | |
| pid 3269 comm 'containerd-shim' | |
| >>> | |
| >>> sh = pgrep("sh") | |
| >>> sh | |
| StructPtr(0xffff88822c339580, Struct(72704, 'task_struct', ...)) | |
| >>> sh.pid | |
| 6948 | |
| >>> | |
| >>> PIDTYPE_PID = 0 | |
| >>> __task_pid_nr_ns(s, PIDTYPE_PID, None) | |
| Traceback (most recent call last): | |
| File "<stdin>", line 1, in <module> | |
| NameError: name 's' isn't defined | |
| >>> __task_pid_nr_ns(sh, PIDTYPE_PID, None) | |
| 6948 | |
| >>> task_active_pid_ns(sh) | |
| 18446612691441707664 | |
| >>> hex(_) | |
| '0xffff88822e986a90' | |
| >>> __task_pid_nr_ns(sh, PIDTYPE_PID, task_active_pid_ns(sh)) | |
| 1 | |
| >>> | |
| >>> sh | |
| StructPtr(0xffff88822c339580, Struct(72704, 'task_struct', ...)) | |
| >>> sh.nsproxy | |
| StructPtr(0xffff88822ad0d310, Struct(448, 'nsproxy', ...)) | |
| >>> sh.nsproxy. | |
| __dir__ __class__ __getattr__ __init__ | |
| __int__ __module__ __qualname__ __repr__ | |
| count ____ptr __dict__ __eq__ | |
| __setattr__ ____struct uts_ns ipc_ns | |
| mnt_ns net_ns cgroup_ns | |
| >>> sh.nsproxy.net_ns | |
| StructPtr(0xffff88822fd18000, Struct(55296, 'net', ...)) | |
| >>> sh.nsproxy.ipc_ns | |
| Ptr(UnknownStruct('ipc_namespace'), 0xffff88822c004800) | |
| >>> p = task_struct(current()) | |
| >>> p.nsproxy.net_ns | |
| StructPtr(0xffffffff825e5d80, Struct(55296, 'net', ...)) | |
| >>> sh.nsproxy.net_ns | |
| StructPtr(0xffff88822fd18000, Struct(55296, 'net', ...)) | |
| >>> init_net | |
| Symbol("init_net", 0xffffffff825e5d80, exported=True) | |
| >>> x = sh.nsproxy.net_ns | |
| >>> | |
| >>> | |
| >>> sh.nsproxy.net_ns = p.nsproxy.net_ns | |
| >>> sh.nsproxy.net_ns = x | |
| >>> sh.nsproxy.net_ns = p.nsproxy.net_ns | |
| >>> sh.nsproxy.net_ns = p.nsproxy.net_ns | |
| >>> sh.nsproxy.net_ns = x | |
| >>> sh | |
| StructPtr(0xffff88822c339580, Struct(72704, 'task_struct', ...)) | |
| >>> sleep = pgrep("sleep") | |
| >>> sleep | |
| StructPtr(0xffff88822d8d5600, Struct(72704, 'task_struct', ...)) | |
| >>> sh | |
| StructPtr(0xffff88822c339580, Struct(72704, 'task_struct', ...)) | |
| >>> sleep.re | |
| real_cred ret_stack | |
| >>> sleep.real_parent | |
| StructPtr(0xffff88822c339580, Struct(72704, 'task_struct', ...)) | |
| >>> sh.real_parent | |
| StructPtr(0xffff88822c899580, Struct(72704, 'task_struct', ...)) | |
| >>> | |
| >>> x = sh.real_parent | |
| >>> sh.real_parent = sleep | |
| >>> sleep.real_parent | |
| StructPtr(0xffff88822c339580, Struct(72704, 'task_struct', ...)) | |
| >>> sh.real_parent | |
| StructPtr(0xffff88822d8d5600, Struct(72704, 'task_struct', ...)) | |
| >>> | |
| >>> sh.real_parent = x | |
| >>> | |
| >>> | |
| >>> urandom_fops | |
| Symbol("urandom_fops", 0xffffffff81eb88a0, exported=False) | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === | |
| === from kernel_ffi import callback, current | |
| === | |
| === task_struct = lookup_struct("task_struct") | |
| === file_operations = lookup_struct("file_operations") | |
| === | |
| === real_urandom_read = urandom_read | |
| === | |
| === | |
| === def my_urandom_read(filp, buf, count, ppos): | |
| === if task_struct(current()).comm.read() == "head": | |
| === # lousy copy_to_user, should be improved if you use with untrusted programs | |
| === src = b"abc" * (count // 3) | |
| === memcpy(buf, src, len(src)) | |
| === return len(src) | |
| === | |
| === return real_urandom_read(filp, buf, count, ppos) | |
| === | |
| === | |
| === cb = callback(my_urandom_read) | |
| === | |
| === file_operations(urandom_fops).read = cb.ptr() | |
| === | |
| === | |
| >>> | |
| >>> cb.p() | |
| Traceback (most recent call last): | |
| File "<stdin>", line 1, in <module> | |
| AttributeError: 'callback' object has no attribute 'p' | |
| >>> cb.ptr() | |
| 18446683600617148416 | |
| >>> | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === rom kernel_ffi import ftrace, str as s | |
| === | |
| === filename = lookup_struct("filename") | |
| === | |
| === | |
| === def IS_ERR(n): | |
| === return n > (1 << 64) - 4096 | |
| === | |
| === | |
| === files = [] | |
| === | |
| === | |
| === def do_filp_open_hook(orig, dfd, pathname, op): | |
| === ret = orig(dfd, pathname, op) | |
| === | |
| === if not IS_ERR(ret): | |
| === fn = s(int(filename(pathname).name)) | |
| === if fn == "/mysecret": | |
| === files.append(ret) | |
| === | |
| === return ret | |
| === | |
| === | |
| === def vfs_write_hook(orig, file, buf, count, pos): | |
| === if file in files: | |
| === memset(buf, ord('*'), count) | |
| === return orig(file, buf, count, pos) | |
| === | |
| === | |
| === h1 = ftrace("do_filp_open", do_filp_open_hook) | |
| === h2 = ftrace("vfs_write", vfs_write_hook) | |
| === | |
| Traceback (most recent call last): | |
| File "<stdin>", line 1 | |
| SyntaxError: invalid syntax | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === from kernel_ffi import ftrace, str as s | |
| === | |
| === filename = lookup_struct("filename") | |
| === | |
| === | |
| === def IS_ERR(n): | |
| === return n > (1 << 64) - 4096 | |
| === | |
| === | |
| === files = [] | |
| === | |
| === | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === def do_filp_open_hook(orig, dfd, pathname, op): | |
| === ret = orig(dfd, pathname, op) | |
| === | |
| === if not IS_ERR(ret): | |
| === fn = s(int(filename(pathname).name)) | |
| === if fn == "/mysecret": | |
| === files.append(ret) | |
| === | |
| === return ret | |
| === | |
| === | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === def vfs_write_hook(orig, file, buf, count, pos): | |
| === if file in files: | |
| === memset(buf, ord('*'), count) | |
| === return orig(file, buf, count, pos) | |
| === | |
| === | |
| >>> | |
| paste mode; Ctrl-C to cancel, Ctrl-D to finish | |
| === | |
| === h1 = ftrace("do_filp_open", do_filp_open_hook) | |
| === h2 = ftrace("vfs_write", vfs_write_hook) | |
| === | |
| >>> | |
| >>> files | |
| [18446612691401884672, 18446612691474210560, 18446612691474209536] | |
| >>> files | |
| [18446612691401884672, 18446612691474210560, 18446612691474209536, 18446612691407267072] | |
| >>> files | |
| [18446612691401884672, 18446612691474210560, 18446612691474209536, 18446612691407267072, 18446612691395094784] | |
| >>> | |
| >>> h1.rm() | |
| >>> h2.rm() | |
| >>> | |
| >>> | |
| >>> | |
| >>> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment