gosystract

package module

v1.0.2 Latest Latest Go to latest Published: Dec 1, 2019 License: MIT Imports: 0 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pjbgf/gosystract

Links

Open Source Insights

README ¶

gosystract

gosystract extracts all system calls that may be called within the execution path of a go application.

Installation:

using container image

docker run --rm -it paulinhu/gosystract gosystract

using go environment

go install github.com/pjbgf/gosystract

If you don't have $GOPATH/bin in your $PATH, prefix the command with:

PATH=$PATH:$GOPATH/bin gosystract

Note that gosystract has a dependency to the go tools when working against executable files. In that case, ensure that go is in your $PATH.

Command-line Usage:

Syntax

Usage:

	gosystrac [flags] filePath

Flags:
    --dumpfile, -d    Handles a dump file instead of a go executable.
    --template        Defines a go template for the results.
                      Example: --template='{{- range . }}{{printf "%d - %s\n" .ID .Name}}{{- end}}'

Running against gosystract itself:

$ gosystract $(which gosystract)

18 system calls found:
    sched_yield (24)
    futex (202)
    write (1)
    rt_sigprocmask (14)
    getpid (39)
    epoll_ctl (233)
    gettid (186)
    mmap (9)
    tgkill (234)
    rt_sigaction (13)
    exit_group (231)
    madvise (28)
    read (0)
    getpgrp (111)
    arch_prctl (158)
    readlinkat (267)
    close (3)
    fcntl (72)

Running the sample dump file:

$ gosystract --dumpfile test/keyring.dump

20 system calls found:
    sched_yield (24)
    futex (202)
    read (0)
    write (1)
    rt_sigprocmask (14)
    getpid (39)
    gettid (186)
    tgkill (234)
    rt_sigaction (13)
    exit_group (231)
    mmap (9)
    madvise (28)
    getpgrp (111)
    arch_prctl (158)
    epoll_ctl (233)
    readlinkat (267)
    close (3)
    fcntl (72)
    add_key (248)
    keyctl (250)

To generate a dump file from a go application use the go tool objdump:

$ go tool objdump goapp > goapp.dump

Using it programmatically

package main

import "github.com/pjbgf/gosystract/cmd/systract"

func main() {
	source := systract.NewExeReader("goapp")
	syscalls, err := systract.Extract(source)
	if err != nil {
		panic(err)
	}

    for _, syscall := range syscalls {
        fmt.Printf("%s (%d)\n", syscall.Name, syscall.ID)
    }
}

License

This application is licensed under the MIT License, you may obtain a copy of it here.

Documentation ¶

Overview ¶

Package gosystract provides libraries and a CLI to extract syscalls from go applications.

Source Files ¶

View all Source files

package.go

Directories ¶

Path	Synopsis
cmd
cli Package cli provides a command-line interface for gosystract.	Package cli provides a command-line interface for gosystract.
systract Package systract provides libraries to extract syscalls from go applications programmatically.	Package systract provides libraries to extract syscalls from go applications programmatically.
test

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL