Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix #714, Add process Architecture to the ps command #745

Merged
merged 1 commit into from
Jul 19, 2022
Merged

fix #714, Add process Architecture to the ps command #745

merged 1 commit into from
Jul 19, 2022

Conversation

timwr
Copy link
Contributor

@timwr timwr commented Jul 18, 2022
edited
Loading

Hi all, I wanted to learn a bit of golang and familiarise myself with sliver, so I thought I'd have a go at fixing #714 since it seemed straightforward.
I've opened a draft PR because I have not fully tested this, and I have not implemented macOS, but I wanted to open this as a draft pr early to get feedback.

Details

This change uses IsWow64Process on Windows and reads the elf header from /proc/<pid>/exe on Linux to determine the architecture. macOS is not implement yet, but I suspect it can be achieved with sysctlnametomib("sysctl.proc_cputype",...

Verification

make pb
make linux
[server] sliver > generate --http example.com --os linux
[server] sliver (NAME_HERE) > ps
Output:

[server] sliver (NAME_HERE) > ps

 Pid    Ppid   Owner              Arch     Executable
====== ====== ================== ======== ===========================================================
 1      0      root               x86_64   /sbin/init
 2      0      root                        kthreadd

...

moloch--
moloch-- approved these changes Jul 18, 2022
View reviewed changes
protobuf/commonpb/common.proto Outdated Show resolved Hide resolved
@rkervella rkervella self-requested a review July 18, 2022 15:57
@moloch--
Copy link
Member

Looking pretty good @timwr remove draft status when you think it's ready.

@rkervella
Copy link
Member

We can leave macos support aside for now, I'll add it when I get some time. Not super urgent to have that feature for this OS anyway.

@moloch--
Copy link
Member

Is there even a version of MacOS that supports 32-bit processes that we target?

@rkervella
Copy link
Member

I have no idea, but it might matter with stuff like ARM native vs X86 via rosetta. And looks like sysctl.proc_cputype can give us the info, so I figure it shouldn't be too hard to list.

@timwr timwr marked this pull request as ready for review July 19, 2022 00:13
@moloch--
Copy link
Member

Bypassing commit signing requirement.

@moloch-- moloch-- merged commit c46e193 into BishopFox:master Jul 19, 2022
@justinsteven justinsteven mentioned this pull request Jul 19, 2022
Closed
@justinsteven
Copy link

@timwr thank you! 🙏 I only just saw this today when I got the ping that it closes the issue. I've logged #751 which is some weirdness on x86 installations of Windows

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rkervella rkervella rkervella left review comments

@moloch-- moloch-- moloch-- approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@timwr @moloch-- @rkervella @justinsteven