From 5a21f6c7391e297892182cf9231d2fa8412b1567 Mon Sep 17 00:00:00 2001 From: Hulto Date: Wed, 30 Mar 2022 04:35:59 +0000 Subject: [PATCH 1/4] Added implementation and testing. --- implants/eldritch/Cargo.toml | 3 +- implants/eldritch/src/process/kill_impl.rs | 63 ++++++++++++++++++++-- 2 files changed, 62 insertions(+), 4 deletions(-) diff --git a/implants/eldritch/Cargo.toml b/implants/eldritch/Cargo.toml index f57eb09de..e52063832 100644 --- a/implants/eldritch/Cargo.toml +++ b/implants/eldritch/Cargo.toml @@ -8,4 +8,5 @@ starlark = "0.6.0" tempfile = "3.3.0" anyhow = "1.0.55" derive_more = "0.99.17" -sha256 = "1.0.3" \ No newline at end of file +sha256 = "1.0.3" +sysinfo = "0.23.6" \ No newline at end of file diff --git a/implants/eldritch/src/process/kill_impl.rs b/implants/eldritch/src/process/kill_impl.rs index 74d122e1c..b23249993 100644 --- a/implants/eldritch/src/process/kill_impl.rs +++ b/implants/eldritch/src/process/kill_impl.rs @@ -1,5 +1,62 @@ use anyhow::Result; +use sysinfo::{ProcessExt,System,SystemExt,PidExt,Pid,Signal}; -pub fn kill(_pid: i32) -> Result<()> { - unimplemented!("Method unimplemented") -} \ No newline at end of file +pub fn kill(pid: i32) -> Result<()> { + if !System::IS_SUPPORTED { + return Err(anyhow::anyhow!("This OS isn't supported for process functions. + Pleases see sysinfo docs for a full list of supported systems. + https://docs.rs/sysinfo/0.23.5/sysinfo/index.html#supported-oses\n\n")); + } + + let mut sys = System::new(); + sys.refresh_processes(); + if let Some(process) = sys.process(Pid::from(pid)) { + process.kill_with(Signal::Kill); + } + + Ok(()) +} + +#[cfg(test)] +mod tests { + use super::*; + use std::process::Command; + + #[test] + fn test_process_kill() -> anyhow::Result<()>{ + let mut commandstring = "sleep 5"; + if cfg!(target_os = "linux") || + cfg!(target_os = "ios") || + cfg!(target_os = "macos") || + cfg!(target_os = "android") || + cfg!(target_os = "freebsd") || + cfg!(target_os = "openbsd") || + cfg!(target_os = "netbsd") { + commandstring = "sleep"; + } else if cfg!(target_os = "windows") { + commandstring = "timeout"; + } + + let child = Command::new(commandstring) + .arg("8") + .spawn()?; + + let mut sys = System::new(); + sys.refresh_processes(); + for (pid, process) in sys.processes() { + if pid.as_u32() == child.id(){ + let i32_pid = pid.as_u32() as i32; + kill(i32_pid)?; + println!("{:?}", process.status().to_string()); + assert_eq!(true, true) + } + } + sys.refresh_processes(); + for (pid, process) in sys.processes() { + if pid.as_u32() == child.id(){ + assert_eq!(process.status().to_string(), "Zombie") + } + } + return Ok(()) + } +} From 65fb3842e6db9141813a23f03040742aeac58d8e Mon Sep 17 00:00:00 2001 From: Hulto Date: Wed, 30 Mar 2022 04:38:34 +0000 Subject: [PATCH 2/4] Added docs. --- docs/_docs/user-guide/eldritch.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/_docs/user-guide/eldritch.md b/docs/_docs/user-guide/eldritch.md index 2a22115ee..1d3f0d609 100644 --- a/docs/_docs/user-guide/eldritch.md +++ b/docs/_docs/user-guide/eldritch.md @@ -87,7 +87,7 @@ The file.write method is very cool, and will be even cooler when Nick doc ### process.kill `process.kill(pid: int) -> None` -The process.kill method is very cool, and will be even cooler when Nick documents it. +The process.kill will kill a process using the KILL signal given its process id. ### process.list `process.list() -> List` From 8a67911c23427fec7fbb67b0ca4881cd2c9c0373 Mon Sep 17 00:00:00 2001 From: hulto Date: Wed, 27 Apr 2022 16:31:21 -0700 Subject: [PATCH 3/4] Updated mac checks. --- implants/eldritch/src/process/kill_impl.rs | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/implants/eldritch/src/process/kill_impl.rs b/implants/eldritch/src/process/kill_impl.rs index b23249993..a6a3a3f2e 100644 --- a/implants/eldritch/src/process/kill_impl.rs +++ b/implants/eldritch/src/process/kill_impl.rs @@ -20,7 +20,8 @@ pub fn kill(pid: i32) -> Result<()> { #[cfg(test)] mod tests { use super::*; - use std::process::Command; + use core::time; + use std::{process::Command, thread}; #[test] fn test_process_kill() -> anyhow::Result<()>{ @@ -38,7 +39,7 @@ mod tests { } let child = Command::new(commandstring) - .arg("8") + .arg("120") .spawn()?; let mut sys = System::new(); @@ -47,14 +48,20 @@ mod tests { if pid.as_u32() == child.id(){ let i32_pid = pid.as_u32() as i32; kill(i32_pid)?; - println!("{:?}", process.status().to_string()); assert_eq!(true, true) } - } + } + let mut sys = System::new(); sys.refresh_processes(); for (pid, process) in sys.processes() { - if pid.as_u32() == child.id(){ - assert_eq!(process.status().to_string(), "Zombie") + if pid.as_u32() == child.id() { + if cfg!(target_os = "linux") { + // Linux child PID will become Zombie + assert_eq!(process.status().to_string(), "Zombie") + }else if cfg!(target_os = "macos") { + //MacOS Child PID should not exist. + assert_eq!(false, true); + } } } return Ok(()) From f051db26de386071f014700f67f97042fd1a55e1 Mon Sep 17 00:00:00 2001 From: Hulto Date: Fri, 29 Apr 2022 18:06:49 -0400 Subject: [PATCH 4/4] Fixed windows process_kill_impl CI test. --- implants/eldritch/src/process/kill_impl.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/implants/eldritch/src/process/kill_impl.rs b/implants/eldritch/src/process/kill_impl.rs index a6a3a3f2e..e0244eaff 100644 --- a/implants/eldritch/src/process/kill_impl.rs +++ b/implants/eldritch/src/process/kill_impl.rs @@ -10,7 +10,7 @@ pub fn kill(pid: i32) -> Result<()> { let mut sys = System::new(); sys.refresh_processes(); - if let Some(process) = sys.process(Pid::from(pid)) { + if let Some(process) = sys.process(Pid::from_u32(pid as u32)) { process.kill_with(Signal::Kill); } @@ -58,7 +58,7 @@ mod tests { if cfg!(target_os = "linux") { // Linux child PID will become Zombie assert_eq!(process.status().to_string(), "Zombie") - }else if cfg!(target_os = "macos") { + }else if cfg!(target_os = "macos") || cfg!(target_os = "windows") { //MacOS Child PID should not exist. assert_eq!(false, true); }