root
/
ebpf


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876
							package ebpftracer

import (
	"bufio"
	"bytes"
	"errors"
	"io"
	"log"
	"os"
	"strconv"
	"strings"

	"debug/dwarf"
	"debug/elf"
	debugelf "debug/elf"
	"fmt"

	"github.com/cilium/ebpf/link"
	"github.com/coroot/coroot-node-agent/ebpftracer/tracer/aotinject"
)

const (
	// goServeHTTP           = "net/http.serverHandler.ServeHTTP"
	// binPath           = "/root/code/jdk8u/build/linux-x86_64-normal-server-release/jdk/lib/amd64/libnio.so"
	netcoresymbolsocketRead0 = "SystemNative_Receive"
)

type MemoryMap struct {
	Start, End uint64
}

func ReadFirstLineOfMapsFile(pid string) (*MemoryMap, error) {
	file, err := os.Open(fmt.Sprintf("/proc/%s/maps", pid))
	if err != nil {
		return nil, err
	}
	defer file.Close()

	scanner := bufio.NewScanner(file)
	if scanner.Scan() {
		fields := strings.Fields(scanner.Text())
		addresses := strings.Split(fields[0], "-")
		if len(addresses) != 2 {
			return nil, errors.New("unexpected format in /proc/<pid>/maps")
		}

		start, err := strconv.ParseUint(addresses[0], 16, 64)
		if err != nil {
			return nil, err
		}

		end, err := strconv.ParseUint(addresses[1], 16, 64)
		if err != nil {
			return nil, err
		}

		return &MemoryMap{
			Start: start,
			End:   end,
		}, nil
	}

	if err := scanner.Err(); err != nil {
		return nil, err
	}

	return nil, errors.New("empty /proc/<pid>/maps")
}

func (t *Tracer) getFunctionOffsetDBG(libPath, functionName string) (elf.Symbol, error) {
	dwarfFile, err := elf.Open(libPath)
	dwarfData, err := dwarfFile.DWARF()
	if err != nil {
		log.Fatal(err)
	}

	type uprobesDef struct {
		Name       string
		Offset     uint64
		EntAddress uint64
		RetAddress uint64
	}

	listEntry := make(map[dwarf.Offset]uprobesDef)
	SpecListEntry := []dwarf.Entry{}

	entryReader := dwarfData.Reader()

	for {
		entry, err := entryReader.Next()
		if err == io.EOF {
			// We've reached the end of DWARF entries
			break
		}
		if err != nil {
			log.Fatalf("Error reading entry: %v", err)
		}
		if entry == nil {
			log.Println("Warning: a nil entry was returned with no error")
			break
		}
		if entry.Tag == dwarf.TagSubprogram {
			// fmt.Printf("entry address: %x, %d\n", entry.Offset, entry.Children)
			funName, _ := entry.Val(dwarf.AttrName).(string)
			if functionName == funName {
				entAddress, _ := entry.Val(dwarf.AttrLowpc).(uint64)
				retAddress, _ := entry.Val(dwarf.AttrHighpc).(uint64)
				fmt.Printf("Function %s address: %x, %x, %x\n", funName, entAddress, entry.Offset, retAddress)
				uprobes := uprobesDef{}
				uprobes.EntAddress = entAddress
				uprobes.RetAddress = retAddress
				uprobes.Offset = uint64(entry.Offset)
				uprobes.Name = funName

				listEntry[entry.Offset] = uprobes
			}

			specAddr, _ := entry.Val(dwarf.AttrSpecification).(dwarf.Offset)
			lowpc := entry.Val(dwarf.AttrLowpc)
			if lowpc != nil && specAddr > 0 && lowpc.(uint64) > 0 {
				// fmt.Printf("AttrSpecification address: %x, %x\n", specAddr, entry.Offset)
				SpecListEntry = append(SpecListEntry, *entry)
			}
		}
	}

	for _, v := range SpecListEntry {
		specAddr, _ := v.Val(dwarf.AttrSpecification).(dwarf.Offset)
		// fmt.Printf("SpecListEntrySpecListEntrySpecListEntry Attach Function: %x\n", specAddr)
		_, ok := listEntry[specAddr]
		if ok {
			vv := listEntry[specAddr]
			entAddr := v.Val(dwarf.AttrLowpc)
			if entAddr != nil {
				vv.EntAddress = entAddr.(uint64)
			}
			retAddr := v.Val(dwarf.AttrHighpc)
			if retAddr != nil {
				switch retAddr.(type) {
				case uint64:
					vv.RetAddress = uint64(retAddr.(uint64))
				case int64:
					vv.RetAddress = uint64(retAddr.(int64))
				default:
					fmt.Println("Unknown type")
				}
			}
			listEntry[specAddr] = vv
		}
	}

	for _, v := range listEntry {
		sSize := v.RetAddress
		if v.RetAddress > v.EntAddress {
			sSize = v.RetAddress - v.EntAddress
		}
		symbol := elf.Symbol{}
		symbol.Name = v.Name
		symbol.Value = v.EntAddress
		symbol.Size = 180
		fmt.Printf("Need Attach Function %s address: %x, %x, %d\n", v.Name, v.EntAddress, v.RetAddress, sSize)
		return symbol, nil
	}
	return elf.Symbol{}, fmt.Errorf("function %s not found", functionName)
}

func (t *Tracer) AttachNetCoreNetReadUprobes(pid uint32) ([]link.Link, error) {
	if t.DisableL7Tracing() {
		return nil, nil
	}
	// 根据进程 pid 获取进程的可执行文件路径
	procPath, err := os.Readlink(fmt.Sprintf("/proc/%d/exe", pid))
	if err != nil {
		log.Fatalf("Failed to read proc path: %v", err)
	}
	fmt.Printf("procPath: %s\n", procPath)
	var links []link.Link
	ex, err := link.OpenExecutable(procPath)

	// 获取函数的偏移量
	functionSym, err := t.getFunctionOffsetDBG(procPath+".dbg", netcoresymbolsocketRead0)

	l, err := ex.Uprobe(functionSym.Name, t.uprobes["SystemNative_Receive"], &link.UprobeOptions{Address: functionSym.Value, Offset: 113})
	if err != nil {
		fmt.Println("failed to attach SystemNative_Receive uprobe", err, functionSym)
		return nil, err
	}

	links = append(links, l)

	if len(links) == 0 {
		return nil, nil
	}
	fmt.Println("netcore uprobes attached, pid is ", pid)
	return links, nil
}

func (t *Tracer) AttachNetCoreNetWriteUprobes(pid uint32) ([]link.Link, error) {
	if t.DisableL7Tracing() {
		return nil, nil
	}

	// 根据进程 pid 获取进程的可执行文件路径
	procPath, err := os.Readlink(fmt.Sprintf("/proc/%d/exe", pid))
	if err != nil {
		log.Fatalf("Failed to read proc path: %v", err)
	}
	fmt.Printf("procPath: %s\n", procPath)

	sendFunctionName := "send@plt"
	injectFunctionName := "SystemNative_Send"

	// NETCoreAOTInject
	netCoreAotInjector := aotinject.AOTInjector{
		PID:                 int(pid),
		SendFunctionLibPath: procPath,
		SendFunctionName:    sendFunctionName,
		InjectLibPath:       procPath,
		InjectFunctionName:  injectFunctionName,
		CWLibName:           "libmylib.so",
		CWFunctionName:      "asmnop",
		CWLibPath:           "/data/roger/ebpfdemo/mylib/libmylib.so",
	}
	hookOffset, err := aotinject.AotInject(netCoreAotInjector)

	if (hookOffset == 0) || (err != nil) {
		fmt.Println("failed to inject SystemNative_Send", err)
		return nil, err
	}

	var links []link.Link
	ex, err := link.OpenExecutable(netCoreAotInjector.CWLibPath)
	if err != nil {
		return nil, err
	}
	opt := link.UprobeOptions{
		Offset: uint64(hookOffset),
		PID:    int(pid),
	}
	upread02, err := ex.Uprobe(netCoreAotInjector.CWFunctionName, t.uprobes["netcore_asmnop"], &opt)
	if err != nil {
		return nil, err
	}
	links = append(links, upread02)

	if len(links) == 0 {
		return nil, nil
	}
	fmt.Println("netcore client uprobes attached", pid)

	return links, nil
}

func contains(array []string, str string) bool {
	for _, v := range array {
		if v == str {
			return true
		}
	}
	return false
}

func SplitByteByDelimiter(data []byte) []byte {
	pre := data[:4]
	data = data[4:]
	// 查找两个字节序列的位置
	index1 := bytes.Index(data, []byte{0x55, 0x48, 0x83, 0xEC})
	index2 := bytes.Index(data, []byte{0x55, 0x48, 0x81, 0xEC})

	// 如果两个都没有找到，返回 nil
	if index1 == -1 && index2 == -1 {
		return nil
	}

	// 确定哪个字节序列在前
	var startIndex int
	if index1 == -1 {
		// 只有index2找到了
		startIndex = index2
	} else if index2 == -1 {
		// 只有index1找到了
		startIndex = index1
	} else {
		// 两个都找到了，选择较小的那个
		startIndex = min(index1, index2)
	}

	// 返回从开始到选定的起始位置之前的数据
	return append(pre, data[:startIndex]...)
}

func (t *Tracer) AttachNetCoreNetThreadUprobes(pid uint32) []link.Link {
	// uprobes := []tracer.Uprobe{}
	// 根据进程 pid 获取进程的可执行文件路径
	procPath, err := os.Readlink(fmt.Sprintf("/proc/%d/exe", pid))
	if err != nil {
		log.Fatalf("Failed to read proc path: %v", err)
	}
	fmt.Printf("procPath: %s\n", procPath)

	binFile, err := os.Open(procPath + ".dbg")
	binFile2, err := os.Open(procPath)
	if err != nil {
		return nil
	}

	// cache := map[string]interface{}{}
	// 解析 elf 文件
	elfFile, _ := debugelf.NewFile(binFile)
	elfFile2, _ := debugelf.NewFile(binFile2)
	// 获取所有符号表
	symbols, _ := elfFile.Symbols()

	ex, err := link.OpenExecutable(procPath)

	words := []string{
		"Microsoft_AspNetCore_Server_Kestrel_Core_Microsoft_AspNetCore_Server_Kestrel_Core_Internal_HttpConnectionMiddleware_1<System___Canon>__OnConnectionAsync", "Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__DoSend_d__28__MoveNext", "System_Net_Http_System_Net_Http_HttpClient__SendAsync_2",
		"System_Net_Http_System_Net_Http_HttpConnection__SendAsync_d__57__MoveNext",
		"Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__Start"}

	wordsType := map[string]string{
		"Microsoft_AspNetCore_Server_Kestrel_Core_Microsoft_AspNetCore_Server_Kestrel_Core_Internal_HttpConnectionMiddleware_1<System___Canon>__OnConnectionAsync":      "OnConnectionAsync",
		"Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__DoSend_d__28__MoveNext": "DoSend",
		"System_Net_Http_System_Net_Http_HttpClient__SendAsync_2":                                                                                      "SendAsync1",
		"System_Net_Http_System_Net_Http_HttpConnection__SendAsync_d__57__MoveNext":                                                                    "SendAsync2",
		"Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__Start": "SocketConnectionStart"}

	textSection := elfFile2.Section("__managedcode")
	textSectionData, err := textSection.Data()

	if err != nil {
		fmt.Println("failed to read text section", err)
		return nil
	}

	if textSection == nil {
		fmt.Println("no text section", nil)
		return nil
	}
	textSectionLen := uint64(len(textSectionData) - 1)
	fmt.Printf("textSectionLen %x, %x, %x\n", textSectionLen, textSection.Addr, textSection.Size)

	var links []link.Link

	for _, sym := range symbols {
		exists := contains(words, sym.Name)
		if exists {
			fmt.Println("dddddddd:", sym.Name, sym.Value, sym.Size, sym.Info, sym)
			address := sym.Value

			sStart := sym.Value - textSection.Addr
			sEnd := sStart + sym.Size
			if sym.Size == 0 {
				sEnd = sStart + 5000
			}
			if sEnd > textSectionLen {
				fmt.Println("no text section333", nil)
				continue
			}
			sBytes := textSectionData[sStart:sEnd]
			if sym.Size == 0 {
				sBytes = SplitByteByDelimiter(sBytes)
			}

			fmt.Printf("dddddddd+++++: %s, %x, %d, %x, %s\n", sym.Name, sym.Value, sym.Size, address, wordsType[sym.Name])

			l, err := ex.Uprobe("", t.uprobes[wordsType[sym.Name]+"Start"], &link.UprobeOptions{Address: address})
			if err != nil {
				fmt.Println("failed to attach uprobe", err, wordsType[sym.Name])
				// return nil
			}

			links = append(links, l)
			returnOffsets := getReturnOffsets(elfFile.Machine, sBytes)
			for _, offset := range returnOffsets {
				fmt.Printf("dddddddd----: %s, %x, %d, %x\n", sym.Name, sym.Value, sym.Size, offset)
				l, err := ex.Uprobe("", t.uprobes[wordsType[sym.Name]+"End"], &link.UprobeOptions{Address: address, Offset: uint64(offset)})
				if err != nil {
					fmt.Println("failed to attach uprobe", err, wordsType[sym.Name])
					// return nil
				}
				links = append(links, l)
			}

		}
	}
	if len(links) == 0 {
		return nil
	}
	fmt.Println("netcore uprobes OnConnectionAsyncStart attached, pid is ", pid)
	return links
}

// func (t *Tracer) AttachNetCoreNetOnConnectionAsyncStartUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0x96d700 // Microsoft_AspNetCore_Server_Kestrel_Core_Microsoft_AspNetCore_Server_Kestrel_Core_Internal_HttpConnectionMiddleware_1<System___Canon>__OnConnectionAsync 入口处
// 	// var addr uint64 = 0x96dc15

// 	l, err := ex.Uprobe("", t.uprobes["OnConnectionAsyncStart"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach OnConnectionAsyncStart uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes OnConnectionAsyncStart attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetOnConnectionAsyncEndUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0x96dcbf

// 	l, err := ex.Uprobe("", t.uprobes["OnConnectionAsyncEnd"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach OnConnectionAsyncEnd uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes OnConnectionAsyncEnd attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetDoSendStartUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0x260b40 // Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__DoSend_d__28__MoveNext 入口处

// 	l, err := ex.Uprobe("", t.uprobes["DoSendStart"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach DoSendStart uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes DoSendStart attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetDoSendEndUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, _ := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addrArray = []uint64{0x26125d, 0x261295, 0x2612fd, 0x261396, 0x2613f4}

// 	for _, addr := range addrArray {
// 		l, err := ex.Uprobe("", t.uprobes["DoSendEnd"], &link.UprobeOptions{Address: addr})
// 		if err != nil {
// 			fmt.Println("failed to attach DoSendEnd uprobe", err)
// 			return nil
// 		}

// 		links = append(links, l)
// 	}

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes DoSendEnd attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetSendAsync1Uprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0x32ab70 // System_Net_Http_System_Net_Http_HttpClient__SendAsync_2 入口处

// 	l, err := ex.Uprobe("", t.uprobes["SendAsync1"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach SendAsync1 uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes SendAsync1 attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetSendAsync2Uprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0x34ce90 // System_Net_Http_System_Net_Http_HttpConnection__SendAsync_d__57__MoveNext 入口处

// 	l, err := ex.Uprobe("", t.uprobes["SendAsync2"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach SendAsync2 uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes SendAsync2 attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetSendAsync2EndUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, _ := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addrArray = []uint64{0x34f56c, 0x34f5af, 0x34f649, 0x34f6e3}

// 	for _, addr := range addrArray {
// 		l, err := ex.Uprobe("", t.uprobes["SendAsync2End"], &link.UprobeOptions{Address: addr})
// 		if err != nil {
// 			fmt.Println("failed to attach SendAsync2End uprobe", err)
// 			return nil
// 		}

// 		links = append(links, l)
// 	}

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes SendAsync2End attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetSocketConnectionStartStartUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	var addr uint64 = 0x25c4c0 // Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__Start 入口处

// 	l, err := ex.Uprobe("", t.uprobes["SocketConnectionStartStart"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach SocketConnectionStartStart uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes SocketConnectionStartStart attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetSocketConnectionStartEndUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, _ := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addrArray = []uint64{0x25c54e, 0x25c5c7}

// 	for _, addr := range addrArray {
// 		l, err := ex.Uprobe("", t.uprobes["SocketConnectionStartEnd"], &link.UprobeOptions{Address: addr})
// 		if err != nil {
// 			fmt.Println("failed to attach SocketConnectionStartEnd uprobe", err)
// 			return nil
// 		}

// 		links = append(links, l)
// 	}

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes SocketConnectionStartEnd attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetThreadUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	fmt.Println("netcore uprobes AttachNetCoreNetThreadUprobes hook value, pid is ", functionSym.Value)

// 	var addr uint64 = 0x97b766

// 	l, err := ex.Uprobe("", t.uprobes["AcceptConnectionsAsync"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach AcceptConnectionsAsync uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes AcceptConnectionsAsync attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetCreateContextStartUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0x97b60a

// 	l, err := ex.Uprobe("", t.uprobes["CreateContextStart"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach CreateContextStart uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes CreateContextStart attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetReceiveStartUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0xec7d0

// 	l, err := ex.Uprobe("", t.uprobes["ReceiveStart"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach ReceiveStart uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes ReceiveStart attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetReceiveEndUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0xec86e

// 	l, err := ex.Uprobe("", t.uprobes["ReceiveEnd"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach ReceiveEnd uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes ReceiveEnd attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetSendStartUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0xeca40

// 	l, err := ex.Uprobe("", t.uprobes["SendStart"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach SendStart uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes SendStart attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetSendEndUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0xecad1

// 	l, err := ex.Uprobe("", t.uprobes["SendEnd"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach SendEnd uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes SendEnd attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetDoReceiveStartUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, err := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addr uint64 = 0x260150

// 	l, err := ex.Uprobe("", t.uprobes["DoReceiveStart"], &link.UprobeOptions{Address: addr})
// 	if err != nil {
// 		fmt.Println("failed to attach DoReceiveStart uprobe", err)
// 		return nil
// 	}

// 	links = append(links, l)

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes DoReceiveStart attached, pid is ", pid)
// 	return links
// }

// func (t *Tracer) AttachNetCoreNetDoReceiveEndUprobes(pid uint32, insID utils.ID) []link.Link {
// 	if t.disableL7Tracing {
// 		return nil
// 	}

// 	var links []link.Link
// 	ex, _ := link.OpenExecutable(libPath)

// 	// 获取函数的偏移量
// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))

// 	var addrArray = []uint64{0x2609ed, 0x260a4f, 0x260aa3, 0x260adb, 0x260b33}

// 	for _, addr := range addrArray {
// 		l, err := ex.Uprobe("", t.uprobes["DoReceiveEnd"], &link.UprobeOptions{Address: addr})
// 		if err != nil {
// 			fmt.Println("failed to attach DoReceiveEnd uprobe", err)
// 			return nil
// 		}

// 		links = append(links, l)
// 	}

// 	if len(links) == 0 {
// 		return nil
// 	}
// 	fmt.Println("netcore uprobes DoReceiveEnd attached, pid is ", pid)
// 	return links
// }