├── .gitignore ├── LICENSE ├── README.md ├── beacon.h └── examples ├── helloworld ├── build.sh └── hello.c ├── id ├── build.sh └── id.c ├── netstat ├── build.sh └── netstat.c └── uname ├── build.sh └── uname.c /.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore all object files 2 | *.o 3 | 4 | # Ignore other common build outputs 5 | *.so 6 | *.a 7 | *.out 8 | *.exe 9 | *.dll 10 | *.d 11 | *.x64.o 12 | *.arm64.o 13 | 14 | # Ignore specific directories (e.g., build directories) 15 | build/ 16 | dist/ 17 | 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Linux ELF BOF Template 2 | 3 | This repository hosts the core files needed to create ELF Beacon Object Files for Linux. 4 | 5 | A Linux Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within an Outflank C2 process (part of [Outflank's OST offering](https://outflank.nl/ost)). BOFs are a way to rapidly extend the Linux implant with new post-exploitation features (similar to [Beacon Object Files for Windows](https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/beacon-object-files_main.htm)). 6 | 7 | ## References 8 | 9 | - [TrustedSec ELFLoader](https://github.com/trustedsec/ELFLoader) 10 | - [Cobalt Strike Windows BOF Template](https://github.com/Cobalt-Strike/bof_template) 11 | - [Windows BOF Documentation](https://www.cobaltstrike.com/help-beacon-object-files) 12 | -------------------------------------------------------------------------------- /beacon.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifndef bool 4 | #define bool int 5 | #endif 6 | 7 | typedef struct { 8 | char* original; 9 | char* buffer; 10 | int length; 11 | int size; 12 | } datap; 13 | 14 | void BeaconDataParse(datap* parser, char* buffer, int size); 15 | char* BeaconDataPtr(datap* parser, int size); 16 | int BeaconDataInt(datap* parser); 17 | short BeaconDataShort(datap* parser); 18 | int BeaconDataLength(datap* parser); 19 | char* BeaconDataExtract(datap* parser, int* size); 20 | 21 | typedef struct { 22 | char* original; 23 | char* buffer; 24 | int length; 25 | int size; 26 | } formatp; 27 | 28 | void BeaconFormatAlloc(formatp* format, int maxsz); 29 | void BeaconFormatReset(formatp* format); 30 | void BeaconFormatAppend(formatp* format, char* text, int len); 31 | void BeaconFormatPrintf(formatp* format, char* fmt, ...); 32 | char* BeaconFormatToString(formatp* format, int* size); 33 | void BeaconFormatFree(formatp* format); 34 | void BeaconFormatInt(formatp* format, int value); 35 | 36 | #define CALLBACK_OUTPUT 0x0 37 | #define CALLBACK_OUTPUT_OEM 0x1e 38 | #define CALLBACK_OUTPUT_UTF8 0x20 39 | #define CALLBACK_ERROR 0x0d 40 | 41 | void BeaconOutput(int type, char* data, int len); 42 | void BeaconPrintf(int type, char* fmt, ...); 43 | bool BeaconIsRoot(); 44 | -------------------------------------------------------------------------------- /examples/helloworld/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | x86_64-linux-gnu-gcc -c -FPIC hello.c -o hello.x64.o || echo "[!] x86_64 compiler not found, skipping" 4 | aarch64-linux-gnu-gcc -c -FPIC hello.c -o hello.arm64.o || echo "[!] ARM64 compiler not found, skipping" 5 | -------------------------------------------------------------------------------- /examples/helloworld/hello.c: -------------------------------------------------------------------------------- 1 | #include "../../beacon.h" 2 | 3 | void go(char* args, int alen) { 4 | BeaconPrintf(CALLBACK_OUTPUT, "Hello World: %s", args); 5 | } 6 | -------------------------------------------------------------------------------- /examples/id/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | x86_64-linux-gnu-gcc -c -FPIC id.c -o id.x64.o || echo "[!] x86_64 compiler not found, skipping" 4 | #aarch64-linux-gnu-gcc -c -FPIC id.c -o id.arm64.o || echo "[!] ARM64 compiler not found, skipping" 5 | -------------------------------------------------------------------------------- /examples/id/id.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "../../beacon.h" 3 | 4 | #define SYS_GETUID 102 5 | #define SYS_GETEUID 107 6 | 7 | uid_t syscall_getuid() { 8 | uid_t uid; 9 | asm("mov $102, %%eax\n" // SYS_GETUID 10 | "syscall\n" 11 | "mov %%eax, %0" 12 | : "=r"(uid) 13 | : 14 | : "rax"); 15 | return uid; 16 | } 17 | 18 | uid_t syscall_geteuid() { 19 | uid_t euid; 20 | asm("mov $107, %%eax\n" // SYS_GETEUID 21 | "syscall\n" 22 | "mov %%eax, %0" 23 | : "=r"(euid) 24 | : 25 | : "rax"); 26 | return euid; 27 | } 28 | 29 | void go(char* args, int alen) { 30 | uid_t uid = syscall_getuid(); 31 | uid_t euid = syscall_geteuid(); 32 | 33 | BeaconPrintf(CALLBACK_OUTPUT, "UID: %d EUID: %d\n", uid, euid); 34 | } 35 | 36 | -------------------------------------------------------------------------------- /examples/netstat/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | x86_64-linux-gnu-gcc -c -FPIC netstat.c -o netstat.x64.o || echo "[!] x86_64 compiler not found, skipping" 4 | #aarch64-linux-gnu-gcc -c -FPIC netstat.c -o netstat.arm64.o || echo "[!] ARM64 compiler not found, skipping" 5 | -------------------------------------------------------------------------------- /examples/netstat/netstat.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "../../beacon.h" 3 | 4 | // Define NULL if not already defined 5 | #ifndef NULL 6 | #define NULL ((void*)0) 7 | #endif 8 | 9 | // Define syscall numbers for x86_64 architecture 10 | #define SYS_OPEN 2 11 | #define SYS_READ 0 12 | #define SYS_CLOSE 3 13 | 14 | // Implement syscall wrappers 15 | ssize_t sys_read(int fd, void *buf, size_t count) { 16 | ssize_t ret; 17 | asm volatile ( 18 | "syscall" 19 | : "=a" (ret) 20 | : "0"(SYS_READ), "D"(fd), "S"(buf), "d"(count) 21 | : "rcx", "r11", "memory" 22 | ); 23 | return ret; 24 | } 25 | 26 | int sys_open(const char *pathname, int flags, int mode) { 27 | int ret; 28 | asm volatile ( 29 | "syscall" 30 | : "=a" (ret) 31 | : "0"(SYS_OPEN), "D"(pathname), "S"(flags), "d"(mode) 32 | : "rcx", "r11", "memory" 33 | ); 34 | return ret; 35 | } 36 | 37 | int sys_close(int fd) { 38 | int ret; 39 | asm volatile ( 40 | "syscall" 41 | : "=a" (ret) 42 | : "0"(SYS_CLOSE), "D"(fd) 43 | : "rcx", "r11", "memory" 44 | ); 45 | return ret; 46 | } 47 | 48 | // Implement own strlen 49 | size_t my_strlen(const char *s) { 50 | size_t len = 0; 51 | while (*s++) len++; 52 | return len; 53 | } 54 | 55 | // Implement own strchr 56 | char *my_strchr(const char *s, int c) { 57 | while (*s) { 58 | if (*s == c) 59 | return (char *)s; 60 | s++; 61 | } 62 | return NULL; 63 | } 64 | 65 | // Implement own strtoul (hexadecimal only) 66 | unsigned long my_strtoul(const char *nptr, char **endptr, int base) { 67 | unsigned long result = 0; 68 | const char *ptr = nptr; 69 | char c; 70 | 71 | if (base != 16) { 72 | // For simplicity, we only handle base 16 (hexadecimal) 73 | if (endptr) *endptr = (char *)nptr; 74 | return 0; 75 | } 76 | 77 | while ((c = *ptr)) { 78 | unsigned int digit; 79 | if (c >= '0' && c <= '9') { 80 | digit = c - '0'; 81 | } else if (c >= 'a' && c <= 'f') { 82 | digit = c - 'a' + 10; 83 | } else if (c >= 'A' && c <= 'F') { 84 | digit = c - 'A' + 10; 85 | } else { 86 | break; // Invalid character 87 | } 88 | result = (result << 4) + digit; 89 | ptr++; 90 | } 91 | 92 | if (endptr) *endptr = (char *)ptr; 93 | return result; 94 | } 95 | 96 | void go(char *args, int alen) { 97 | int fd = sys_open("/proc/net/tcp", 0 /* O_RDONLY */, 0); 98 | if (fd < 0) { 99 | BeaconPrintf(CALLBACK_ERROR, "Failed to open /proc/net/tcp\n"); 100 | return; 101 | } 102 | 103 | char buffer[16384]; 104 | ssize_t bytes_read = sys_read(fd, buffer, sizeof(buffer) - 1); 105 | sys_close(fd); 106 | 107 | if (bytes_read <= 0) { 108 | BeaconPrintf(CALLBACK_ERROR, "Failed to read /proc/net/tcp\n"); 109 | return; 110 | } 111 | 112 | buffer[bytes_read] = '\0'; 113 | 114 | char *ptr = buffer; 115 | char *end = buffer + bytes_read; 116 | int line_num = 0; 117 | 118 | while (ptr < end) { 119 | char *line_start = ptr; 120 | // Find end of line 121 | while (ptr < end && *ptr != '\n') ptr++; 122 | *ptr = '\0'; // Null-terminate the line 123 | ptr++; // Move to start of next line 124 | 125 | if (line_num > 0) { // Skip header line 126 | char *tokens[15]; 127 | int token_index = 0; 128 | char *token_ptr = line_start; 129 | 130 | // Tokenize the line by spaces 131 | while (*token_ptr && token_index < 15) { 132 | // Skip leading spaces 133 | while (*token_ptr == ' ' || *token_ptr == '\t') token_ptr++; 134 | if (*token_ptr == '\0') break; 135 | tokens[token_index++] = token_ptr; 136 | // Find next space 137 | while (*token_ptr && *token_ptr != ' ' && *token_ptr != '\t') token_ptr++; 138 | if (*token_ptr) { 139 | *token_ptr = '\0'; // Null-terminate the token 140 | token_ptr++; 141 | } 142 | } 143 | 144 | if (token_index >= 4) { 145 | char *local_address = tokens[1]; 146 | char *rem_address = tokens[2]; 147 | char *state = tokens[3]; 148 | 149 | char *local_port_hex = my_strchr(local_address, ':'); 150 | if (local_port_hex != NULL) { 151 | *local_port_hex = '\0'; 152 | local_port_hex++; 153 | } 154 | 155 | char *rem_port_hex = my_strchr(rem_address, ':'); 156 | if (rem_port_hex != NULL) { 157 | *rem_port_hex = '\0'; 158 | rem_port_hex++; 159 | } 160 | 161 | unsigned int local_port = (unsigned int)my_strtoul(local_port_hex, NULL, 16); 162 | unsigned int rem_port = (unsigned int)my_strtoul(rem_port_hex, NULL, 16); 163 | 164 | unsigned int local_ip_int = (unsigned int)my_strtoul(local_address, NULL, 16); 165 | unsigned int rem_ip_int = (unsigned int)my_strtoul(rem_address, NULL, 16); 166 | 167 | unsigned char local_bytes[4]; 168 | local_bytes[0] = (local_ip_int >> 0) & 0xFF; 169 | local_bytes[1] = (local_ip_int >> 8) & 0xFF; 170 | local_bytes[2] = (local_ip_int >> 16) & 0xFF; 171 | local_bytes[3] = (local_ip_int >> 24) & 0xFF; 172 | 173 | unsigned char rem_bytes[4]; 174 | rem_bytes[0] = (rem_ip_int >> 0) & 0xFF; 175 | rem_bytes[1] = (rem_ip_int >> 8) & 0xFF; 176 | rem_bytes[2] = (rem_ip_int >> 16) & 0xFF; 177 | rem_bytes[3] = (rem_ip_int >> 24) & 0xFF; 178 | 179 | unsigned int state_num = (unsigned int)my_strtoul(state, NULL, 16); 180 | 181 | char *tcp_states[] = { 182 | "UNKNOWN", "ESTABLISHED", "SYN_SENT", "SYN_RECV", "FIN_WAIT1", 183 | "FIN_WAIT2", "TIME_WAIT", "CLOSE", "CLOSE_WAIT", "LAST_ACK", 184 | "LISTEN", "CLOSING", "NEW_SYN_RECV" 185 | }; 186 | char *state_str = (state_num < (sizeof(tcp_states)/sizeof(tcp_states[0]))) ? tcp_states[state_num] : "UNKNOWN"; 187 | 188 | // Output the connection info 189 | BeaconPrintf(CALLBACK_OUTPUT, "%u.%u.%u.%u:%u\t%u.%u.%u.%u:%u\t%s\n", 190 | local_bytes[0], local_bytes[1], local_bytes[2], local_bytes[3], local_port, 191 | rem_bytes[0], rem_bytes[1], rem_bytes[2], rem_bytes[3], rem_port, 192 | state_str); 193 | } 194 | } 195 | line_num++; 196 | } 197 | } 198 | 199 | -------------------------------------------------------------------------------- /examples/uname/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | x86_64-linux-gnu-gcc -c -FPIC uname.c -o uname.x64.o || echo "[!] x86_64 compiler not found, skipping" 4 | aarch64-linux-gnu-gcc -c -FPIC uname.c -o uname.arm64.o || echo "[!] ARM64 compiler not found, skipping" 5 | -------------------------------------------------------------------------------- /examples/uname/uname.c: -------------------------------------------------------------------------------- 1 | #include "../../beacon.h" 2 | 3 | // Define NULL if not already defined 4 | #ifndef NULL 5 | #define NULL ((void*)0) 6 | #endif 7 | 8 | // Define syscall number for x86_64 Linux 9 | #define SYS_UNAME 63 10 | 11 | // Define the utsname structure 12 | struct utsname { 13 | char sysname[65]; // Operating system name 14 | char nodename[65]; // Network node hostname 15 | char release[65]; // OS release 16 | char version[65]; // OS version 17 | char machine[65]; // Hardware identifier 18 | char domainname[65]; // NIS or YP domain name 19 | }; 20 | 21 | // Implement syscall wrapper for uname 22 | int sys_uname(struct utsname *buf) { 23 | int ret; 24 | asm volatile ( 25 | "syscall" 26 | : "=a" (ret) 27 | : "0"(SYS_UNAME), "D"(buf) 28 | : "rcx", "r11", "memory" 29 | ); 30 | return ret; 31 | } 32 | 33 | void go(char *args, int alen) { 34 | struct utsname uts; 35 | 36 | // Initialize the uts structure to zero 37 | for (int i = 0; i < sizeof(struct utsname); i++) { 38 | ((char *)&uts)[i] = 0; 39 | } 40 | 41 | // Call the uname syscall 42 | int res = sys_uname(&uts); 43 | if (res < 0) { 44 | BeaconPrintf(CALLBACK_ERROR, "uname syscall failed\n"); 45 | return; 46 | } 47 | 48 | // Output the system information 49 | BeaconPrintf(CALLBACK_OUTPUT, "System Name : %s\n", uts.sysname); 50 | BeaconPrintf(CALLBACK_OUTPUT, "Node Name : %s\n", uts.nodename); 51 | BeaconPrintf(CALLBACK_OUTPUT, "Release : %s\n", uts.release); 52 | BeaconPrintf(CALLBACK_OUTPUT, "Version : %s\n", uts.version); 53 | BeaconPrintf(CALLBACK_OUTPUT, "Machine : %s\n", uts.machine); 54 | BeaconPrintf(CALLBACK_OUTPUT, "Domain Name : %s\n", uts.domainname); 55 | } 56 | --------------------------------------------------------------------------------