├── .github
    └── workflows
    │   ├── go-c-cpp.yml
    │   └── release.yml
├── LICENSE
├── Makefile
├── README.md
├── README_CN.md
├── assets
    └── ebpf_probe.go
├── bin
    └── .gitkeep
├── examples
    └── Main.java
├── go.mod
├── go.sum
├── images
    ├── ebpf-evil-use-detect-kernel-space.png
    ├── ehids-logo-1.png
    ├── ehids-logo-1.svg
    ├── ehids-logo.png
    ├── ehids-logo.svg
    └── wechat-group.jpg
├── kern
    ├── bpf
    │   ├── bpf_core_read.h
    │   ├── bpf_endian.h
    │   ├── bpf_helper_defs.h
    │   ├── bpf_helpers.h
    │   └── bpf_tracing.h
    ├── bpf_call_kern.c
    ├── common.h
    ├── dns_lookup_kern.c
    ├── ehids_agent.h
    ├── java_exec_kern.c
    ├── proc_kern.c
    ├── sec_socket_connect_kern.c
    ├── tcp_set_state_kern.c
    ├── udp_lookup_kern.c
    └── vmlinux.h
├── main.go
└── user
    ├── bpf_cmd.go
    ├── bytecode
        ├── bpf_call_kern.d
        ├── bpf_call_kern.o
        ├── dns_lookup_kern.d
        ├── dns_lookup_kern.o
        ├── java_exec_kern.d
        ├── java_exec_kern.o
        ├── proc_kern.d
        ├── proc_kern.o
        ├── sec_socket_connect_kern.d
        ├── sec_socket_connect_kern.o
        ├── tcp_set_state_kern.d
        ├── tcp_set_state_kern.o
        ├── udp_lookup_kern.d
        └── udp_lookup_kern.o
    ├── common.go
    ├── event_bpf_call.go
    ├── event_java_rasp.go
    ├── event_ktcp_sec.go
    ├── event_kudp.go
    ├── event_proc.go
    ├── event_tcp.go
    ├── event_udns.go
    ├── iclose.go
    ├── ievent.go
    ├── imodule.go
    ├── probe_bpf_call.go
    ├── probe_ktcp.go
    ├── probe_ktcp_sec.go
    ├── probe_kudp.go
    ├── probe_proc.go
    ├── probe_udns.go
    ├── probe_ujava_rasp.go
    └── register.go


/.github/workflows/go-c-cpp.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/.github/workflows/go-c-cpp.yml


--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/.github/workflows/release.yml


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/LICENSE


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/Makefile


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/README.md


--------------------------------------------------------------------------------
/README_CN.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/README_CN.md


--------------------------------------------------------------------------------
/assets/ebpf_probe.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/assets/ebpf_probe.go


--------------------------------------------------------------------------------
/bin/.gitkeep:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/examples/Main.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/examples/Main.java


--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/go.mod


--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/go.sum


--------------------------------------------------------------------------------
/images/ebpf-evil-use-detect-kernel-space.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/images/ebpf-evil-use-detect-kernel-space.png


--------------------------------------------------------------------------------
/images/ehids-logo-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/images/ehids-logo-1.png


--------------------------------------------------------------------------------
/images/ehids-logo-1.svg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/images/ehids-logo-1.svg


--------------------------------------------------------------------------------
/images/ehids-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/images/ehids-logo.png


--------------------------------------------------------------------------------
/images/ehids-logo.svg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/images/ehids-logo.svg


--------------------------------------------------------------------------------
/images/wechat-group.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/images/wechat-group.jpg


--------------------------------------------------------------------------------
/kern/bpf/bpf_core_read.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/bpf/bpf_core_read.h


--------------------------------------------------------------------------------
/kern/bpf/bpf_endian.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/bpf/bpf_endian.h


--------------------------------------------------------------------------------
/kern/bpf/bpf_helper_defs.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/bpf/bpf_helper_defs.h


--------------------------------------------------------------------------------
/kern/bpf/bpf_helpers.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/bpf/bpf_helpers.h


--------------------------------------------------------------------------------
/kern/bpf/bpf_tracing.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/bpf/bpf_tracing.h


--------------------------------------------------------------------------------
/kern/bpf_call_kern.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/bpf_call_kern.c


--------------------------------------------------------------------------------
/kern/common.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/common.h


--------------------------------------------------------------------------------
/kern/dns_lookup_kern.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/dns_lookup_kern.c


--------------------------------------------------------------------------------
/kern/ehids_agent.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/ehids_agent.h


--------------------------------------------------------------------------------
/kern/java_exec_kern.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/java_exec_kern.c


--------------------------------------------------------------------------------
/kern/proc_kern.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/proc_kern.c


--------------------------------------------------------------------------------
/kern/sec_socket_connect_kern.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/sec_socket_connect_kern.c


--------------------------------------------------------------------------------
/kern/tcp_set_state_kern.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/tcp_set_state_kern.c


--------------------------------------------------------------------------------
/kern/udp_lookup_kern.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/udp_lookup_kern.c


--------------------------------------------------------------------------------
/kern/vmlinux.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/kern/vmlinux.h


--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/main.go


--------------------------------------------------------------------------------
/user/bpf_cmd.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bpf_cmd.go


--------------------------------------------------------------------------------
/user/bytecode/bpf_call_kern.d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/bpf_call_kern.d


--------------------------------------------------------------------------------
/user/bytecode/bpf_call_kern.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/bpf_call_kern.o


--------------------------------------------------------------------------------
/user/bytecode/dns_lookup_kern.d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/dns_lookup_kern.d


--------------------------------------------------------------------------------
/user/bytecode/dns_lookup_kern.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/dns_lookup_kern.o


--------------------------------------------------------------------------------
/user/bytecode/java_exec_kern.d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/java_exec_kern.d


--------------------------------------------------------------------------------
/user/bytecode/java_exec_kern.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/java_exec_kern.o


--------------------------------------------------------------------------------
/user/bytecode/proc_kern.d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/proc_kern.d


--------------------------------------------------------------------------------
/user/bytecode/proc_kern.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/proc_kern.o


--------------------------------------------------------------------------------
/user/bytecode/sec_socket_connect_kern.d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/sec_socket_connect_kern.d


--------------------------------------------------------------------------------
/user/bytecode/sec_socket_connect_kern.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/sec_socket_connect_kern.o


--------------------------------------------------------------------------------
/user/bytecode/tcp_set_state_kern.d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/tcp_set_state_kern.d


--------------------------------------------------------------------------------
/user/bytecode/tcp_set_state_kern.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/tcp_set_state_kern.o


--------------------------------------------------------------------------------
/user/bytecode/udp_lookup_kern.d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/udp_lookup_kern.d


--------------------------------------------------------------------------------
/user/bytecode/udp_lookup_kern.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/bytecode/udp_lookup_kern.o


--------------------------------------------------------------------------------
/user/common.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/common.go


--------------------------------------------------------------------------------
/user/event_bpf_call.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/event_bpf_call.go


--------------------------------------------------------------------------------
/user/event_java_rasp.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/event_java_rasp.go


--------------------------------------------------------------------------------
/user/event_ktcp_sec.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/event_ktcp_sec.go


--------------------------------------------------------------------------------
/user/event_kudp.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/event_kudp.go


--------------------------------------------------------------------------------
/user/event_proc.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/event_proc.go


--------------------------------------------------------------------------------
/user/event_tcp.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/event_tcp.go


--------------------------------------------------------------------------------
/user/event_udns.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/event_udns.go


--------------------------------------------------------------------------------
/user/iclose.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/iclose.go


--------------------------------------------------------------------------------
/user/ievent.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/ievent.go


--------------------------------------------------------------------------------
/user/imodule.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/imodule.go


--------------------------------------------------------------------------------
/user/probe_bpf_call.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/probe_bpf_call.go


--------------------------------------------------------------------------------
/user/probe_ktcp.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/probe_ktcp.go


--------------------------------------------------------------------------------
/user/probe_ktcp_sec.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/probe_ktcp_sec.go


--------------------------------------------------------------------------------
/user/probe_kudp.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/probe_kudp.go


--------------------------------------------------------------------------------
/user/probe_proc.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/probe_proc.go


--------------------------------------------------------------------------------
/user/probe_udns.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/probe_udns.go


--------------------------------------------------------------------------------
/user/probe_ujava_rasp.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/probe_ujava_rasp.go


--------------------------------------------------------------------------------
/user/register.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gojue/ehids-agent/HEAD/user/register.go


--------------------------------------------------------------------------------