edr: 进程信息采集
process 1 定义要采集的进程信息 //所要采集的进程信息 type Process struct { Pid int32 `json:"Pid"` Name string `json:"Name"` Cmdline string `json:"Cmdline"` Cwd string `json:"Cwd"` Exe string `json:"Exe"` ProcHash string `json:"ProcHash"` } 2 编写采集过程 import process //调用Processes方法 procs, _ := process.Processes() var procInfo []common.Process for i := 0; i <= len(procs)-1; i++ { var proc common.Process proc.Name, _ = procs[i].Name() proc.Pid = procs[i].Pid proc.Cmdline, _ = procs[i].Cmdline() proc.Cwd, _ = procs[i].Cwd() proc.Exe, _ = procs[i].Exe() procInfo = append(procInfo, proc) } 3 Processes分析 进程相关信息的包来自 github.com/shirou/gopsutil/v3 3.1 Process type Process……