D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
usr
/
share
/
systemtap
/
tapset
/
linux
/
x86_64
/
Filename :
sysc_compat_execve.stp
back
Copy
%( kernel_v < "3.7" %? # execve _____________________________________________________ # # asmlinkage long sys32_execve(char __user *name, compat_uptr_t __user *argv, # compat_uptr_t __user *envp, struct pt_regs *regs) @define _SYSCALL_COMPAT_EXECVE_NAME %( name = "execve" %) @define _SYSCALL_COMPAT_EXECVE_ARGSTR %( argstr = sprintf("%s, %s, %s", filename, args, env_str) %) probe syscall.compat_execve = dw_syscall.compat_execve !, nd_syscall.compat_execve ? {} probe syscall.compat_execve.return = dw_syscall.compat_execve.return !, nd_syscall.compat_execve.return ? {} # dw_compat_execve _____________________________________________________ probe dw_syscall.compat_execve = kernel.function("sys32_execve").call ? { @_SYSCALL_COMPAT_EXECVE_NAME filename = user_string_quoted($name) args = __get_compat_argv($argv, 0) env_str = __get_compat_argv($envp, 0) @_SYSCALL_COMPAT_EXECVE_ARGSTR } probe dw_syscall.compat_execve.return = kernel.function("sys32_execve").return ? { @_SYSCALL_COMPAT_EXECVE_NAME @SYSC_RETVALSTR($return) } # nd_compat_execve _____________________________________________________ probe nd_syscall.compat_execve = kprobe.function("sys32_execve") ? { asmlinkage() @_SYSCALL_COMPAT_EXECVE_NAME filename = user_string_quoted(pointer_arg(1)) args = __get_compat_argv(pointer_arg(2), 0) env_str = __get_compat_argv(pointer_arg(3), 0) @_SYSCALL_COMPAT_EXECVE_ARGSTR } probe nd_syscall.compat_execve.return = kprobe.function("sys32_execve").return ? { @_SYSCALL_COMPAT_EXECVE_NAME @SYSC_RETVALSTR(returnval()) } %)