added io syscall event hooks.

the io syscall hook differs with syscall hook since it will
provide all the available info of function parameters instead
of logging only the syscall name. Useful to trace the detail
behavour of io related syscalls

4 files changed, 651 insertions, 20 deletions

diff --git a/tapset/LKET/Changelog b/tapset/LKET/Changelog
index 8680b91a..0aff69b6 100644
--- a/tapset/LKET/Changelog
+++ b/tapset/LKET/Changelog
@@ -1,3 +1,10 @@
+2006-06-15  Li Guanglei <guanglei@cn.ibm.com>
+	
+	* iosyscall.stp: new event hooks for io related syscalls
+	* hookid_defs.stp: add the necessary IDs for iosyscall event hooks
+	* register_event.stp: add corresponding event register calls
+	of the newly added io syscall event hooks
+	
 2006-06-09  Li Guanglei <guanglei@cn.ibm.com>
 	
 	* *.stp: New design of making user able to append extra trace data.
diff --git a/tapset/LKET/hookid_defs.stp b/tapset/LKET/hookid_defs.stp
index 70801484..9f919938 100755
--- a/tapset/LKET/hookid_defs.stp
+++ b/tapset/LKET/hookid_defs.stp
@@ -33,7 +33,61 @@ global
 
 	/* network device */
 	GROUP_NETDEV,
-	HOOKID_NETDEV_RECEIVE, HOOKID_NETDEV_TRANSMIT
+	HOOKID_NETDEV_RECEIVE, HOOKID_NETDEV_TRANSMIT,
+
+	/* io related syscall */
+	GROUP_IOSYSCALL,
+
+	HOOKID_IOSYSCALL_OPEN_ENTRY,
+	HOOKID_IOSYSCALL_OPEN_RETURN,
+
+	HOOKID_IOSYSCALL_CLOSE_ENTRY,
+	HOOKID_IOSYSCALL_CLOSE_RETURN,
+
+	HOOKID_IOSYSCALL_READ_ENTRY,
+	HOOKID_IOSYSCALL_READ_RETURN,
+
+	HOOKID_IOSYSCALL_WRITE_ENTRY, 
+	HOOKID_IOSYSCALL_WRITE_RETURN,
+
+	HOOKID_IOSYSCALL_READV_ENTRY,
+	HOOKID_IOSYSCALL_READV_RETURN,
+
+	HOOKID_IOSYSCALL_WRITEV_ENTRY, 
+	HOOKID_IOSYSCALL_WRITEV_RETURN,
+
+	HOOKID_IOSYSCALL_PREAD64_ENTRY, 
+	HOOKID_IOSYSCALL_PREAD64_RETURN,
+
+	HOOKID_IOSYSCALL_PWRITE64_ENTRY, 
+	HOOKID_IOSYSCALL_PWRITE64_RETURN,
+
+	HOOKID_IOSYSCALL_READAHEAD_ENTRY, 
+	HOOKID_IOSYSCALL_READAHEAD_RETURN,
+
+	HOOKID_IOSYSCALL_SENDFILE_ENTRY, 
+	HOOKID_IOSYSCALL_SENDFILE_RETURN,
+
+	HOOKID_IOSYSCALL_SENDFILE64_ENTRY, 
+	HOOKID_IOSYSCALL_SENDFILE64_RETURN,
+
+	HOOKID_IOSYSCALL_LSEEK_ENTRY,
+	HOOKID_IOSYSCALL_LSEEK_RETURN,
+
+	HOOKID_IOSYSCALL_LLSEEK_ENTRY,
+	HOOKID_IOSYSCALL_LLSEEK_RETURN,
+
+	HOOKID_IOSYSCALL_SYNC_ENTRY,
+	HOOKID_IOSYSCALL_SYNC_RETURN,
+
+	HOOKID_IOSYSCALL_FSYNC_ENTRY,
+	HOOKID_IOSYSCALL_FSYNC_RETURN,
+
+	HOOKID_IOSYSCALL_FDATASYNC_ENTRY,
+	HOOKID_IOSYSCALL_FDATASYNC_RETURN,
+
+	HOOKID_IOSYSCALL_FLOCK_ENTRY,
+	HOOKID_IOSYSCALL_FLOCK_RETURN
 %{
 /* used in embedded c codes */
 
@@ -46,6 +100,7 @@ int _GROUP_TASK = 5;
 int _GROUP_SCSI = 6;
 int _GROUP_PAGEFAULT = 7;
 int _GROUP_NETDEV = 8;
+int _GROUP_IOSYSCALL = 9;
 
 /* hookIDs defined inside each group */
 int _HOOKID_REGSYSEVT = 1;
@@ -75,6 +130,54 @@ int _HOOKID_PAGEFAULT = 1;
 int _HOOKID_NETDEV_RECEIVE = 1;
 int _HOOKID_NETDEV_TRANSMIT = 2;
 
+int _HOOKID_IOSYSCALL_OPEN_ENTRY = 1;
+int _HOOKID_IOSYSCALL_OPEN_RETURN = 2;
+
+int _HOOKID_IOSYSCALL_CLOSE_ENTRY = 3;
+int _HOOKID_IOSYSCALL_CLOSE_RETURN = 4;
+
+int _HOOKID_IOSYSCALL_READ_ENTRY = 5;
+int _HOOKID_IOSYSCALL_READ_RETURN = 6;
+
+int _HOOKID_IOSYSCALL_WRITE_ENTRY = 7; 
+int _HOOKID_IOSYSCALL_WRITE_RETURN = 8;
+
+int _HOOKID_IOSYSCALL_READV_ENTRY = 9;
+int _HOOKID_IOSYSCALL_READV_RETURN = 10;
+
+int _HOOKID_IOSYSCALL_WRITEV_ENTRY = 11; 
+int _HOOKID_IOSYSCALL_WRITEV_RETURN = 12;
+
+int _HOOKID_IOSYSCALL_PREAD64_ENTRY = 13; 
+int _HOOKID_IOSYSCALL_PREAD64_RETURN = 14;
+
+int _HOOKID_IOSYSCALL_PWRITE64_ENTRY = 15; 
+int _HOOKID_IOSYSCALL_PWRITE64_RETURN = 16;
+
+int _HOOKID_IOSYSCALL_READAHEAD_ENTRY = 17; 
+int _HOOKID_IOSYSCALL_READAHEAD_RETURN = 18;
+
+int _HOOKID_IOSYSCALL_SENDFILE_ENTRY = 19; 
+int _HOOKID_IOSYSCALL_SENDFILE_RETURN = 20;
+
+int _HOOKID_IOSYSCALL_LSEEK_ENTRY = 21;
+int _HOOKID_IOSYSCALL_LSEEK_RETURN = 22;
+
+int _HOOKID_IOSYSCALL_LLSEEK_ENTRY = 23;
+int _HOOKID_IOSYSCALL_LLSEEK_RETURN = 24;
+
+int _HOOKID_IOSYSCALL_SYNC_ENTRY = 25;
+int _HOOKID_IOSYSCALL_SYNC_RETURN = 26;
+
+int _HOOKID_IOSYSCALL_FSYNC_ENTRY = 27;
+int _HOOKID_IOSYSCALL_FSYNC_RETURN = 28;
+
+int _HOOKID_IOSYSCALL_FDATASYNC_ENTRY = 29;
+int _HOOKID_IOSYSCALL_FDATASYNC_RETURN = 30;
+
+int _HOOKID_IOSYSCALL_FLOCK_ENTRY = 31;
+int _HOOKID_IOSYSCALL_FLOCK_RETURN = 32;
+
 %}
 
 function hookid_init()
@@ -113,6 +216,56 @@ function hookid_init()
 	GROUP_NETDEV = 8
 	HOOKID_NETDEV_RECEIVE = 1
 	HOOKID_NETDEV_TRANSMIT = 2
+
+	GROUP_IOSYSCALL = 9
+
+	HOOKID_IOSYSCALL_OPEN_ENTRY = 1
+	HOOKID_IOSYSCALL_OPEN_RETURN = 2
+
+	HOOKID_IOSYSCALL_CLOSE_ENTRY = 3
+	HOOKID_IOSYSCALL_CLOSE_RETURN = 4
+
+	HOOKID_IOSYSCALL_READ_ENTRY = 5
+	HOOKID_IOSYSCALL_READ_RETURN = 6
+
+	HOOKID_IOSYSCALL_WRITE_ENTRY = 7 
+	HOOKID_IOSYSCALL_WRITE_RETURN = 8
+
+	HOOKID_IOSYSCALL_READV_ENTRY = 9
+	HOOKID_IOSYSCALL_READV_RETURN = 10
+
+	HOOKID_IOSYSCALL_WRITEV_ENTRY = 11 
+	HOOKID_IOSYSCALL_WRITEV_RETURN = 12
+
+	HOOKID_IOSYSCALL_PREAD64_ENTRY = 13 
+	HOOKID_IOSYSCALL_PREAD64_RETURN = 14
+
+	HOOKID_IOSYSCALL_PWRITE64_ENTRY = 15 
+	HOOKID_IOSYSCALL_PWRITE64_RETURN = 16
+
+	HOOKID_IOSYSCALL_READAHEAD_ENTRY = 17 
+	HOOKID_IOSYSCALL_READAHEAD_RETURN = 18
+
+	HOOKID_IOSYSCALL_SENDFILE_ENTRY = 19 
+	HOOKID_IOSYSCALL_SENDFILE_RETURN = 20
+
+	HOOKID_IOSYSCALL_LSEEK_ENTRY = 21
+	HOOKID_IOSYSCALL_LSEEK_RETURN = 22
+
+	HOOKID_IOSYSCALL_LLSEEK_ENTRY = 23
+	HOOKID_IOSYSCALL_LLSEEK_RETURN = 24
+
+	HOOKID_IOSYSCALL_SYNC_ENTRY = 25
+	HOOKID_IOSYSCALL_SYNC_RETURN = 26
+
+	HOOKID_IOSYSCALL_FSYNC_ENTRY = 27
+	HOOKID_IOSYSCALL_FSYNC_RETURN = 28
+
+	HOOKID_IOSYSCALL_FDATASYNC_ENTRY = 29
+	HOOKID_IOSYSCALL_FDATASYNC_RETURN = 30
+
+	HOOKID_IOSYSCALL_FLOCK_ENTRY = 31
+	HOOKID_IOSYSCALL_FLOCK_RETURN = 32
 }
 
 
diff --git a/tapset/LKET/iosyscall.stp b/tapset/LKET/iosyscall.stp
new file mode 100755
index 00000000..527aaeeb
--- /dev/null
+++ b/tapset/LKET/iosyscall.stp
@@ -0,0 +1,383 @@
+// Copyright (C) 2006 IBM Corp.
+//
+// This file is part of systemtap, and is free software.  You can
+// redistribute it and/or modify it under the terms of the GNU General
+// Public License (GPL); either version 2, or (at your option) any
+// later version.
+
+probe addevent.iosyscall
+	= addevent.iosyscall.entry,
+	addevent.iosyscall.return
+{}
+
+probe addevent.iosyscall.entry
+	+= _addevent.iosyscall.entry
+{
+	update_record()
+}
+
+probe addevent.iosyscall.return
+	+= _addevent.iosyscall.return
+{
+	update_record()
+}
+
+
+probe _addevent.iosyscall.entry
+	= syscall.open,
+	syscall.close,
+	syscall.read,
+	syscall.write,
+	syscall.readv,
+	syscall.writev,
+	syscall.pread64,
+	syscall.pwrite64,
+	syscall.readahead,
+	syscall.sendfile,
+	syscall.lseek,
+	syscall.llseek,
+	syscall.sync,
+	syscall.fsync,
+	syscall.fdatasync,
+	syscall.flock
+{
+	dummy_c_function() /* used to prevent over-optimization */
+}
+
+probe _addevent.iosyscall.return
+	= syscall.open.return,
+	syscall.close.return,
+	syscall.read.return,
+	syscall.write.return,
+	syscall.readv.return,
+	syscall.writev.return,
+	syscall.pread64.return,
+	syscall.pwrite64.return,
+	syscall.readahead.return,
+	syscall.sendfile.return,
+	syscall.lseek.return,
+	syscall.llseek.return,
+	syscall.sync.return,
+	syscall.fsync.return,
+	syscall.fdatasync.return,
+	syscall.flock.return
+{
+	dummy_c_function() /* used to prevent over-optimization */
+}
+
+
+function dummy_c_function()
+%{
+%}
+
+probe syscall.open
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_open(filename, flags, mode)
+}
+
+probe syscall.open.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_OPEN_RETURN, retstr)
+}
+
+function log_iosyscall_open(filename:string, flags:long, mode:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_OPEN_ENTRY, 
+		"%0s%4b%4b", THIS->filename, THIS->flags, 
+		THIS->mode);
+%}
+
+function log_iosyscall_return(var_id:long, retstr:string)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%0s", THIS->retstr);
+%}
+
+probe syscall.close
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_close(fd)
+}
+
+probe syscall.close.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_CLOSE_RETURN, retstr)
+}
+
+
+function log_iosyscall_close(fd:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_CLOSE_ENTRY, 
+		"%8b", THIS->fd);
+%}
+
+probe syscall.read
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_read_write(HOOKID_IOSYSCALL_READ_ENTRY, fd, 
+			buf_uaddr, count)
+}
+
+probe syscall.read.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_READ_RETURN, retstr)
+}
+	
+probe syscall.write
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_read_write(HOOKID_IOSYSCALL_WRITE_ENTRY, fd, 
+			buf_uaddr, count)
+}
+
+probe syscall.write.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_WRITE_RETURN, retstr)
+}
+	
+function log_iosyscall_read_write(var_id:long, fd:long, buf_uaddr:long,
+		count:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b%8b%8b",
+		THIS->fd, THIS->buf_uaddr, THIS->count);
+%}
+
+probe syscall.readv
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_readv_writev(HOOKID_IOSYSCALL_READV_ENTRY, 
+			fd, vector_uaddr, count)
+}
+
+probe syscall.readv.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_READV_RETURN, retstr)
+}
+	
+probe syscall.writev
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_readv_writev(HOOKID_IOSYSCALL_WRITEV_ENTRY, 
+			fd, vector_uaddr, count)
+}
+
+probe syscall.writev.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_WRITEV_RETURN, retstr)
+}
+	
+function log_iosyscall_readv_writev(var_id:long, fd:long, 
+		vector_uaddr:long, count:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b%8b%8b",
+		THIS->fd, THIS->vector_uaddr, THIS->count);
+%}
+
+probe syscall.pread64
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_pread64_pwrite64(HOOKID_IOSYSCALL_PREAD64_ENTRY, 
+			fd, buf_uaddr, count, offset)
+}
+
+probe syscall.pread64.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_PREAD64_RETURN, retstr)
+}
+	
+probe syscall.pwrite64
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_pread64_pwrite64(HOOKID_IOSYSCALL_PWRITE64_ENTRY,
+			fd, buf_uaddr, count, offset);
+}
+
+probe syscall.pwrite64.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_PWRITE64_RETURN, retstr)
+}
+
+function log_iosyscall_pread64_pwrite64(var_id:long, fd:long, 
+		buf_uaddr:long, count:long, offset:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b%8b%8b%8b",
+		THIS->fd, THIS->buf_uaddr, THIS->count, THIS->offset);
+%}
+
+probe syscall.readahead
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_readahead(fd, offset, count)
+}
+
+probe syscall.readahead.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_READAHEAD_RETURN, retstr)
+}
+
+
+function log_iosyscall_readahead(fd:long, offset:long,count:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_READAHEAD_ENTRY,
+		"%8b%8b%8b", THIS->fd, THIS->offset, THIS->count);
+%}
+
+probe syscall.sendfile
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_sendfile(HOOKID_IOSYSCALL_SENDFILE_ENTRY,
+			out_fd, in_fd, offset_uaddr, count)
+}
+
+probe syscall.sendfile.return
+{
+	if(filter_by_pid() == 1 )
+		 log_iosyscall_return(HOOKID_IOSYSCALL_SENDFILE_RETURN, retstr)
+}
+	
+function log_iosyscall_sendfile(var_id:long, out_fd:long, in_fd:long,
+		offset_uaddr:long, count:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b%8b%8b%8b",
+		THIS->out_fd, THIS->in_fd, THIS->offset_uaddr,
+		THIS->count);
+%}
+
+probe syscall.lseek
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_lseek(fildes, offset, whence)
+}
+
+probe syscall.lseek.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_LSEEK_RETURN, retstr)
+}
+
+function log_iosyscall_lseek(fd:long, offset:long, whence:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_LSEEK_ENTRY,
+		"%8b%8b%1b", THIS->fd, THIS->offset, THIS->whence);
+%}
+
+probe syscall.llseek
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_llseek(fd, offset_high, offset_low, result_uaddr,
+			whence)
+}
+
+probe syscall.llseek.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_LLSEEK_RETURN, retstr)
+}
+
+function log_iosyscall_llseek(fd:long, offset_high:long, offset_low:long,
+		result_uaddr:long, whence:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_LLSEEK_ENTRY,
+		"%8b%8b%8b%8b%1b", THIS->fd, THIS->offset_high,
+		THIS->offset_low, THIS->result_uaddr, THIS->whence);
+%}
+
+probe syscall.sync
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_sync()
+}
+
+probe syscall.sync.return
+{
+	if(filter_by_pid() == 1 )
+		 log_iosyscall_return(HOOKID_IOSYSCALL_SYNC_RETURN, retstr)
+}
+
+function log_iosyscall_sync()
+%{
+        struct timeval tv; 
+        do_gettimeofday(&tv); 
+#if defined(ASCII_TRACE)
+	_stp_printf("%d%d%d%d%d%d%d%d", _GROUP_IOSYSCALL,
+		_HOOKID_IOSYSCALL_SYNC_ENTRY, tv.tv_sec, tv.tv_usec,
+		current->tgid, current->parent->pid, current->pid,
+                current->thread_info->cpu);
+
+#else
+        _stp_printf("%2b%2n%1b%1b%4b%4b%4b%4b%4b%1b", (_FMT_)0,
+		(_FMT_)_GROUP_IOSYSCALL, (_FMT_)_HOOKID_IOSYSCALL_SYNC_ENTRY,
+                (_FMT_)tv.tv_sec, (_FMT_)tv.tv_usec, (_FMT_)current->tgid,
+                (_FMT_)current->parent->pid, (_FMT_)current->pid,
+                (_FMT_)current->thread_info->cpu);
+#endif
+
+%}
+
+probe syscall.fsync
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_fsync(HOOKID_IOSYSCALL_FSYNC_ENTRY, fd)
+}
+
+probe syscall.fsync.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_FSYNC_RETURN, retstr)
+}
+	
+probe syscall.fdatasync
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_fsync(HOOKID_IOSYSCALL_FDATASYNC_ENTRY, fd)
+}
+
+probe syscall.fdatasync.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_FDATASYNC_RETURN, retstr)
+}
+
+function log_iosyscall_fsync(var_id:long, fd:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, THIS->var_id, "%8b", THIS->fd);
+%}
+
+probe syscall.flock
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_flock(fd, operation)
+}
+
+probe syscall.flock.return
+{
+	if(filter_by_pid() == 1 )
+		log_iosyscall_return(HOOKID_IOSYSCALL_FLOCK_RETURN, retstr)
+}
+
+function log_iosyscall_flock(fd:long, operation:long)
+%{
+	_lket_trace(_GROUP_IOSYSCALL, _HOOKID_IOSYSCALL_FLOCK_ENTRY,
+		"%8b%4b", THIS->fd, THIS->operation);
+%}
+	
+/*
+
+fs:
+newfstat, newlstat, newstat,pipe,poll,select,readlink,rename,rmdir,symlink,,
+truncate,ftruncate,unlink,chmod,chown,dup,dup2,fchdir,fchmod,fchown,fcntl,
+fstatfs,link,mkdir,
+
+aio:
+io_cancel,io_destroy,io_getevents,io_setup,io_submit, 
+
+*/
diff --git a/tapset/LKET/register_event.stp b/tapset/LKET/register_event.stp
index 3150bf51..76b6d6f2 100755
--- a/tapset/LKET/register_event.stp
+++ b/tapset/LKET/register_event.stp
@@ -11,7 +11,7 @@ global usr_evt_name, usr_evt_fmt
 %{
 
 #define _MAXGROUPID  20
-#define _MAXHOOKID   20
+#define _MAXHOOKID   40
 
 int get_fmtcode(char *fmt)
 {
@@ -102,7 +102,8 @@ function register_event(grpid:long, hookid:long, evt_type:long, fmt:string, name
 	}
 
 	if(fmt!=NULL || name != NULL)  {
-		_stp_warn("unpaired types/names\n");
+		_stp_warn("unpaired types/names, grpid:%d, hookid:%d\n",
+			THIS->grpid, THIS->hookid);
 		_stp_exit();
 	}
 
@@ -117,47 +118,134 @@ function register_event(grpid:long, hookid:long, evt_type:long, fmt:string, name
 
 function register_sys_events()
 {
-	register_sys_event(GROUP_SYSCALL, HOOKID_SYSCALL_ENTRY, "STRING", "Syscall")
-	register_sys_event(GROUP_SYSCALL, HOOKID_SYSCALL_RETURN, "STRING", "Syscall")
+	register_sys_event(GROUP_SYSCALL, HOOKID_SYSCALL_ENTRY, "STRING", "syscall")
+	register_sys_event(GROUP_SYSCALL, HOOKID_SYSCALL_RETURN, "STRING", "syscall")
 		
 	register_sys_event(GROUP_PROCESS, HOOKID_PROCESS_SNAPSHOT,
-		"INT32:STRING", "PID:PNAME")
+		"INT32:STRING", "pid:pname")
 	register_sys_event(GROUP_PROCESS, HOOKID_PROCESS_EXECVE,
-		"STRING", "PNAME")
+		"STRING", "pname")
 	register_sys_event(GROUP_PROCESS, HOOKID_PROCESS_FORK,
-		"INT32", "PID")
+		"INT32", "pid")
 
 	register_sys_event(GROUP_IOSCHED, HOOKID_IOSCHED_NEXT_REQ,
-		"STRING:INT8:INT8", "ELV_NAME:MAJOR:MINOR")
+		"STRING:INT8:INT8", "elv_name:major:minor")
+
 	register_sys_event(GROUP_IOSCHED, HOOKID_IOSCHED_ADD_REQ,
-		"STRING:INT8:INT8", "ELV_NAME:MAJOR:MINOR")
+		"STRING:INT8:INT8", "elv_name:major:minor")
+
 	register_sys_event(GROUP_IOSCHED, HOOKID_IOSCHED_REMOVE_REQ,
-		"STRING:INT8:INT8", "ELV_NAME:MAJOR:MINOR")
+		"STRING:INT8:INT8", "elv_name:major:minor")
 
 	register_sys_event(GROUP_TASK, HOOKID_TASK_CTXSWITCH,
-		"INT32:INT32:INT8", "Prev_PID:Next_PID:Prev_State")
+		"INT32:INT32:INT8", "prev_pid:next_pid:prev_state")
+
 	register_sys_event(GROUP_TASK, HOOKID_TASK_CPUIDLE,
-		"INT32", "CurrPID")
+		"INT32", "cur_pid")
 
 	register_sys_event(GROUP_SCSI, HOOKID_SCSI_IOENTRY,
-		"INT8:INT8:INT8", "MAJOR:MINOR:SDEV_STATE")
+		"INT8:INT8:INT8", "major:minor:sdev_state")
+
 	register_sys_event(GROUP_SCSI, HOOKID_SCSI_IO_TO_LLD,
 		"INT8:INT32:INT8:INT64:INT32:INT64",
-		"SDEV_STATE:SCSI_INFO:Data_Dir:Req_Buf:Buf_Len:Cmd_ID")
+		"sdev_state:scsi_info:data_dir:req_buff:buf_len:cmd_id")
+
 	register_sys_event(GROUP_SCSI, HOOKID_SCSI_IODONE_BY_LLD,
-		"INT32:INT8:INT64", "SCSI_INFO:Data_Dir:Cmd_ID")
+		"INT32:INT8:INT64", "scsi_info:data_dir:cmd_id")
+
 	register_sys_event(GROUP_SCSI, HOOKID_SCSI_IOCOMP_BY_MIDLEVEL,
-		"INT32:INT8:INT64:INT32", "SCSI_INFO:Data_Dir:Cmd_ID:Bytes");
+		"INT32:INT8:INT64:INT32", "scsi_info:data_dir:cmd_id:bytes");
 
 	register_sys_event(GROUP_PAGEFAULT, HOOKID_PAGEFAULT,
-		"INT64:INT8", "ADDR:WRITE")
+		"INT64:INT8", "addr:write")
 
 	register_sys_event(GROUP_NETDEV, HOOKID_NETDEV_RECEIVE,
-		"STRING:INT32:INT16:INT32", "DEV_NAME:Data_LEN:Protocol:Buff_Size")
+		"STRING:INT32:INT16:INT32", "dev_name:data_len:protocol:buff_size")
+
 	register_sys_event(GROUP_NETDEV, HOOKID_NETDEV_TRANSMIT,
-		"STRING:INT32:INT16:INT32", "DEV_NAME:Data_LEN:Protocol:Buff_Size")
+		"STRING:INT32:INT16:INT32", "dev_name:data_len:protocol:buff_size")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_OPEN_ENTRY,
+		"STRING:INT32:INT32", "filename:flags:mode")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_OPEN_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_CLOSE_ENTRY,
+		"INT64", "fd")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_CLOSE_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READ_ENTRY,
+		"INT64:INT64:INT64", "fd:buff_addr:count")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READ_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_WRITE_ENTRY,
+		"INT64:INT64:INT64", "fd:buff_addr:count")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_WRITE_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READV_ENTRY,
+		"INT64:INT64:INT64", "fd:vector_uaddr:count")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READV_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_WRITEV_ENTRY,
+		"INT64:INT64:INT64", "fd:vector_uaddr:count")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_WRITEV_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_PREAD64_ENTRY,
+		"INT64:INT64:INT64:INT64", "fd:buff_uaddr:count:offset")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_PREAD64_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_PWRITE64_ENTRY,
+		"INT64:INT64:INT64:INT64", "fd:buff_uaddr:count:offset")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_PWRITE64_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READAHEAD_ENTRY,
+		"INT64:INT64:INT64", "fd:offset:count")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_READAHEAD_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_SENDFILE_ENTRY,
+		"INT64:INT64:INT64:INT64", "out_fd:in_fd:offset_uaddr:count")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_SENDFILE_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_LSEEK_ENTRY,
+		"INT64:INT64:INT8", "fd:offset:whence")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_LSEEK_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_LLSEEK_ENTRY,
+		"INT64:INT64:INT64:INT64:INT8b", 
+		"fd:offset_high:offset_low:result_uaddr:whence")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_LLSEEK_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_SYNC_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FSYNC_ENTRY,
+		"INT64", "fd")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FSYNC_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FDATASYNC_ENTRY,
+		"INT64", "fd")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FDATASYNC_RETURN,
+		"STRING", "return")
+
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FLOCK_ENTRY,
+		"INT64:INT32", "fd:operation")
+	register_sys_event(GROUP_IOSYSCALL, HOOKID_IOSYSCALL_FLOCK_RETURN,
+		"STRING", "return")
 }
 
+
 probe register_event = begin
 {
 	hookid_init()