diff options
| author | Josh Stone <jistone@redhat.com> | 2009-05-29 14:38:23 -0700 |
|---|---|---|
| committer | Josh Stone <jistone@redhat.com> | 2009-05-29 16:52:24 -0700 |
| commit | fd177173fc6547dc17767470308b9bd24e76df7b (patch) | |
| tree | 17793bb0429f0e49e2ea6e3da2f418f170423d2b /tapset/nd_syscalls2.stp | |
| parent | af3155cf870ae7fcfc22b446e14a9f3f96b1782b (diff) | |
| download | systemtap-steved-fd177173fc6547dc17767470308b9bd24e76df7b.tar.gz systemtap-steved-fd177173fc6547dc17767470308b9bd24e76df7b.tar.xz systemtap-steved-fd177173fc6547dc17767470308b9bd24e76df7b.zip | |
Convert nd_syscalls2 to kprobe.function
Diffstat (limited to 'tapset/nd_syscalls2.stp')
| -rw-r--r-- | tapset/nd_syscalls2.stp | 874 |
1 files changed, 437 insertions, 437 deletions
diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index a67ebd22..f3a2c14f 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -28,7 +28,7 @@ # long compat_sys_nanosleep(struct compat_timespec __user *rqtp, # struct compat_timespec __user *rmtp) # -probe nd_syscall.nanosleep = kernel.function("sys_nanosleep") { +probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") { name = "nanosleep" // req_uaddr = $rqtp // rem_uaddr = $rmtp @@ -38,11 +38,11 @@ probe nd_syscall.nanosleep = kernel.function("sys_nanosleep") { rem_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _struct_timespec_u(req_uaddr,1), rem_uaddr) } -probe nd_syscall.nanosleep.return = kernel.function("sys_nanosleep").return { +probe nd_syscall.nanosleep.return = kprobe.function("sys_nanosleep").return { name = "nanosleep" retstr = returnstr(1) } -probe nd_syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ? { +probe nd_syscall.compat_nanosleep = kprobe.function("compat_sys_nanosleep") ? { name = "nanosleep" // req_uaddr = $rqtp // rem_uaddr = $rmtp @@ -52,7 +52,7 @@ probe nd_syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ? { rem_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _struct_compat_timespec_u(req_uaddr,1), rem_uaddr) } -probe nd_syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep").return ? { +probe nd_syscall.compat_nanosleep.return = kprobe.function("compat_sys_nanosleep").return ? { name = "nanosleep" retstr = returnstr(1) } @@ -64,8 +64,8 @@ probe nd_syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep # union compat_nfsctl_res __user *res) # probe nd_syscall.nfsservctl = - kernel.function("sys_nfsservctl") ?, - kernel.function("compat_sys_nfsservctl") ? + kprobe.function("sys_nfsservctl") ?, + kprobe.function("compat_sys_nfsservctl") ? { name = "nfsservctl" // cmd = $cmd @@ -79,8 +79,8 @@ probe nd_syscall.nfsservctl = argstr = sprintf("%s, %p, %p", _nfsctl_cmd_str(cmd), argp_uaddr, resp_uaddr) } probe nd_syscall.nfsservctl.return = - kernel.function("sys_nfsservctl").return ?, - kernel.function("compat_sys_nfsservctl").return ? + kprobe.function("sys_nfsservctl").return ?, + kprobe.function("compat_sys_nfsservctl").return ? { name = "nfsservctl" retstr = returnstr(1) @@ -89,7 +89,7 @@ probe nd_syscall.nfsservctl.return = # nice _______________________________________________________ # long sys_nice(int increment) # -probe nd_syscall.nice = kernel.function("sys_nice") ? { +probe nd_syscall.nice = kprobe.function("sys_nice") ? { name = "nice" // inc = $increment // argstr = sprintf("%d", $increment) @@ -97,7 +97,7 @@ probe nd_syscall.nice = kernel.function("sys_nice") ? { inc = int_arg(1) argstr = sprintf("%d", inc) } -probe nd_syscall.nice.return = kernel.function("sys_nice").return ? { +probe nd_syscall.nice.return = kprobe.function("sys_nice").return ? { name = "nice" retstr = returnstr(1) } @@ -106,11 +106,11 @@ probe nd_syscall.nice.return = kernel.function("sys_nice").return ? { # # long sys_ni_syscall(void) # -probe nd_syscall.ni_syscall = kernel.function("sys_ni_syscall") { +probe nd_syscall.ni_syscall = kprobe.function("sys_ni_syscall") { name = "ni_syscall" argstr = "" } -probe nd_syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { +probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return { name = "ni_syscall" retstr = returnstr(1) } @@ -120,9 +120,9 @@ probe nd_syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { # (obsolete) long sys32_open(const char * filename, int flags, int mode) # probe nd_syscall.open = - kernel.function("sys_open") ?, - kernel.function("compat_sys_open") ?, - kernel.function("sys32_open") ? + kprobe.function("sys_open") ?, + kprobe.function("compat_sys_open") ?, + kprobe.function("sys32_open") ? { name = "open" // filename = user_string($filename) @@ -146,9 +146,9 @@ probe nd_syscall.open = _sys_open_flag_str(flags)) } probe nd_syscall.open.return = - kernel.function("sys_open").return ?, - kernel.function("compat_sys_open").return ?, - kernel.function("sys32_open").return ? + kprobe.function("sys_open").return ?, + kprobe.function("compat_sys_open").return ?, + kprobe.function("sys32_open").return ? { name = "open" retstr = returnstr(1) @@ -159,8 +159,8 @@ probe nd_syscall.open.return = # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # probe nd_syscall.openat = - kernel.function("sys_openat") ?, - kernel.function("compat_sys_openat") ? + kprobe.function("sys_openat") ?, + kprobe.function("compat_sys_openat") ? { name = "openat" // filename = user_string($filename) @@ -188,8 +188,8 @@ probe nd_syscall.openat = _sys_open_flag_str(flags)) } probe nd_syscall.openat.return = - kernel.function("sys_openat").return ?, - kernel.function("compat_sys_openat").return ? + kprobe.function("sys_openat").return ?, + kprobe.function("compat_sys_openat").return ? { name = "openat" retstr = returnstr(1) @@ -199,16 +199,16 @@ probe nd_syscall.openat.return = # # sys_pause(void) # -probe nd_syscall.pause = kernel.function("sys_pause") ?, - kernel.function("sys32_pause") ?, - kernel.function("compat_sys_pause") ? +probe nd_syscall.pause = kprobe.function("sys_pause") ?, + kprobe.function("sys32_pause") ?, + kprobe.function("compat_sys_pause") ? { name = "pause" argstr = "" } -probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, - kernel.function("sys32_pause").return ?, - kernel.function("compat_sys_pause").return ? +probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, + kprobe.function("sys32_pause").return ?, + kprobe.function("compat_sys_pause").return ? { name = "pause" retstr = returnstr(1) @@ -222,14 +222,14 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # unsigned long dfn) # # -#probe nd_syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { +#probe nd_syscall.pciconfig_iobase = kprobe.function("sys_pciconfig_iobase") { # name = "pciconfig_iobase" # which = $which # bus = $bus # dfn = $dfn # argstr = sprintf("%p, %p, %p", which, bus, dfn) #} -#probe nd_syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { +#probe nd_syscall.pciconfig_iobase.return = kprobe.function("sys_pciconfig_iobase").return { # name = "pciconfig_iobase" # retstr = returnstr(1) #} @@ -244,7 +244,7 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # { return 0; } # # -#probe nd_syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { +#probe nd_syscall.pciconfig_read = kprobe.function("sys_pciconfig_read") { # name = "pciconfig_read" # bus = $bus # dfn = $dfn @@ -255,7 +255,7 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # len, buf_uaddr) #} #probe nd_syscall.pciconfig_read.return = -# kernel.function("sys_pciconfig_read").return { +# kprobe.function("sys_pciconfig_read").return { # name = "pciconfig_read" # retstr = returnstr(1) #} @@ -269,7 +269,7 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # unsigned char *buf) # # -#probe nd_syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { +#probe nd_syscall.pciconfig_write = kprobe.function("sys_pciconfig_write") { # name = "pciconfig_write" # bus = $bus # dfn = $dfn @@ -280,7 +280,7 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # len, buf_uaddr) #} #probe nd_syscall.pciconfig_write.return = -# kernel.function("sys_pciconfig_write").return { +# kprobe.function("sys_pciconfig_write").return { # name = "pciconfig_write" # retstr = returnstr(1) #} @@ -289,14 +289,14 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # asmlinkage long # sys_personality(u_long personality) # -probe nd_syscall.personality = kernel.function("sys_personality") { +probe nd_syscall.personality = kprobe.function("sys_personality") { name = "personality" // persona = $personality asmlinkage() persona = ulong_arg(1) argstr = sprintf("%p", persona); } -probe nd_syscall.personality.return = kernel.function("sys_personality").return { +probe nd_syscall.personality.return = kprobe.function("sys_personality").return { name = "personality" retstr = returnstr(1) } @@ -305,7 +305,7 @@ probe nd_syscall.personality.return = kernel.function("sys_personality").return # asmlinkage int # sys_pipe(unsigned long __user * fildes) # -probe nd_syscall.pipe = kernel.function("sys_pipe") { +probe nd_syscall.pipe = kprobe.function("sys_pipe") { name = "pipe" %( arch == "ia64" %? # ia64 just returns value directly, no fildes argument @@ -319,7 +319,7 @@ probe nd_syscall.pipe = kernel.function("sys_pipe") { %) } -probe nd_syscall.pipe.return = kernel.function("sys_pipe").return { +probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return { name = "pipe" retstr = returnstr(1) } @@ -328,7 +328,7 @@ probe nd_syscall.pipe.return = kernel.function("sys_pipe").return { # # long sys_pivot_root(const char __user *new_root, const char __user *put_old) # -probe nd_syscall.pivot_root = kernel.function("sys_pivot_root") { +probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") { name = "pivot_root" // new_root_str = user_string($new_root) // old_root_str = user_string($put_old) @@ -340,7 +340,7 @@ probe nd_syscall.pivot_root = kernel.function("sys_pivot_root") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.pivot_root.return = kernel.function("sys_pivot_root").return { +probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return { name = "pivot_root" retstr = returnstr(1) } @@ -349,7 +349,7 @@ probe nd_syscall.pivot_root.return = kernel.function("sys_pivot_root").return { # # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) # -probe nd_syscall.poll = kernel.function("sys_poll") { +probe nd_syscall.poll = kprobe.function("sys_poll") { name = "poll" // ufds_uaddr = $ufds // nfds = $nfds @@ -361,7 +361,7 @@ probe nd_syscall.poll = kernel.function("sys_poll") { timeout = long_arg(3) argstr = sprintf("%p, %d, %d", ufds_uaddr, nfds, timeout) } -probe nd_syscall.poll.return = kernel.function("sys_poll").return { +probe nd_syscall.poll.return = kprobe.function("sys_poll").return { name = "poll" retstr = returnstr(1) } @@ -372,7 +372,7 @@ probe nd_syscall.poll.return = kernel.function("sys_poll").return { # struct timespec __user *tsp, const sigset_t __user *sigmask, # size_t sigsetsize) # -probe nd_syscall.ppoll = kernel.function("sys_ppoll") ? { +probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? { name = "ppoll" // argstr = sprintf("%p, %d, %s, %p, %d", // $ufds, @@ -388,7 +388,7 @@ probe nd_syscall.ppoll = kernel.function("sys_ppoll") ? { pointer_arg(4), ulong_arg(5)) } -probe nd_syscall.ppoll.return = kernel.function("sys_ppoll").return ? { +probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ? { name = "ppoll" retstr = returnstr(1) } @@ -396,7 +396,7 @@ probe nd_syscall.ppoll.return = kernel.function("sys_ppoll").return ? { # unsigned int nfds, struct compat_timespec __user *tsp, # const compat_sigset_t __user *sigmask, compat_size_t sigsetsize) # -probe nd_syscall.compat_ppoll = kernel.function("compat_sys_ppoll") ? { +probe nd_syscall.compat_ppoll = kprobe.function("compat_sys_ppoll") ? { name = "ppoll" // argstr = sprintf("%p, %d, %s, %p, %d", // $ufds, @@ -412,7 +412,7 @@ probe nd_syscall.compat_ppoll = kernel.function("compat_sys_ppoll") ? { pointer_arg(4), u32_arg(5)) } -probe nd_syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ? { +probe nd_syscall.compat_ppoll.return = kprobe.function("compat_sys_ppoll").return ? { name = "ppoll" retstr = returnstr(1) } @@ -426,7 +426,7 @@ probe nd_syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").retur # unsigned long arg4, # unsigned long arg5) # -probe nd_syscall.prctl = kernel.function("sys_prctl") { +probe nd_syscall.prctl = kprobe.function("sys_prctl") { name = "prctl" // option = $option // arg2 = $arg2 @@ -442,7 +442,7 @@ probe nd_syscall.prctl = kernel.function("sys_prctl") { argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3, arg4, arg5) } -probe nd_syscall.prctl.return = kernel.function("sys_prctl").return { +probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return { name = "prctl" retstr = returnstr(1) } @@ -453,7 +453,7 @@ probe nd_syscall.prctl.return = kernel.function("sys_prctl").return { # size_t count, # loff_t pos) # -probe nd_syscall.pread = kernel.function("sys_pread64") { +probe nd_syscall.pread = kprobe.function("sys_pread64") { name = "pread" // fd = $fd // buf_uaddr = $buf @@ -467,7 +467,7 @@ probe nd_syscall.pread = kernel.function("sys_pread64") { offset = longlong_arg(4) argstr = sprintf("%d, %p, %d, %d", fd, buf_uaddr, count, offset) } -probe nd_syscall.pread.return = kernel.function("sys_pread64").return { +probe nd_syscall.pread.return = kprobe.function("sys_pread64").return { name = "pread" retstr = returnstr(1) } @@ -477,7 +477,7 @@ probe nd_syscall.pread.return = kernel.function("sys_pread64").return { # long sys_pselect6(int n, fd_set __user *inp, fd_set __user *outp, # fd_set __user *exp, struct timespec __user *tsp, void __user *sig) # -probe nd_syscall.pselect6 = kernel.function("sys_pselect6") ? { +probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? { name = "pselect6" // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, // _struct_timespec_u($tsp,1), $sig) @@ -485,11 +485,11 @@ probe nd_syscall.pselect6 = kernel.function("sys_pselect6") ? { argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_timespec_u(pointer_arg(5),1), pointer_arg(6)) } -probe nd_syscall.pselect6.return = kernel.function("sys_pselect6").return ? { +probe nd_syscall.pselect6.return = kprobe.function("sys_pselect6").return ? { name = "pselect6" retstr = returnstr(1) } -probe nd_syscall.compat_pselect6 = kernel.function("compat_sys_pselect6") ? { +probe nd_syscall.compat_pselect6 = kprobe.function("compat_sys_pselect6") ? { name = "pselect6" // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, // _struct_compat_timespec_u($tsp,1), $sig) @@ -497,7 +497,7 @@ probe nd_syscall.compat_pselect6 = kernel.function("compat_sys_pselect6") ? { argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1), pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_compat_timespec_u(pointer_arg(5),1), pointer_arg(6)) } -probe nd_syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6").return ? { +probe nd_syscall.compat_pselect6.return = kprobe.function("compat_sys_pselect6").return ? { name = "pselect6" retstr = returnstr(1) } @@ -508,7 +508,7 @@ probe nd_syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6") # fd_set __user *exp, struct timespec __user *tsp, # const sigset_t __user *sigmask, size_t sigsetsize) # -probe nd_syscall.pselect7 = kernel.function("sys_pselect7") ? { +probe nd_syscall.pselect7 = kprobe.function("sys_pselect7") ? { name = "pselect7" // argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, // _struct_timespec_u($tsp,1), $sigmask, $sigsetsize) @@ -516,11 +516,11 @@ probe nd_syscall.pselect7 = kernel.function("sys_pselect7") ? { argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_timespec_u(pointer_arg(5),1), pointer_arg(6), ulong_arg(7)) } -probe nd_syscall.pselect7.return = kernel.function("sys_pselect7").return ? { +probe nd_syscall.pselect7.return = kprobe.function("sys_pselect7").return ? { name = "pselect7" retstr = returnstr(1) } -probe nd_syscall.compat_pselect7a = kernel.function("compat_sys_pselect7") ? { +probe nd_syscall.compat_pselect7a = kprobe.function("compat_sys_pselect7") ? { name = "pselect7" //argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, // _struct_compat_timespec_u($tsp,1), $sigmask, $sigsetsize) @@ -528,7 +528,7 @@ probe nd_syscall.compat_pselect7a = kernel.function("compat_sys_pselect7") ? { argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_timespec_u(pointer_arg(5),1), pointer_arg(6), ulong_arg(7)) } -probe nd_syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").return ? { +probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7").return ? { name = "pselect7" retstr = returnstr(1) } @@ -540,7 +540,7 @@ probe nd_syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7") # long addr, # long data) # -probe nd_syscall.ptrace = kernel.function("sys_ptrace") ? { +probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? { name = "ptrace" // request = $request // pid = $pid @@ -553,7 +553,7 @@ probe nd_syscall.ptrace = kernel.function("sys_ptrace") ? { data = long_arg(4) argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) } -probe nd_syscall.ptrace.return = kernel.function("sys_ptrace").return ? { +probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? { name = "ptrace" retstr = returnstr(1) } @@ -565,7 +565,7 @@ probe nd_syscall.ptrace.return = kernel.function("sys_ptrace").return ? { # size_t count, # loff_t pos) # -probe nd_syscall.pwrite = kernel.function("sys_pwrite64") { +probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") { name = "pwrite" // fd = $fd // buf_uaddr = $buf @@ -583,13 +583,13 @@ probe nd_syscall.pwrite = kernel.function("sys_pwrite64") { text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count, offset) } -probe nd_syscall.pwrite.return = kernel.function("sys_pwrite64").return { +probe nd_syscall.pwrite.return = kprobe.function("sys_pwrite64").return { name = "pwrite" retstr = returnstr(1) } # long sys32_pwrite64(unsigned int fd, const char __user *ubuf, # size_t count, u32 poshi, u32 poslo) -probe nd_syscall.pwrite32 = kernel.function("sys32_pwrite64") ? { +probe nd_syscall.pwrite32 = kprobe.function("sys32_pwrite64") ? { name = "pwrite" // fd = $fd // buf_uaddr = $buf @@ -615,7 +615,7 @@ probe nd_syscall.pwrite32 = kernel.function("sys32_pwrite64") ? { text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count, offset) } -probe nd_syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? { +probe nd_syscall.pwrite32.return = kprobe.function("sys32_pwrite64").return ? { name = "pwrite" retstr = returnstr(1) } @@ -627,7 +627,7 @@ probe nd_syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? { # qid_t id, # void __user *addr) # -probe nd_syscall.quotactl = kernel.function("sys_quotactl") ? { +probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? { name = "quotactl" // cmd = $cmd // cmd_str = _quotactl_cmd_str($cmd) @@ -645,7 +645,7 @@ probe nd_syscall.quotactl = kernel.function("sys_quotactl") ? { addr_uaddr = pointer_arg(4) argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, id, addr_uaddr) } -probe nd_syscall.quotactl.return = kernel.function("sys_quotactl").return ? { +probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? { name = "quotactl" retstr = returnstr(1) } @@ -653,7 +653,7 @@ probe nd_syscall.quotactl.return = kernel.function("sys_quotactl").return ? { # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) -probe nd_syscall.read = kernel.function("sys_read") { +probe nd_syscall.read = kprobe.function("sys_read") { name = "read" // fd = $fd // buf_uaddr = $buf @@ -665,7 +665,7 @@ probe nd_syscall.read = kernel.function("sys_read") { count = ulong_arg(3) argstr = sprintf("%d, %p, %d", fd, buf_uaddr, count) } -probe nd_syscall.read.return = kernel.function("sys_read").return { +probe nd_syscall.read.return = kprobe.function("sys_read").return { name = "read" retstr = returnstr(1) } @@ -677,7 +677,7 @@ probe nd_syscall.read.return = kernel.function("sys_read").return { # loff_t offset, # size_t count) # -probe nd_syscall.readahead = kernel.function("sys_readahead") { +probe nd_syscall.readahead = kprobe.function("sys_readahead") { name = "readahead" // fd = $fd // offset = $offset @@ -688,7 +688,7 @@ probe nd_syscall.readahead = kernel.function("sys_readahead") { count = ulong_arg(3) argstr = sprintf("%d, %p, %p", fd, offset, count) } -probe nd_syscall.readahead.return = kernel.function("sys_readahead").return { +probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return { name = "readahead" retstr = returnstr(1) } @@ -699,8 +699,8 @@ probe nd_syscall.readahead.return = kernel.function("sys_readahead").return { # int old32_readdir(unsigned int fd, struct old_linux_dirent32 *dirent, unsigned int count) # probe nd_syscall.readdir = - kernel.function("compat_sys_old_readdir") ?, - kernel.function("old32_readdir") ? + kprobe.function("compat_sys_old_readdir") ?, + kprobe.function("old32_readdir") ? { name = "readdir" // argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) @@ -708,8 +708,8 @@ probe nd_syscall.readdir = argstr = sprintf("%d, %p, %d", uint_arg(1), pointer_arg(2), uint_arg(3)) } probe nd_syscall.readdir.return = - kernel.function("compat_sys_old_readdir").return ?, - kernel.function("old32_readdir").return ? + kprobe.function("compat_sys_old_readdir").return ?, + kprobe.function("old32_readdir").return ? { name = "readdir" retstr = returnstr(1) @@ -721,7 +721,7 @@ probe nd_syscall.readdir.return = # char __user * buf, # int bufsiz) # -probe nd_syscall.readlink = kernel.function("sys_readlink") { +probe nd_syscall.readlink = kprobe.function("sys_readlink") { name = "readlink" // path = user_string($path) // buf_uaddr = $buf @@ -735,7 +735,7 @@ probe nd_syscall.readlink = kernel.function("sys_readlink") { argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)), buf_uaddr, bufsiz) } -probe nd_syscall.readlink.return = kernel.function("sys_readlink").return { +probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return { name = "readlink" retstr = returnstr(1) } @@ -746,7 +746,7 @@ probe nd_syscall.readlink.return = kernel.function("sys_readlink").return { # char __user * buf, # int bufsiz) # -probe nd_syscall.readlinkat = kernel.function("sys_readlinkat") ? { +probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? { name = "readlinkat" //dfd = $dfd // path = user_string($path) @@ -762,7 +762,7 @@ probe nd_syscall.readlinkat = kernel.function("sys_readlinkat") ? { argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)), buf_uaddr, bufsiz) } -probe nd_syscall.readlinkat.return = kernel.function("sys_readlinkat").return ? { +probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? { name = "readlinkat" retstr = returnstr(1) } @@ -777,8 +777,8 @@ probe nd_syscall.readlinkat.return = kernel.function("sys_readlinkat").return ? # unsigned long vlen) # probe nd_syscall.readv = - kernel.function("sys_readv"), - kernel.function("compat_sys_readv") ? + kprobe.function("sys_readv"), + kprobe.function("compat_sys_readv") ? { name = "readv" // vector_uaddr = $vec @@ -797,8 +797,8 @@ probe nd_syscall.readv = argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } probe nd_syscall.readv.return = - kernel.function("sys_readv").return, - kernel.function("compat_sys_readv").return ? + kprobe.function("sys_readv").return, + kprobe.function("compat_sys_readv").return ? { name = "readv" retstr = returnstr(1) @@ -811,7 +811,7 @@ probe nd_syscall.readv.return = # unsigned int cmd, # void __user * arg) # -probe nd_syscall.reboot = kernel.function("sys_reboot") { +probe nd_syscall.reboot = kprobe.function("sys_reboot") { name = "reboot" // magic = $magic1 // magic_str = _reboot_magic_str($magic1) @@ -833,7 +833,7 @@ probe nd_syscall.reboot = kernel.function("sys_reboot") { argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, flag_str, arg_uaddr) } -probe nd_syscall.reboot.return = kernel.function("sys_reboot").return { +probe nd_syscall.reboot.return = kprobe.function("sys_reboot").return { name = "reboot" retstr = returnstr(1) } @@ -842,7 +842,7 @@ probe nd_syscall.reboot.return = kernel.function("sys_reboot").return { # # long sys_recv(int fd, void __user *ubuf, size_t size, unsigned flags) # -probe nd_syscall.recv = kernel.function("sys_recv") ? { +probe nd_syscall.recv = kprobe.function("sys_recv") ? { name = "recv" // s = $fd // buf_uaddr = $ubuf @@ -858,7 +858,7 @@ probe nd_syscall.recv = kernel.function("sys_recv") ? { flags_str = _recvflags_str(flags) argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) } -probe nd_syscall.recv.return = kernel.function("sys_recv").return ? { +probe nd_syscall.recv.return = kprobe.function("sys_recv").return ? { name = "recv" retstr = returnstr(1) } @@ -872,7 +872,7 @@ probe nd_syscall.recv.return = kernel.function("sys_recv").return ? { # struct sockaddr __user *addr, # int __user *addr_len) # -probe nd_syscall.recvfrom = kernel.function("sys_recvfrom") ? { +probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? { name = "recvfrom" // s = $fd // buf_uaddr = $ubuf @@ -894,7 +894,7 @@ probe nd_syscall.recvfrom = kernel.function("sys_recvfrom") ? { argstr = sprintf("%d, %p, %d, %s, %p, %p", s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr) } -probe nd_syscall.recvfrom.return = kernel.function("sys_recvfrom").return ? { +probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? { name = "recvfrom" retstr = returnstr(1) } @@ -905,7 +905,7 @@ probe nd_syscall.recvfrom.return = kernel.function("sys_recvfrom").return ? { # struct msghdr __user *msg, # unsigned int flags) # -probe nd_syscall.recvmsg = kernel.function("sys_recvmsg") ? { +probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? { name = "recvmsg" // s = $fd // msg_uaddr = $msg @@ -919,7 +919,7 @@ probe nd_syscall.recvmsg = kernel.function("sys_recvmsg") ? { flags_str = _recvflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, flags_str) } -probe nd_syscall.recvmsg.return = kernel.function("sys_recvmsg").return ? { +probe nd_syscall.recvmsg.return = kprobe.function("sys_recvmsg").return ? { name = "recvmsg" retstr = returnstr(1) } @@ -929,7 +929,7 @@ probe nd_syscall.recvmsg.return = kernel.function("sys_recvmsg").return ? { # struct compat_msghdr __user *msg, # unsigned int flags) # -probe nd_syscall.compat_sys_recvmsg = kernel.function("compat_sys_recvmsg") ? { +probe nd_syscall.compat_sys_recvmsg = kprobe.function("compat_sys_recvmsg") ? { name = "compat_sys_recvmsg" // s = $fd // msg_uaddr = $msg @@ -941,7 +941,7 @@ probe nd_syscall.compat_sys_recvmsg = kernel.function("compat_sys_recvmsg") ? { flags = uint_arg(3) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _recvflags_str(flags)) } -probe nd_syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg").return ? { +probe nd_syscall.compat_sys_recvmsg.return = kprobe.function("compat_sys_recvmsg").return ? { name = "compat_sys_recvmsg" retstr = returnstr(1) } @@ -954,7 +954,7 @@ probe nd_syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg # unsigned long pgoff, # unsigned long flags) # -probe nd_syscall.remap_file_pages = kernel.function("sys_remap_file_pages") ? { +probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? { name = "remap_file_pages" // start = $start // size = $size @@ -975,7 +975,7 @@ probe nd_syscall.remap_file_pages = kernel.function("sys_remap_file_pages") ? { pgoff, flags) } probe nd_syscall.remap_file_pages.return = - kernel.function("sys_remap_file_pages").return ? { + kprobe.function("sys_remap_file_pages").return ? { name = "remap_file_pages" retstr = returnstr(1) } @@ -986,7 +986,7 @@ probe nd_syscall.remap_file_pages.return = # sys_removexattr(char __user *path, # char __user *name) # -probe nd_syscall.removexattr = kernel.function("sys_removexattr") { +probe nd_syscall.removexattr = kprobe.function("sys_removexattr") { name = "removexattr" // path = user_string($path) // name_str = user_string($name) @@ -998,7 +998,7 @@ probe nd_syscall.removexattr = kernel.function("sys_removexattr") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.removexattr.return = kernel.function("sys_removexattr").return { +probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return { name = "removexattr" retstr = returnstr(1) } @@ -1008,7 +1008,7 @@ probe nd_syscall.removexattr.return = kernel.function("sys_removexattr").return # sys_rename(const char __user * oldname, # const char __user * newname) # -probe nd_syscall.rename = kernel.function("sys_rename") { +probe nd_syscall.rename = kprobe.function("sys_rename") { name = "rename" // oldpath = user_string($oldname) // newpath = user_string($newname) @@ -1020,7 +1020,7 @@ probe nd_syscall.rename = kernel.function("sys_rename") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.rename.return = kernel.function("sys_rename").return { +probe nd_syscall.rename.return = kprobe.function("sys_rename").return { name = "rename" retstr = returnstr(1) } @@ -1033,7 +1033,7 @@ probe nd_syscall.rename.return = kernel.function("sys_rename").return { # key_serial_t destringid) # compat_sys_request_key() calls sys_request_key, so don't need probe there. # -probe nd_syscall.request_key = kernel.function("sys_request_key") ? { +probe nd_syscall.request_key = kprobe.function("sys_request_key") ? { name = "request_key" // type_uaddr = $_type // description_uaddr = $_description @@ -1047,7 +1047,7 @@ probe nd_syscall.request_key = kernel.function("sys_request_key") ? { destringid = u32_arg(4) argstr = sprintf("%p, %p, %p, %p", type_uaddr,description_uaddr, callout_info_uaddr, destringid) } -probe nd_syscall.request_key.return = kernel.function("sys_request_key").return ? { +probe nd_syscall.request_key.return = kprobe.function("sys_request_key").return ? { name = "request_key" retstr = returnstr(1) } @@ -1057,12 +1057,12 @@ probe nd_syscall.request_key.return = kernel.function("sys_request_key").return # asmlinkage long # sys_restart_syscall(void) # -probe nd_syscall.restart_syscall = kernel.function("sys_restart_syscall") { +probe nd_syscall.restart_syscall = kprobe.function("sys_restart_syscall") { name = "restart_syscall" argstr = "" } probe nd_syscall.restart_syscall.return = - kernel.function("sys_restart_syscall").return { + kprobe.function("sys_restart_syscall").return { name = "restart_syscall" retstr = returnstr(1) } @@ -1071,7 +1071,7 @@ probe nd_syscall.restart_syscall.return = # asmlinkage long # sys_rmdir(const char __user * pathname) # -probe nd_syscall.rmdir = kernel.function("sys_rmdir") { +probe nd_syscall.rmdir = kprobe.function("sys_rmdir") { name = "rmdir" // pathname = user_string($pathname) // argstr = user_string_quoted($pathname) @@ -1079,7 +1079,7 @@ probe nd_syscall.rmdir = kernel.function("sys_rmdir") { pathname = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.rmdir.return = kernel.function("sys_rmdir").return { +probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return { name = "rmdir" retstr = returnstr(1) } @@ -1091,7 +1091,7 @@ probe nd_syscall.rmdir.return = kernel.function("sys_rmdir").return { # struct sigaction __user *oact, # size_t sigsetsize) # -probe nd_syscall.rt_sigaction = kernel.function("sys_rt_sigaction") ? { +probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? { name = "rt_sigaction" // sig = $sig // act_uaddr = $act @@ -1107,7 +1107,7 @@ probe nd_syscall.rt_sigaction = kernel.function("sys_rt_sigaction") ? { argstr = sprintf("%s, {%s}, %p, %d", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr, sigsetsize) } -probe nd_syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return ? { +probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) } @@ -1123,8 +1123,8 @@ probe nd_syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").retur # struct sigaction32 __user *oact, # size_t sigsetsize) -probe nd_syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?, - kernel.function("compat_sys_rt_sigaction") ? +probe nd_syscall.rt_sigaction32 = kprobe.function("sys32_rt_sigaction") ?, + kprobe.function("compat_sys_rt_sigaction") ? { name = "rt_sigaction" // sig = $sig @@ -1139,8 +1139,8 @@ probe nd_syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?, sigsetsize = uint_arg(4) argstr = sprintf("%s, %p, %p, %d", _signal_name(sig), act_uadd, oact_uaddr, sigsetsize) } -probe nd_syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").return ?, - kernel.function("compat_sys_rt_sigaction").return ? +probe nd_syscall.rt_sigaction32.return = kprobe.function("sys32_rt_sigaction").return ?, + kprobe.function("compat_sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) @@ -1150,7 +1150,7 @@ probe nd_syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").r # # long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) # -probe nd_syscall.rt_sigpending = kernel.function("sys_rt_sigpending") ? { +probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? { name = "rt_sigpending" // set_uaddr = $set // sigsetsize = $sigsetsize @@ -1160,7 +1160,7 @@ probe nd_syscall.rt_sigpending = kernel.function("sys_rt_sigpending") ? { sigsetsize = ulong_arg(2) argstr = sprintf("%p, %d", set_uaddr, sigsetsize) } -probe nd_syscall.rt_sigpending.return = kernel.function("sys_rt_sigpending").return ? { +probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").return ? { name = "rt_sigpending" retstr = returnstr(1) } @@ -1171,9 +1171,9 @@ probe nd_syscall.rt_sigpending.return = kernel.function("sys_rt_sigpending").ret # long sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize) # probe nd_syscall.rt_sigprocmask = - kernel.function("sys32_rt_sigprocmask") ?, - kernel.function("compat_sys_rt_sigprocmask") ?, - kernel.function("sys_rt_sigprocmask") ? + kprobe.function("sys32_rt_sigprocmask") ?, + kprobe.function("compat_sys_rt_sigprocmask") ?, + kprobe.function("sys_rt_sigprocmask") ? { name = "rt_sigprocmask" // how = $how @@ -1192,9 +1192,9 @@ probe nd_syscall.rt_sigprocmask = oldset_uaddr, uint_arg(4)) } probe nd_syscall.rt_sigprocmask.return = - kernel.function("sys32_rt_sigprocmask").return ?, - kernel.function("compat_sys_rt_sigprocmask").return ?, - kernel.function("sys_rt_sigprocmask").return ? + kprobe.function("sys32_rt_sigprocmask").return ?, + kprobe.function("compat_sys_rt_sigprocmask").return ?, + kprobe.function("sys_rt_sigprocmask").return ? { name = "rt_sigprocmask" retstr = returnstr(1) @@ -1204,7 +1204,7 @@ probe nd_syscall.rt_sigprocmask.return = # # long sys_rt_sigqueueinfo(int pid, int sig,siginfo_t __user *uinfo) # -probe nd_syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { +probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") { name = "rt_sigqueueinfo" // pid = $pid // sig = $sig @@ -1217,7 +1217,7 @@ probe nd_syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { argstr = sprintf("%d, %s, %p", pid, _signal_name(sig), uinfo_uaddr) } probe nd_syscall.rt_sigqueueinfo.return = - kernel.function("sys_rt_sigqueueinfo").return { + kprobe.function("sys_rt_sigqueueinfo").return { name = "rt_sigqueueinfo" retstr = returnstr(1) } @@ -1226,15 +1226,15 @@ probe nd_syscall.rt_sigqueueinfo.return = # int sys_rt_sigreturn(unsigned long __unused) # probe nd_syscall.rt_sigreturn = - kernel.function("sys_rt_sigreturn") ?, - kernel.function("sys32_rt_sigreturn") ? + kprobe.function("sys_rt_sigreturn") ?, + kprobe.function("sys32_rt_sigreturn") ? { name = "rt_sigreturn" argstr = "" } probe nd_syscall.rt_sigreturn.return = - kernel.function("sys_rt_sigreturn").return ?, - kernel.function("sys32_rt_sigreturn").return ? + kprobe.function("sys_rt_sigreturn").return ?, + kprobe.function("sys32_rt_sigreturn").return ? { name = "rt_sigreturn" retstr = returnstr(1) @@ -1245,17 +1245,17 @@ probe nd_syscall.rt_sigreturn.return = # sys_rt_sigsuspend(struct pt_regs regs) # probe nd_syscall.rt_sigsuspend = - kernel.function("sys_rt_sigsuspend") ?, - kernel.function("compat_sys_rt_sigsuspend") ?, - kernel.function("ia64_rt_sigsuspend") ? + kprobe.function("sys_rt_sigsuspend") ?, + kprobe.function("compat_sys_rt_sigsuspend") ?, + kprobe.function("ia64_rt_sigsuspend") ? { name = "rt_sigsuspend" argstr = "" } probe nd_syscall.rt_sigsuspend.return = - kernel.function("sys_rt_sigsuspend").return ?, - kernel.function("compat_sys_rt_sigsuspend").return ?, - kernel.function("ia64_rt_sigsuspend").return ? + kprobe.function("sys_rt_sigsuspend").return ?, + kprobe.function("compat_sys_rt_sigsuspend").return ?, + kprobe.function("ia64_rt_sigsuspend").return ? { name = "rt_sigsuspend" retstr = returnstr(1) @@ -1272,8 +1272,8 @@ probe nd_syscall.rt_sigsuspend.return = # struct compat_timespec __user *uts, compat_size_t sigsetsize) # probe nd_syscall.rt_sigtimedwait = - kernel.function("sys_rt_sigtimedwait"), - kernel.function("compat_sys_rt_sigtimedwait") ? + kprobe.function("sys_rt_sigtimedwait"), + kprobe.function("compat_sys_rt_sigtimedwait") ? { name = "rt_sigtimedwait" // uthese_uaddr = $uthese @@ -1292,8 +1292,8 @@ probe nd_syscall.rt_sigtimedwait = argstr = sprintf("%p, %p, %p, %d", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize) } probe nd_syscall.rt_sigtimedwait.return = - kernel.function("sys_rt_sigtimedwait").return, - kernel.function("compat_sys_rt_sigtimedwait").return ? + kprobe.function("sys_rt_sigtimedwait").return, + kprobe.function("compat_sys_rt_sigtimedwait").return ? { name = "rt_sigtimedwait" retstr = returnstr(1) @@ -1306,7 +1306,7 @@ probe nd_syscall.rt_sigtimedwait.return = # unsigned int len, # unsigned long __user *user_mask_ptr) # -probe nd_syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { +probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") { name = "sched_getaffinity" // pid = $pid // len = $len @@ -1318,7 +1318,7 @@ probe nd_syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } probe nd_syscall.sched_getaffinity.return = - kernel.function("sys_sched_getaffinity").return { + kprobe.function("sys_sched_getaffinity").return { name = "sched_getaffinity" retstr = returnstr(1) } @@ -1328,7 +1328,7 @@ probe nd_syscall.sched_getaffinity.return = # sys_sched_getparam(pid_t pid, # struct sched_param __user *param) # -probe nd_syscall.sched_getparam = kernel.function("sys_sched_getparam") { +probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") { name = "sched_getparam" // pid = $pid // p_uaddr = $param @@ -1338,7 +1338,7 @@ probe nd_syscall.sched_getparam = kernel.function("sys_sched_getparam") { argstr = sprintf("%d, %p", pid, p_uaddr) } probe nd_syscall.sched_getparam.return = - kernel.function("sys_sched_getparam").return { + kprobe.function("sys_sched_getparam").return { name = "sched_getparam" retstr = returnstr(1) } @@ -1348,7 +1348,7 @@ probe nd_syscall.sched_getparam.return = # sys_sched_get_priority_max(int policy) # probe nd_syscall.sched_get_priority_max = - kernel.function("sys_sched_get_priority_max") { + kprobe.function("sys_sched_get_priority_max") { name = "sched_get_priority_max" // policy = $policy asmlinkage() @@ -1356,7 +1356,7 @@ probe nd_syscall.sched_get_priority_max = argstr = sprint(policy) } probe nd_syscall.sched_get_priority_max.return = - kernel.function("sys_sched_get_priority_max").return { + kprobe.function("sys_sched_get_priority_max").return { name = "sched_get_priority_max" retstr = returnstr(1) } @@ -1366,7 +1366,7 @@ probe nd_syscall.sched_get_priority_max.return = # sys_sched_get_priority_min(int policy) # probe nd_syscall.sched_get_priority_min = - kernel.function("sys_sched_get_priority_min") { + kprobe.function("sys_sched_get_priority_min") { name = "sched_get_priority_min" // policy = $policy asmlinkage() @@ -1374,7 +1374,7 @@ probe nd_syscall.sched_get_priority_min = argstr = sprint(policy) } probe nd_syscall.sched_get_priority_min.return = - kernel.function("sys_sched_get_priority_min").return { + kprobe.function("sys_sched_get_priority_min").return { name = "sched_get_priority_min" retstr = returnstr(1) } @@ -1382,7 +1382,7 @@ probe nd_syscall.sched_get_priority_min.return = # # long sys_sched_getscheduler(pid_t pid) # -probe nd_syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") { +probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") { name = "sched_getscheduler" // pid = $pid // argstr = sprint($pid) @@ -1390,7 +1390,7 @@ probe nd_syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") pid = int_arg(1) argstr = sprint(pid) } -probe nd_syscall.sched_getscheduler.return = kernel.function("sys_sched_getscheduler").return { +probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getscheduler").return { name = "sched_getscheduler" retstr = returnstr(1) } @@ -1398,7 +1398,7 @@ probe nd_syscall.sched_getscheduler.return = kernel.function("sys_sched_getsched # # long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) # -probe nd_syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_interval") { +probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_interval") { name = "sched_rr_get_interval" // pid = $pid // tp_uaddr = $interval @@ -1408,7 +1408,7 @@ probe nd_syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_inter tp_uaddr = pointer_arg(2) argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr,1)) } -probe nd_syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_get_interval").return { +probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_get_interval").return { name = "sched_rr_get_interval" retstr = returnstr(1) } @@ -1420,7 +1420,7 @@ probe nd_syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_ge # FIXME: why the problem with x86_64? # %( arch != "x86_64" %? -probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { +probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") { name = "sched_setaffinity" // pid = $pid // len = $len @@ -1433,7 +1433,7 @@ probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { argstr = sprintf("%d, %d, %p", pid, len, mask_uaddr) } %: -probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { +probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") { name = "sched_setaffinity" // pid = $pid // len = 0 @@ -1446,7 +1446,7 @@ probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { argstr = sprintf("%d, <unknown>, %p", pid, mask_uaddr) } %) -probe nd_syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffinity").return { +probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffinity").return { name = "sched_setaffinity" retstr = returnstr(1) } @@ -1455,7 +1455,7 @@ probe nd_syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffini # # long sys_sched_setparam(pid_t pid, struct sched_param __user *param) # -probe nd_syscall.sched_setparam = kernel.function("sys_sched_setparam") ? { +probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? { name = "sched_setparam" // pid = $pid // p_uaddr = $param @@ -1465,7 +1465,7 @@ probe nd_syscall.sched_setparam = kernel.function("sys_sched_setparam") ? { p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_setparam.return = kernel.function("sys_sched_setparam").return ? { +probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").return ? { name = "sched_setparam" retstr = returnstr(1) } @@ -1474,7 +1474,7 @@ probe nd_syscall.sched_setparam.return = kernel.function("sys_sched_setparam").r # # long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) # -probe nd_syscall.sched_setscheduler = kernel.function("sys_sched_setscheduler") ? { +probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") ? { name = "sched_setscheduler" // pid = $pid // policy = $policy @@ -1488,7 +1488,7 @@ probe nd_syscall.sched_setscheduler = kernel.function("sys_sched_setscheduler") p_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, policy_str, p_uaddr) } -probe nd_syscall.sched_setscheduler.return = kernel.function("sys_sched_setscheduler").return ? { +probe nd_syscall.sched_setscheduler.return = kprobe.function("sys_sched_setscheduler").return ? { name = "sched_setscheduler" retstr = returnstr(1) } @@ -1496,11 +1496,11 @@ probe nd_syscall.sched_setscheduler.return = kernel.function("sys_sched_setsched # sched_yield ________________________________________________ # long sys_sched_yield(void) # -probe nd_syscall.sched_yield = kernel.function("sys_sched_yield") { +probe nd_syscall.sched_yield = kprobe.function("sys_sched_yield") { name = "sched_yield" argstr = "" } -probe nd_syscall.sched_yield.return = kernel.function("sys_sched_yield").return { +probe nd_syscall.sched_yield.return = kprobe.function("sys_sched_yield").return { name = "sched_yield" retstr = returnstr(1) } @@ -1512,7 +1512,7 @@ probe nd_syscall.sched_yield.return = kernel.function("sys_sched_yield").return # fd_set __user *exp, # struct timeval __user *tvp) # -probe nd_syscall.select = kernel.function("sys_select") { +probe nd_syscall.select = kprobe.function("sys_select") { name = "select" // n = $n // readfds_uaddr = $inp @@ -1530,7 +1530,7 @@ probe nd_syscall.select = kernel.function("sys_select") { argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } -probe nd_syscall.select.return = kernel.function("sys_select").return { +probe nd_syscall.select.return = kprobe.function("sys_select").return { name = "select" retstr = returnstr(1) } @@ -1540,7 +1540,7 @@ probe nd_syscall.select.return = kernel.function("sys_select").return { # compat_ulong_t __user *exp, # struct compat_timeval __user *tvp) # -probe nd_syscall.compat_select = kernel.function("compat_sys_select") ? { +probe nd_syscall.compat_select = kprobe.function("compat_sys_select") ? { name = "select" // n = $n // readfds_uaddr = $inp @@ -1558,7 +1558,7 @@ probe nd_syscall.compat_select = kernel.function("compat_sys_select") ? { argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } -probe nd_syscall.compat_select.return = kernel.function("compat_sys_select").return ? { +probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").return ? { name = "select" retstr = returnstr(1) } @@ -1569,7 +1569,7 @@ probe nd_syscall.compat_select.return = kernel.function("compat_sys_select").ret # int cmd, # union semun arg) # -probe nd_syscall.semctl = kernel.function("sys_semctl") ? { +probe nd_syscall.semctl = kprobe.function("sys_semctl") ? { name = "semctl" // semid = $semid // semnum = $semnum @@ -1585,7 +1585,7 @@ probe nd_syscall.semctl = kernel.function("sys_semctl") ? { cmd = int_arg(3) argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) // ** jk done } -probe nd_syscall.semctl.return = kernel.function("sys_semctl").return ? { +probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? { name = "semctl" retstr = returnstr(1) } @@ -1593,11 +1593,11 @@ probe nd_syscall.semctl.return = kernel.function("sys_semctl").return ? { # # long compat_sys_semctl(int first, int second, int third, void __user *uptr) # -probe nd_syscall.compat_sys_semctl = kernel.function("compat_sys_semctl") ? { +probe nd_syscall.compat_sys_semctl = kprobe.function("compat_sys_semctl") ? { name = "compat_sys_semctl" argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) // ** not asmlinkage } -probe nd_syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").return ? { +probe nd_syscall.compat_sys_semctl.return = kprobe.function("compat_sys_semctl").return ? { name = "compat_sys_semctl" retstr = returnstr(1) } @@ -1605,7 +1605,7 @@ probe nd_syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl") # semget _____________________________________________________ # long sys_semget (key_t key, int nsems, int semflg) # -probe nd_syscall.semget = kernel.function("sys_semget") ? { +probe nd_syscall.semget = kprobe.function("sys_semget") ? { name = "semget" // key = $key // nsems = $nsems @@ -1617,7 +1617,7 @@ probe nd_syscall.semget = kernel.function("sys_semget") ? { semflg = int_arg(3) argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg)) } -probe nd_syscall.semget.return = kernel.function("sys_semget").return ? { +probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? { name = "semget" retstr = returnstr(1) } @@ -1628,7 +1628,7 @@ probe nd_syscall.semget.return = kernel.function("sys_semget").return ? { # struct sembuf __user *tsops, # unsigned nsops) # -probe nd_syscall.semop = kernel.function("sys_semtimedop") ? { +probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? { name = "semop" // semid = $semid // tsops_uaddr = $tsops @@ -1640,7 +1640,7 @@ probe nd_syscall.semop = kernel.function("sys_semtimedop") ? { nsops = uint_arg(3) argstr = sprintf("%d, %p, %d", semid, tsops_uaddr, nsops) } -probe nd_syscall.semop.return = kernel.function("sys_semtimedop").return ? { +probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? { name = "semop" retstr = returnstr(1) } @@ -1652,7 +1652,7 @@ probe nd_syscall.semop.return = kernel.function("sys_semtimedop").return ? { # unsigned nsops, # const struct timespec __user *timeout) # -probe nd_syscall.semtimedop = kernel.function("sys_semtimedop") ? { +probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? { name = "semtimedop" // semid = $semid // sops_uaddr = $tsops @@ -1668,7 +1668,7 @@ probe nd_syscall.semtimedop = kernel.function("sys_semtimedop") ? { argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, _struct_timespec_u(timeout_uaddr,1)) } -probe nd_syscall.semtimedop.return = kernel.function("sys_semtimedop").return ? { +probe nd_syscall.semtimedop.return = kprobe.function("sys_semtimedop").return ? { name = "semtimedop" retstr = returnstr(1) } @@ -1677,7 +1677,7 @@ probe nd_syscall.semtimedop.return = kernel.function("sys_semtimedop").return ? # long compat_sys_semtimedop(int semid, struct sembuf __user *tsems, # unsigned nsops, const struct compat_timespec __user *timeout) # -probe nd_syscall.compat_sys_semtimedop = kernel.function("compat_sys_semtimedop") ? { +probe nd_syscall.compat_sys_semtimedop = kprobe.function("compat_sys_semtimedop") ? { name = "compat_sys_semtimedop" // semid = $semid // sops_uaddr = $tsems @@ -1693,7 +1693,7 @@ probe nd_syscall.compat_sys_semtimedop = kernel.function("compat_sys_semtimedop" argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, _struct_compat_timespec_u(timeout_uaddr,1)) } -probe nd_syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtimedop").return ? { +probe nd_syscall.compat_sys_semtimedop.return = kprobe.function("compat_sys_semtimedop").return ? { name = "compat_sys_semtimedop" retstr = returnstr(1) } @@ -1705,7 +1705,7 @@ probe nd_syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semt # size_t len, # unsigned flags) # -probe nd_syscall.send = kernel.function("sys_send") ? { +probe nd_syscall.send = kprobe.function("sys_send") ? { name = "send" // s = $fd // buf_uaddr = $buff @@ -1721,7 +1721,7 @@ probe nd_syscall.send = kernel.function("sys_send") ? { flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) } -probe nd_syscall.send.return = kernel.function("sys_send").return ? { +probe nd_syscall.send.return = kprobe.function("sys_send").return ? { name = "send" retstr = returnstr(1) } @@ -1734,8 +1734,8 @@ probe nd_syscall.send.return = kernel.function("sys_send").return ? { # size_t count) # probe nd_syscall.sendfile = - kernel.function("sys_sendfile") ?, - kernel.function("sys_sendfile64") ? + kprobe.function("sys_sendfile") ?, + kprobe.function("sys_sendfile64") ? { name = "sendfile" // out_fd = $out_fd @@ -1753,8 +1753,8 @@ probe nd_syscall.sendfile = count) } probe nd_syscall.sendfile.return = - kernel.function("sys_sendfile").return ?, - kernel.function("sys_sendfile64").return ? + kprobe.function("sys_sendfile").return ?, + kprobe.function("sys_sendfile64").return ? { name = "sendfile" retstr = returnstr(1) @@ -1764,7 +1764,7 @@ probe nd_syscall.sendfile.return = # # long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) # -probe nd_syscall.sendmsg = kernel.function("sys_sendmsg") ? { +probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? { name = "sendmsg" // s = $fd // msg_uaddr = $msg @@ -1778,7 +1778,7 @@ probe nd_syscall.sendmsg = kernel.function("sys_sendmsg") ? { flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) } -probe nd_syscall.sendmsg.return = kernel.function("sys_sendmsg").return ? { +probe nd_syscall.sendmsg.return = kprobe.function("sys_sendmsg").return ? { name = "sendmsg" retstr = returnstr(1) } @@ -1786,7 +1786,7 @@ probe nd_syscall.sendmsg.return = kernel.function("sys_sendmsg").return ? { # # long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags) # -probe nd_syscall.compat_sys_sendmsg = kernel.function("compat_sys_sendmsg") ? { +probe nd_syscall.compat_sys_sendmsg = kprobe.function("compat_sys_sendmsg") ? { name = "compat_sys_sendmsg" // s = $fd // msg_uaddr = $msg @@ -1798,7 +1798,7 @@ probe nd_syscall.compat_sys_sendmsg = kernel.function("compat_sys_sendmsg") ? { flags = uint_arg(3) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) } -probe nd_syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg").return ? { +probe nd_syscall.compat_sys_sendmsg.return = kprobe.function("compat_sys_sendmsg").return ? { name = "compat_sys_sendmsg" retstr = returnstr(1) } @@ -1812,7 +1812,7 @@ probe nd_syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg # struct sockaddr __user *addr, # int addr_len) # -probe nd_syscall.sendto = kernel.function("sys_sendto") ? { +probe nd_syscall.sendto = kprobe.function("sys_sendto") ? { name = "sendto" // s = $fd // buf_uaddr = $buff @@ -1834,7 +1834,7 @@ probe nd_syscall.sendto = kernel.function("sys_sendto") ? { argstr = sprintf("%d, %p, %d, %s, %s, %d", s, buf_uaddr, len, flags_str, _struct_sockaddr_u(to_uaddr,tolen), tolen) } -probe nd_syscall.sendto.return = kernel.function("sys_sendto").return ? { +probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? { name = "sendto" retstr = returnstr(1) } @@ -1845,7 +1845,7 @@ probe nd_syscall.sendto.return = kernel.function("sys_sendto").return ? { # sys_setdomainname(char __user *name, # int len) # -probe nd_syscall.setdomainname = kernel.function("sys_setdomainname") { +probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") { name = "setdomainname" // hostname_uaddr = $name // len = $len @@ -1856,7 +1856,7 @@ probe nd_syscall.setdomainname = kernel.function("sys_setdomainname") { argstr = sprintf("%p, %d", hostname_uaddr, len) } probe nd_syscall.setdomainname.return = - kernel.function("sys_setdomainname").return { + kprobe.function("sys_setdomainname").return { name = "setdomainname" retstr = returnstr(1) } @@ -1866,8 +1866,8 @@ probe nd_syscall.setdomainname.return = # long sys_setfsgid16(old_gid_t gid) # probe nd_syscall.setfsgid = - kernel.function("sys_setfsgid") ?, - kernel.function("sys_setfsgid16") ? + kprobe.function("sys_setfsgid") ?, + kprobe.function("sys_setfsgid16") ? { name = "setfsgid" // fsgid = $gid @@ -1877,8 +1877,8 @@ probe nd_syscall.setfsgid = argstr = sprint(fsgid) } probe nd_syscall.setfsgid.return = - kernel.function("sys_setfsgid").return ?, - kernel.function("sys_setfsgid16").return ? + kprobe.function("sys_setfsgid").return ?, + kprobe.function("sys_setfsgid16").return ? { name = "setfsgid" retstr = returnstr(1) @@ -1889,8 +1889,8 @@ probe nd_syscall.setfsgid.return = # long sys_setfsuid16(old_uid_t uid) # probe nd_syscall.setfsuid = - kernel.function("sys_setfsuid") ?, - kernel.function("sys_setfsuid16") ? + kprobe.function("sys_setfsuid") ?, + kprobe.function("sys_setfsuid16") ? { name = "setfsuid" // fsuid = $uid @@ -1900,8 +1900,8 @@ probe nd_syscall.setfsuid = argstr = sprint(fsuid) } probe nd_syscall.setfsuid.return = - kernel.function("sys_setfsuid").return ?, - kernel.function("sys_setfsuid16").return ? + kprobe.function("sys_setfsuid").return ?, + kprobe.function("sys_setfsuid16").return ? { name = "setfsuid" retstr = returnstr(1) @@ -1913,8 +1913,8 @@ probe nd_syscall.setfsuid.return = # long sys_setgid16(old_gid_t gid) # probe nd_syscall.setgid = - kernel.function("sys_setgid") ?, - kernel.function("sys_setgid16") ? + kprobe.function("sys_setgid") ?, + kprobe.function("sys_setgid16") ? { name = "setgid" // gid = $gid @@ -1924,8 +1924,8 @@ probe nd_syscall.setgid = argstr = sprint(gid) } probe nd_syscall.setgid.return = - kernel.function("sys_setgid").return ?, - kernel.function("sys_setgid16").return ? + kprobe.function("sys_setgid").return ?, + kprobe.function("sys_setgid16").return ? { name = "setgid" retstr = returnstr(1) @@ -1938,9 +1938,9 @@ probe nd_syscall.setgid.return = # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # probe nd_syscall.setgroups = - kernel.function("sys_setgroups") ?, - kernel.function("sys_setgroups16") ?, - kernel.function("sys32_setgroups16") ? + kprobe.function("sys_setgroups") ?, + kprobe.function("sys_setgroups16") ?, + kprobe.function("sys32_setgroups16") ? { name = "setgroups" // size = $gidsetsize @@ -1952,9 +1952,9 @@ probe nd_syscall.setgroups = argstr = sprintf("%d, %p", size, list_uaddr) } probe nd_syscall.setgroups.return = - kernel.function("sys_setgroups").return ?, - kernel.function("sys_setgroups16").return ?, - kernel.function("sys32_setgroups16").return ? + kprobe.function("sys_setgroups").return ?, + kprobe.function("sys_setgroups16").return ?, + kprobe.function("sys32_setgroups16").return ? { name = "setgroups" retstr = returnstr(1) @@ -1966,7 +1966,7 @@ probe nd_syscall.setgroups.return = # sys_sethostname(char __user *name, # int len) # -probe nd_syscall.sethostname = kernel.function("sys_sethostname") { +probe nd_syscall.sethostname = kprobe.function("sys_sethostname") { name = "sethostname" // hostname_uaddr = $name // name_str = user_string($name) @@ -1978,7 +1978,7 @@ probe nd_syscall.sethostname = kernel.function("sys_sethostname") { len = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(hostname_uaddr), len) } -probe nd_syscall.sethostname.return = kernel.function("sys_sethostname").return { +probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return { name = "sethostname" retstr = returnstr(1) } @@ -1988,7 +1988,7 @@ probe nd_syscall.sethostname.return = kernel.function("sys_sethostname").return # struct itimerval __user *value, # struct itimerval __user *ovalue) # -probe nd_syscall.setitimer = kernel.function("sys_setitimer") { +probe nd_syscall.setitimer = kprobe.function("sys_setitimer") { name = "setitimer" // which = $which // value_uaddr = $value @@ -2002,7 +2002,7 @@ probe nd_syscall.setitimer = kernel.function("sys_setitimer") { argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_itimerval_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.setitimer.return = kernel.function("sys_setitimer").return { +probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return { name = "setitimer" retstr = returnstr(1) } @@ -2011,7 +2011,7 @@ probe nd_syscall.setitimer.return = kernel.function("sys_setitimer").return { # struct compat_itimerval __user *in, # struct compat_itimerval __user *out) # -probe nd_syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ? { +probe nd_syscall.compat_setitimer = kprobe.function("compat_sys_setitimer") ? { name = "setitimer" // which = $which // value_uaddr = $in @@ -2025,7 +2025,7 @@ probe nd_syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ? { argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_compat_itimerval_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer").return ? { +probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer").return ? { name = "setitimer" retstr = returnstr(1) } @@ -2036,8 +2036,8 @@ probe nd_syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer # unsigned long maxnode) # probe nd_syscall.set_mempolicy = - kernel.function("sys_set_mempolicy") ?, - kernel.function("compat_sys_set_mempolicy") ? + kprobe.function("sys_set_mempolicy") ?, + kprobe.function("compat_sys_set_mempolicy") ? { name = "set_mempolicy" // mode = $mode @@ -2051,8 +2051,8 @@ probe nd_syscall.set_mempolicy = argstr = sprintf("%d, %p, %d", mode, nmask_uaddr, maxnode) } probe nd_syscall.set_mempolicy.return = - kernel.function("sys_set_mempolicy").return ?, - kernel.function("compat_sys_set_mempolicy").return ? + kprobe.function("sys_set_mempolicy").return ?, + kprobe.function("compat_sys_set_mempolicy").return ? { name = "set_mempolicy" retstr = returnstr(1) @@ -2064,7 +2064,7 @@ probe nd_syscall.set_mempolicy.return = # sys_setpgid(pid_t pid, # pid_t pgid) # -probe nd_syscall.setpgid = kernel.function("sys_setpgid") { +probe nd_syscall.setpgid = kprobe.function("sys_setpgid") { name = "setpgid" // pid = $pid // pgid = $pgid @@ -2074,7 +2074,7 @@ probe nd_syscall.setpgid = kernel.function("sys_setpgid") { pgid = int_arg(2) argstr = sprintf("%d, %d", pid, pgid) } -probe nd_syscall.setpgid.return = kernel.function("sys_setpgid").return { +probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return { name = "setpgid" retstr = returnstr(1) } @@ -2085,7 +2085,7 @@ probe nd_syscall.setpgid.return = kernel.function("sys_setpgid").return { # int who, # int niceval) # -probe nd_syscall.setpriority = kernel.function("sys_setpriority") { +probe nd_syscall.setpriority = kprobe.function("sys_setpriority") { name = "setpriority" // which = $which // which_str = _priority_which_str($which) @@ -2099,7 +2099,7 @@ probe nd_syscall.setpriority = kernel.function("sys_setpriority") { prio = int_arg(3) argstr = sprintf("%s, %d, %d", which_str, who, prio) } -probe nd_syscall.setpriority.return = kernel.function("sys_setpriority").return { +probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return { name = "setpriority" retstr = returnstr(1) } @@ -2107,7 +2107,7 @@ probe nd_syscall.setpriority.return = kernel.function("sys_setpriority").return # setregid ___________________________________________________ # long sys_setregid(gid_t rgid, gid_t egid) # -probe nd_syscall.setregid = kernel.function("sys_setregid") { +probe nd_syscall.setregid = kprobe.function("sys_setregid") { name = "setregid" // rgid = __int32($rgid) // egid = __int32($egid) @@ -2116,14 +2116,14 @@ probe nd_syscall.setregid = kernel.function("sys_setregid") { egid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", rgid, egid) } -probe nd_syscall.setregid.return = kernel.function("sys_setregid").return { +probe nd_syscall.setregid.return = kprobe.function("sys_setregid").return { name = "setregid" retstr = returnstr(1) } # setregid16 _________________________________________________ # long sys_setregid16(old_gid_t rgid, old_gid_t egid) # -probe nd_syscall.setregid16 = kernel.function("sys_setregid16") ? { +probe nd_syscall.setregid16 = kprobe.function("sys_setregid16") ? { name = "setregid" // rgid = __short($rgid) // egid = __short($egid) @@ -2132,14 +2132,14 @@ probe nd_syscall.setregid16 = kernel.function("sys_setregid16") ? { egid = __short(uint_arg(2)) argstr = sprintf("%d, %d",rgid, egid) } -probe nd_syscall.setregid16.return = kernel.function("sys_setregid16").return ? { +probe nd_syscall.setregid16.return = kprobe.function("sys_setregid16").return ? { name = "setregid" retstr = returnstr(1) } # setresgid __________________________________________________ # long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) # -probe nd_syscall.setresgid = kernel.function("sys_setresgid") { +probe nd_syscall.setresgid = kprobe.function("sys_setresgid") { name = "setresgid" // rgid = __int32($rgid) // egid = __int32($egid) @@ -2150,7 +2150,7 @@ probe nd_syscall.setresgid = kernel.function("sys_setresgid") { sgid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe nd_syscall.setresgid.return = kernel.function("sys_setresgid").return { +probe nd_syscall.setresgid.return = kprobe.function("sys_setresgid").return { name = "setresgid" retstr = returnstr(1) } @@ -2160,7 +2160,7 @@ probe nd_syscall.setresgid.return = kernel.function("sys_setresgid").return { # old_gid_t egid, # old_gid_t sgid) # -probe nd_syscall.setresgid16 = kernel.function("sys_setresgid16") ? { +probe nd_syscall.setresgid16 = kprobe.function("sys_setresgid16") ? { name = "setresgid" // rgid = __short($rgid) // egid = __short($egid) @@ -2171,7 +2171,7 @@ probe nd_syscall.setresgid16 = kernel.function("sys_setresgid16") ? { sgid = __short(uint_arg(3)) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe nd_syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? { +probe nd_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return ? { name = "setresgid16" retstr = returnstr(1) } @@ -2180,7 +2180,7 @@ probe nd_syscall.setresgid16.return = kernel.function("sys_setresgid16").return # # long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) # -probe nd_syscall.setresuid = kernel.function("sys_setresuid") { +probe nd_syscall.setresuid = kprobe.function("sys_setresuid") { name = "setresuid" // ruid = __int32($ruid) // euid = __int32($euid) @@ -2191,7 +2191,7 @@ probe nd_syscall.setresuid = kernel.function("sys_setresuid") { suid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe nd_syscall.setresuid.return = kernel.function("sys_setresuid").return { +probe nd_syscall.setresuid.return = kprobe.function("sys_setresuid").return { name = "setresuid" retstr = returnstr(1) } @@ -2200,7 +2200,7 @@ probe nd_syscall.setresuid.return = kernel.function("sys_setresuid").return { # # long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid) # -probe nd_syscall.setresuid16 = kernel.function("sys_setresuid16") ? { +probe nd_syscall.setresuid16 = kprobe.function("sys_setresuid16") ? { name = "setresuid" // ruid = __short($ruid) // reuid = __short($euid) @@ -2211,7 +2211,7 @@ probe nd_syscall.setresuid16 = kernel.function("sys_setresuid16") ? { suid = __short(uint_arg(3)) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe nd_syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? { +probe nd_syscall.setresuid16.return = kprobe.function("sys_setresuid16").return ? { name = "setresuid" retstr = returnstr(1) } @@ -2219,7 +2219,7 @@ probe nd_syscall.setresuid16.return = kernel.function("sys_setresuid16").return # setreuid ___________________________________________________ # long sys_setreuid(uid_t ruid, uid_t euid) # -probe nd_syscall.setreuid = kernel.function("sys_setreuid") { +probe nd_syscall.setreuid = kprobe.function("sys_setreuid") { name = "setreuid" // ruid = __int32($ruid) // euid = __int32($euid) @@ -2228,14 +2228,14 @@ probe nd_syscall.setreuid = kernel.function("sys_setreuid") { euid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", ruid, euid) } -probe nd_syscall.setreuid.return = kernel.function("sys_setreuid").return { +probe nd_syscall.setreuid.return = kprobe.function("sys_setreuid").return { name = "setreuid" retstr = returnstr(1) } # setreuid16 _________________________________________________ # long sys_setreuid16(old_uid_t ruid, old_uid_t euid) # -probe nd_syscall.setreuid16 = kernel.function("sys_setreuid16") ? { +probe nd_syscall.setreuid16 = kprobe.function("sys_setreuid16") ? { name = "setreuid" // ruid = __short($ruid) // euid = __short($euid) @@ -2244,7 +2244,7 @@ probe nd_syscall.setreuid16 = kernel.function("sys_setreuid16") ? { euid = __short(uint_arg(2)) argstr = sprintf("%d, %d", ruid, euid) } -probe nd_syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? { +probe nd_syscall.setreuid16.return = kprobe.function("sys_setreuid16").return ? { name = "setreuid" retstr = returnstr(1) } @@ -2254,7 +2254,7 @@ probe nd_syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? # sys_setrlimit(unsigned int resource, # struct rlimit __user *rlim) # -probe nd_syscall.setrlimit = kernel.function("sys_setrlimit") { +probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") { name = "setrlimit" // resource = $resource // rlim_uaddr = $rlim @@ -2266,7 +2266,7 @@ probe nd_syscall.setrlimit = kernel.function("sys_setrlimit") { argstr = sprintf("%s, %s", _rlimit_resource_str(resource), _struct_rlimit_u(rlim_uaddr)) } -probe nd_syscall.setrlimit.return = kernel.function("sys_setrlimit").return { +probe nd_syscall.setrlimit.return = kprobe.function("sys_setrlimit").return { name = "setrlimit" retstr = returnstr(1) } @@ -2274,11 +2274,11 @@ probe nd_syscall.setrlimit.return = kernel.function("sys_setrlimit").return { # # long sys_setsid(void) # -probe nd_syscall.setsid = kernel.function("sys_setsid") { +probe nd_syscall.setsid = kprobe.function("sys_setsid") { name = "setsid" argstr = "" } -probe nd_syscall.setsid.return = kernel.function("sys_setsid").return { +probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return { name = "setsid" retstr = returnstr(1) } @@ -2292,8 +2292,8 @@ probe nd_syscall.setsid.return = kernel.function("sys_setsid").return { # int optlen) # probe nd_syscall.setsockopt = - kernel.function("sys_setsockopt") ?, - kernel.function("compat_sys_setsockopt") ? + kprobe.function("sys_setsockopt") ?, + kprobe.function("compat_sys_setsockopt") ? { name = "setsockopt" // fd = $fd @@ -2317,8 +2317,8 @@ probe nd_syscall.setsockopt = optname_str, optval_uaddr, optlen) } probe nd_syscall.setsockopt.return = - kernel.function("sys_setsockopt").return ?, - kernel.function("compat_sys_setsockopt").return ? + kprobe.function("sys_setsockopt").return ?, + kprobe.function("compat_sys_setsockopt").return ? { name = "setsockopt" retstr = returnstr(1) @@ -2329,7 +2329,7 @@ probe nd_syscall.setsockopt.return = # asmlinkage long # sys_set_tid_address(int __user *tidptr) # -probe nd_syscall.set_tid_address = kernel.function("sys_set_tid_address") { +probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") { name = "set_tid_address" // tidptr_uaddr = $tidptr asmlinkage() @@ -2337,7 +2337,7 @@ probe nd_syscall.set_tid_address = kernel.function("sys_set_tid_address") { argstr = sprintf("%p", tidptr_uaddr) } probe nd_syscall.set_tid_address.return = - kernel.function("sys_set_tid_address").return { + kprobe.function("sys_set_tid_address").return { name = "set_tid_address" retstr = returnstr(1) } @@ -2346,7 +2346,7 @@ probe nd_syscall.set_tid_address.return = # long sys_settimeofday(struct timeval __user *tv, # struct timezone __user *tz) # -probe nd_syscall.settimeofday = kernel.function("sys_settimeofday") { +probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") { name = "settimeofday" // ttv_uaddr = $tv // ttz_uaddr = $tz @@ -2356,7 +2356,7 @@ probe nd_syscall.settimeofday = kernel.function("sys_settimeofday") { tz_uaddr = pointer_arg(2) argstr = sprintf("%s, %s", _struct_timeval_u(tv_uaddr, 1), _struct_timezone_u(tz_uaddr)) } -probe nd_syscall.settimeofday.return = kernel.function("sys_settimeofday").return { +probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").return { name = "settimeofday" retstr = returnstr(1) } @@ -2365,8 +2365,8 @@ probe nd_syscall.settimeofday.return = kernel.function("sys_settimeofday").retur # long compat_sys_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # probe nd_syscall.settimeofday32 = - kernel.function("sys32_settimeofday") ?, - kernel.function("compat_sys_settimeofday") ? + kprobe.function("sys32_settimeofday") ?, + kprobe.function("compat_sys_settimeofday") ? { name = "settimeofday" // tv_uaddr = $tv @@ -2378,8 +2378,8 @@ probe nd_syscall.settimeofday32 = argstr = sprintf("%s, %s", _struct_compat_timeval_u(tv_uaddr, 1),_struct_timezone_u(tz_uaddr)) } probe nd_syscall.settimeofday32.return = - kernel.function("sys32_settimeofday").return ?, - kernel.function("compat_sys_settimeofday").return ? + kprobe.function("sys32_settimeofday").return ?, + kprobe.function("compat_sys_settimeofday").return ? { name = "settimeofday" retstr = returnstr(1) @@ -2391,8 +2391,8 @@ probe nd_syscall.settimeofday32.return = # long sys_setuid16(old_uid_t uid) # probe nd_syscall.setuid = - kernel.function("sys_setuid16") ?, - kernel.function("sys_setuid") + kprobe.function("sys_setuid16") ?, + kprobe.function("sys_setuid") { name = "setuid" // uid = $uid @@ -2402,8 +2402,8 @@ probe nd_syscall.setuid = argstr = sprint(uid) } probe nd_syscall.setuid.return = - kernel.function("sys_setuid16").return ?, - kernel.function("sys_setuid").return + kprobe.function("sys_setuid16").return ?, + kprobe.function("sys_setuid").return { name = "setuid" retstr = returnstr(1) @@ -2416,7 +2416,7 @@ probe nd_syscall.setuid.return = # size_t size, # int flags) # -probe nd_syscall.setxattr = kernel.function("sys_setxattr") { +probe nd_syscall.setxattr = kprobe.function("sys_setxattr") { name = "setxattr" // path_uaddr = $path // path = user_string($path) @@ -2442,7 +2442,7 @@ probe nd_syscall.setxattr = kernel.function("sys_setxattr") { user_string_quoted(name_uaddr), value_uaddr, size, flags) } -probe nd_syscall.setxattr.return = kernel.function("sys_setxattr").return { +probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return { name = "setxattr" retstr = returnstr(1) } @@ -2450,11 +2450,11 @@ probe nd_syscall.setxattr.return = kernel.function("sys_setxattr").return { # # sys_sgetmask(void) # -probe nd_syscall.sgetmask = kernel.function("sys_sgetmask")? { +probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask")? { name = "sgetmask" argstr = "" } -probe nd_syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? { +probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ? { name = "sgetmask" retstr = returnstr(1) } @@ -2463,7 +2463,7 @@ probe nd_syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? { # # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # -probe nd_syscall.shmat = kernel.function("sys_shmat") ? { +probe nd_syscall.shmat = kprobe.function("sys_shmat") ? { name = "shmat" // shmid = $shmid // shmaddr_uaddr = $shmaddr @@ -2475,7 +2475,7 @@ probe nd_syscall.shmat = kernel.function("sys_shmat") ? { shmflg = int_arg(3) argstr = sprintf("%d, %p, %s", shmid, shmaddr_uaddr, _shmat_flags_str(shmflg)) } -probe nd_syscall.shmat.return = kernel.function("sys_shmat").return ? { +probe nd_syscall.shmat.return = kprobe.function("sys_shmat").return ? { name = "shmat" retstr = returnstr(1) } @@ -2484,7 +2484,7 @@ probe nd_syscall.shmat.return = kernel.function("sys_shmat").return ? { # long compat_sys_shmat(int first, int second, compat_uptr_t third, # int version, void __user *uptr) # -probe nd_syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? { +probe nd_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ? { name = "compat_sys_shmat" // first = $first // second = $second @@ -2498,7 +2498,7 @@ probe nd_syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? { uptr_uaddr = pointer_arg(5) argstr = sprintf("%d, %d, %d, %d, %p", first, second, third, int_arg(4), uptr_uaddr) } -probe nd_syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").return ? { +probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? { name = "compat_sys_shmat" retstr = returnstr(1) } @@ -2509,7 +2509,7 @@ probe nd_syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").r # int cmd, # struct shmid_ds __user *buf) # -probe nd_syscall.shmctl = kernel.function("sys_shmctl") ? { +probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? { name = "shmctl" // shmid = $shmid // cmd = $cmd @@ -2521,7 +2521,7 @@ probe nd_syscall.shmctl = kernel.function("sys_shmctl") ? { buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", shmid, _semctl_cmd(cmd), buf_uaddr) } -probe nd_syscall.shmctl.return = kernel.function("sys_shmctl").return ? { +probe nd_syscall.shmctl.return = kprobe.function("sys_shmctl").return ? { name = "shmctl" retstr = returnstr(1) } @@ -2529,7 +2529,7 @@ probe nd_syscall.shmctl.return = kernel.function("sys_shmctl").return ? { # # long compat_sys_shmctl(int first, int second, void __user *uptr) # -probe nd_syscall.compat_sys_shmctl = kernel.function("compat_sys_shmctl") ? { +probe nd_syscall.compat_sys_shmctl = kprobe.function("compat_sys_shmctl") ? { name = "compat_sys_shmctl" // first = $first // second = $second @@ -2541,7 +2541,7 @@ probe nd_syscall.compat_sys_shmctl = kernel.function("compat_sys_shmctl") ? { uptr_uaddr = pointer_arg(3) argstr = sprintf("%d, %d, %p", first, second, uptr_uaddr) } -probe nd_syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").return ? { +probe nd_syscall.compat_sys_shmctl.return = kprobe.function("compat_sys_shmctl").return ? { name = "compat_sys_shmctl" retstr = returnstr(1) } @@ -2550,7 +2550,7 @@ probe nd_syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl") # # long sys_shmdt(char __user *shmaddr) # -probe nd_syscall.shmdt = kernel.function("sys_shmdt") ? { +probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? { name = "shmdt" // shmaddr_uaddr = $shmaddr // argstr = sprintf("%p", $shmaddr) @@ -2558,7 +2558,7 @@ probe nd_syscall.shmdt = kernel.function("sys_shmdt") ? { shmaddr_uaddr = pointer_arg(1) argstr = sprintf("%p", shmaddr_uaddr) } -probe nd_syscall.shmdt.return = kernel.function("sys_shmdt").return ? { +probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? { name = "shmdt" retstr = returnstr(1) } @@ -2569,7 +2569,7 @@ probe nd_syscall.shmdt.return = kernel.function("sys_shmdt").return ? { # size_t size, # int shmflg) # -probe nd_syscall.shmget = kernel.function("sys_shmget") ? { +probe nd_syscall.shmget = kprobe.function("sys_shmget") ? { name = "shmget" // key = $key // size = $size @@ -2581,7 +2581,7 @@ probe nd_syscall.shmget = kernel.function("sys_shmget") ? { shmflg = int_arg(3) argstr = sprintf("%d, %d, %d", key, size, shmflg) } -probe nd_syscall.shmget.return = kernel.function("sys_shmget").return ? { +probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? { name = "shmget" retstr = returnstr(1) } @@ -2590,7 +2590,7 @@ probe nd_syscall.shmget.return = kernel.function("sys_shmget").return ? { # # long sys_shutdown(int fd, int how) # -probe nd_syscall.shutdown = kernel.function("sys_shutdown") ? { +probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? { name = "shutdown" // s = $fd // how = $how @@ -2602,7 +2602,7 @@ probe nd_syscall.shutdown = kernel.function("sys_shutdown") ? { how_str = _shutdown_how_str(how) argstr = sprintf("%d, %s", s, how_str) } -probe nd_syscall.shutdown.return = kernel.function("sys_shutdown").return ? { +probe nd_syscall.shutdown.return = kprobe.function("sys_shutdown").return ? { name = "shutdown" retstr = returnstr(1) } @@ -2611,7 +2611,7 @@ probe nd_syscall.shutdown.return = kernel.function("sys_shutdown").return ? { # sys_sigaction(int sig, const struct old_sigaction __user *act, struct old_sigaction __user *oact) # sys32_sigaction(int sig, struct old_sigaction32 __user *act, struct old_sigaction32 __user *oact) # -probe nd_syscall.sigaction = kernel.function("sys_sigaction") ? { +probe nd_syscall.sigaction = kprobe.function("sys_sigaction") ? { name = "sigaction" // sig = $sig // act_uaddr = $act @@ -2623,11 +2623,11 @@ probe nd_syscall.sigaction = kernel.function("sys_sigaction") ? { oact_uaddr = pointer_arg(3) argstr = sprintf("%s, {%s}, %p", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr) } -probe nd_syscall.sigaction.return = kernel.function("sys_sigaction").return ? { +probe nd_syscall.sigaction.return = kprobe.function("sys_sigaction").return ? { name = "sigaction" retstr = returnstr(1) } -probe nd_syscall.sigaction32 = kernel.function("sys32_sigaction") ? { +probe nd_syscall.sigaction32 = kprobe.function("sys32_sigaction") ? { name = "sigaction" // sig = $sig // sact_uaddr = $act @@ -2639,7 +2639,7 @@ probe nd_syscall.sigaction32 = kernel.function("sys32_sigaction") ? { oact_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", _signal_name(sig), sact_uaddr, soact_uaddr) } -probe nd_syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? { +probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return ? { name = "sigaction" retstr = returnstr(1) } @@ -2647,7 +2647,7 @@ probe nd_syscall.sigaction32.return = kernel.function("sys32_sigaction").return # signal _____________________________________________________ # unsigned long sys_signal(int sig, __sighandler_t handler) # -probe nd_syscall.signal = kernel.function("sys_signal") ? { +probe nd_syscall.signal = kprobe.function("sys_signal") ? { name = "signal" // sig = $sig // handler = $handler @@ -2657,7 +2657,7 @@ probe nd_syscall.signal = kernel.function("sys_signal") ? { handler = pointer_arg(2) argstr = sprintf("%s, %s", _signal_name(sig), _sighandler_str(handler)) } -probe nd_syscall.signal.return = kernel.function("sys_signal").return ? { +probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? { name = "signal" retstr = returnstr(1) } @@ -2668,23 +2668,23 @@ probe nd_syscall.signal.return = kernel.function("sys_signal").return ? { # long compat_sys_signalfd(int ufd, const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe nd_syscall.signalfd = kernel.function("sys_signalfd") ? { +probe nd_syscall.signalfd = kprobe.function("sys_signalfd") ? { name = "signalfd" // argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) asmlinkage() argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), ulong_arg(3)) } -probe nd_syscall.signalfd.return = kernel.function("sys_signalfd").return ? { +probe nd_syscall.signalfd.return = kprobe.function("sys_signalfd").return ? { name = "signalfd" retstr = returnstr(1) } -probe nd_syscall.compat_signalfd = kernel.function("compat_sys_signalfd") ? { +probe nd_syscall.compat_signalfd = kprobe.function("compat_sys_signalfd") ? { name = "compat_signalfd" // argstr = sprintf("%d, %p, %d", $ufd, $sigmask, $sigsetsize) asmlinkage() argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), u32_arg(3)) } -probe nd_syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").return ? { +probe nd_syscall.compat_signalfd.return = kprobe.function("compat_sys_signalfd").return ? { name = "compat_signalfd" retstr = returnstr(1) } @@ -2692,13 +2692,13 @@ probe nd_syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd") # sigpending _________________________________________________ # long sys_sigpending(old_sigset_t __user *set) # -probe nd_syscall.sigpending = kernel.function("sys_sigpending") ? { +probe nd_syscall.sigpending = kprobe.function("sys_sigpending") ? { name = "sigpending" // argstr = sprintf("%p", $set) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sigpending.return = kernel.function("sys_sigpending").return ? { +probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? { name = "sigpending" retstr = returnstr(1) } @@ -2706,7 +2706,7 @@ probe nd_syscall.sigpending.return = kernel.function("sys_sigpending").return ? # sigprocmask ________________________________________________ # long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset) # -probe nd_syscall.sigprocmask = kernel.function("sys_sigprocmask") ? +probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ? { name = "sigprocmask" // how = $how @@ -2721,7 +2721,7 @@ probe nd_syscall.sigprocmask = kernel.function("sys_sigprocmask") ? oldset_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", how_str, set_uaddr, oldset_uaddr) } -probe nd_syscall.sigprocmask.return = kernel.function("sys_sigprocmask").return ? +probe nd_syscall.sigprocmask.return = kprobe.function("sys_sigprocmask").return ? { name = "sigprocmask" retstr = returnstr(1) @@ -2731,15 +2731,15 @@ probe nd_syscall.sigprocmask.return = kernel.function("sys_sigprocmask").return # int sys_sigreturn(unsigned long __unused) # probe nd_syscall.sigreturn = - kernel.function("sys_sigreturn") ?, - kernel.function("sys32_sigreturn") ? + kprobe.function("sys_sigreturn") ?, + kprobe.function("sys32_sigreturn") ? { name = "sigreturn" argstr = "" } probe nd_syscall.sigreturn.return = - kernel.function("sys_sigreturn").return ?, - kernel.function("sys32_sigreturn").return ? + kprobe.function("sys_sigreturn").return ?, + kprobe.function("sys32_sigreturn").return ? { name = "sigreturn" retstr = returnstr(1) @@ -2748,15 +2748,15 @@ probe nd_syscall.sigreturn.return = # sigsuspend _________________________________________________ # probe nd_syscall.sigsuspend = - kernel.function("sys_sigsuspend") ?, - kernel.function("sys32_sigsuspend") ? + kprobe.function("sys_sigsuspend") ?, + kprobe.function("sys32_sigsuspend") ? { name = "sigsuspend" argstr = "" } probe nd_syscall.sigsuspend.return = - kernel.function("sys_sigsuspend").return ?, - kernel.function("sys32_sigsuspend").return ? + kprobe.function("sys_sigsuspend").return ?, + kprobe.function("sys32_sigsuspend").return ? { name = "sigsuspend" retstr = returnstr(1) @@ -2765,7 +2765,7 @@ probe nd_syscall.sigsuspend.return = # socket _____________________________________________________ # long sys_socket(int family, int type, int protocol) # -probe nd_syscall.socket = kernel.function("sys_socket") ? { +probe nd_syscall.socket = kprobe.function("sys_socket") ? { name = "socket" // family = $family // type = $type @@ -2781,7 +2781,7 @@ probe nd_syscall.socket = kernel.function("sys_socket") ? { _sock_type_str(type), protocol) } -probe nd_syscall.socket.return = kernel.function("sys_socket").return ? { +probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? { name = "socket" retstr = returnstr(1) } @@ -2791,13 +2791,13 @@ probe nd_syscall.socket.return = kernel.function("sys_socket").return ? { # # long sys_socketcall(int call, unsigned long __user *args) # -#probe nd_syscall.socketcall = kernel.function("sys_socketcall") ? { +#probe nd_syscall.socketcall = kprobe.function("sys_socketcall") ? { # name = "socketcall" # call = $call # args_uaddr = $args # argstr = sprintf("%d, %p", $call, args_uaddr) #} -#probe nd_syscall.socketcall.return = kernel.function("sys_socketcall").return ? { +#probe nd_syscall.socketcall.return = kprobe.function("sys_socketcall").return ? { # name = "socketcall" # retstr = returnstr(1) #} @@ -2808,7 +2808,7 @@ probe nd_syscall.socket.return = kernel.function("sys_socket").return ? { # int protocol, # int __user *usockvec) # -probe nd_syscall.socketpair = kernel.function("sys_socketpair") ? { +probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? { name = "socketpair" // family = $family // type = $type @@ -2828,7 +2828,7 @@ probe nd_syscall.socketpair = kernel.function("sys_socketpair") ? { _sock_type_str(type), protocol, sv_uaddr) } -probe nd_syscall.socketpair.return = kernel.function("sys_socketpair").return ? { +probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? { name = "socketpair" retstr = returnstr(1) } @@ -2839,7 +2839,7 @@ probe nd_syscall.socketpair.return = kernel.function("sys_socketpair").return ? # int fd_out, loff_t __user *off_out, # size_t len, unsigned int flags) # -probe nd_syscall.splice = kernel.function("sys_splice") ? { +probe nd_syscall.splice = kprobe.function("sys_splice") ? { name = "splice" // argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", // $fd_in, $off_in, $fd_out, $off_out, $len, $flags) @@ -2847,7 +2847,7 @@ probe nd_syscall.splice = kernel.function("sys_splice") ? { argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), int_arg(3), pointer_arg(4), ulong_arg(5), uint_arg(6)) } -probe nd_syscall.splice.return = kernel.function("sys_splice").return ? { +probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? { name = "splice" retstr = returnstr(1) } @@ -2856,7 +2856,7 @@ probe nd_syscall.splice.return = kernel.function("sys_splice").return ? { # # long sys_ssetmask(int newmask) # -probe nd_syscall.ssetmask = kernel.function("sys_ssetmask") ? { +probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? { name = "ssetmask" // newmask = $newmask // argstr = sprint($newmask) @@ -2864,7 +2864,7 @@ probe nd_syscall.ssetmask = kernel.function("sys_ssetmask") ? { newmask = int_arg(1) argstr = sprint(newmask) } -probe nd_syscall.ssetmask.return = kernel.function("sys_ssetmask").return ? { +probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? { name = "ssetmask" retstr = returnstr(1) } @@ -2876,12 +2876,12 @@ probe nd_syscall.ssetmask.return = kernel.function("sys_ssetmask").return ? { # long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) probe nd_syscall.stat = - kernel.function("sys_stat") ?, - kernel.function("sys_newstat") ?, - kernel.function("sys32_stat64") ?, - kernel.function("sys_stat64") ?, - kernel.function("sys_oabi_stat64") ?, - kernel.function("compat_sys_newstat") ? + kprobe.function("sys_stat") ?, + kprobe.function("sys_newstat") ?, + kprobe.function("sys32_stat64") ?, + kprobe.function("sys_stat64") ?, + kprobe.function("sys_oabi_stat64") ?, + kprobe.function("compat_sys_newstat") ? { name = "stat" // filename_uaddr = $filename @@ -2895,12 +2895,12 @@ probe nd_syscall.stat = argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), buf_uaddr) } probe nd_syscall.stat.return = - kernel.function("sys_stat").return ?, - kernel.function("sys_newstat").return ?, - kernel.function("sys32_stat64").return ?, - kernel.function("sys_stat64").return ?, - kernel.function("sys_oabi_stat64").return ?, - kernel.function("compat_sys_newstat").return ? + kprobe.function("sys_stat").return ?, + kprobe.function("sys_newstat").return ?, + kprobe.function("sys32_stat64").return ?, + kprobe.function("sys_stat64").return ?, + kprobe.function("sys_oabi_stat64").return ?, + kprobe.function("compat_sys_newstat").return ? { name = "stat" retstr = returnstr(1) @@ -2911,8 +2911,8 @@ probe nd_syscall.stat.return = # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # probe nd_syscall.statfs = - kernel.function("sys_statfs"), - kernel.function("compat_sys_statfs") ? + kprobe.function("sys_statfs"), + kprobe.function("compat_sys_statfs") ? { name = "statfs" // path = user_string($path) @@ -2924,8 +2924,8 @@ probe nd_syscall.statfs = argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } probe nd_syscall.statfs.return = - kernel.function("sys_statfs").return, - kernel.function("compat_sys_statfs").return ? + kprobe.function("sys_statfs").return, + kprobe.function("compat_sys_statfs").return ? { name = "statfs" retstr = returnstr(1) @@ -2937,8 +2937,8 @@ probe nd_syscall.statfs.return = # long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) # probe nd_syscall.statfs64 = - kernel.function("sys_statfs64") ?, - kernel.function("compat_sys_statfs64") ? + kprobe.function("sys_statfs64") ?, + kprobe.function("compat_sys_statfs64") ? { name = "statfs" // path = user_string($path) @@ -2952,8 +2952,8 @@ probe nd_syscall.statfs64 = argstr = sprintf("%s, %d, %p", user_string_quoted(pointer_arg(1)), sz, buf_uaddr) } probe nd_syscall.statfs64.return = - kernel.function("sys_statfs64").return ?, - kernel.function("compat_sys_statfs64").return ? + kprobe.function("sys_statfs64").return ?, + kprobe.function("compat_sys_statfs64").return ? { name = "statfs" retstr = returnstr(1) @@ -2965,8 +2965,8 @@ probe nd_syscall.statfs64.return = # long compat_sys_stime(compat_time_t __user *tptr) # probe nd_syscall.stime = - kernel.function("sys_stime") ?, - kernel.function("compat_sys_stime") ? + kprobe.function("sys_stime") ?, + kprobe.function("compat_sys_stime") ? { name = "stime" // t_uaddr = $tptr @@ -2977,8 +2977,8 @@ probe nd_syscall.stime = argstr = sprintf("%p", t_uaddr) } probe nd_syscall.stime.return = - kernel.function("sys_stime").return ?, - kernel.function("compat_sys_stime").return ? + kprobe.function("sys_stime").return ?, + kprobe.function("compat_sys_stime").return ? { name = "stime" retstr = returnstr(1) @@ -2989,7 +2989,7 @@ probe nd_syscall.stime.return = # asmlinkage long # sys_swapoff(const char __user * specialfile) # -probe nd_syscall.swapoff = kernel.function("sys_swapoff")? { +probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? { name = "swapoff" // path = user_string($specialfile) // argstr = user_string_quoted($specialfile) @@ -2997,7 +2997,7 @@ probe nd_syscall.swapoff = kernel.function("sys_swapoff")? { path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.swapoff.return = kernel.function("sys_swapoff").return ? { +probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? { name = "swapoff" retstr = returnstr(1) } @@ -3007,7 +3007,7 @@ probe nd_syscall.swapoff.return = kernel.function("sys_swapoff").return ? { # sys_swapon(const char __user * specialfile, # int swap_flags) # -probe nd_syscall.swapon = kernel.function("sys_swapon") ? { +probe nd_syscall.swapon = kprobe.function("sys_swapon") ? { name = "swapon" // path = user_string($specialfile) // swapflags = $swap_flags @@ -3017,14 +3017,14 @@ probe nd_syscall.swapon = kernel.function("sys_swapon") ? { swapflags = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(pointer_arg(1)), swapflags) } -probe nd_syscall.swapon.return = kernel.function("sys_swapon").return ? { +probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? { name = "swapon" retstr = returnstr(1) } # symlink ____________________________________________________ # long sys_symlink(const char __user * oldname, # const char __user * newname) -probe nd_syscall.symlink = kernel.function("sys_symlink") { +probe nd_syscall.symlink = kprobe.function("sys_symlink") { name = "symlink" // oldpath = user_string($oldname) // newpath = user_string($newname) @@ -3036,7 +3036,7 @@ probe nd_syscall.symlink = kernel.function("sys_symlink") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.symlink.return = kernel.function("sys_symlink").return { +probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return { name = "symlink" retstr = returnstr(1) } @@ -3046,7 +3046,7 @@ probe nd_syscall.symlink.return = kernel.function("sys_symlink").return { # new function with 2.6.16 # long sys_symlinkat(const char __user *oldname, int newdfd, # const char __user *newname) -probe nd_syscall.symlinkat = kernel.function("sys_symlinkat") ? { +probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? { name = "symlinkat" // oldname = $oldname // oldname_str = user_string($oldname) @@ -3066,7 +3066,7 @@ probe nd_syscall.symlinkat = kernel.function("sys_symlinkat") ? { argstr = sprintf("%s, %s, %s", user_string_quoted(oldname), newdfd_str, user_string_quoted(newname)) } -probe nd_syscall.symlinkat.return = kernel.function("sys_symlinkat").return ? { +probe nd_syscall.symlinkat.return = kprobe.function("sys_symlinkat").return ? { name = "symlinkat" retstr = returnstr(1) } @@ -3076,11 +3076,11 @@ probe nd_syscall.symlinkat.return = kernel.function("sys_symlinkat").return ? { # # sys_sync(void) # -probe nd_syscall.sync = kernel.function("sys_sync") { +probe nd_syscall.sync = kprobe.function("sys_sync") { name = "sync" argstr = "" } -probe nd_syscall.sync.return = kernel.function("sys_sync").return { +probe nd_syscall.sync.return = kprobe.function("sys_sync").return { name = "sync" retstr = returnstr(1) } @@ -3090,8 +3090,8 @@ probe nd_syscall.sync.return = kernel.function("sys_sync").return { # long sys_sysctl(struct __sysctl_args __user *args) # probe nd_syscall.sysctl = - kernel.function("sys_sysctl") ?, - kernel.function("compat_sys_sysctl") ? + kprobe.function("sys_sysctl") ?, + kprobe.function("compat_sys_sysctl") ? { name = "sysctl" // argstr = sprintf("%p", $args) @@ -3099,8 +3099,8 @@ probe nd_syscall.sysctl = argstr = sprintf("%p", pointer_arg(1)) } probe nd_syscall.sysctl.return = - kernel.function("sys_sysctl").return ?, - kernel.function("compat_sys_sysctl").return ? + kprobe.function("sys_sysctl").return ?, + kprobe.function("compat_sys_sysctl").return ? { name = "sysctl" retstr = returnstr(1) @@ -3113,7 +3113,7 @@ probe nd_syscall.sysctl.return = # unsigned long arg1, # unsigned long arg2) # -probe nd_syscall.sysfs = kernel.function("sys_sysfs") { +probe nd_syscall.sysfs = kprobe.function("sys_sysfs") { name = "sysfs" // option = $option // arg1 = $arg1 @@ -3137,7 +3137,7 @@ probe nd_syscall.sysfs = kernel.function("sys_sysfs") { else argstr = sprintf("%d, %d, %d", option, arg1, arg2) } -probe nd_syscall.sysfs.return = kernel.function("sys_sysfs").return { +probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return { name = "sysfs" retstr = returnstr(1) } @@ -3146,8 +3146,8 @@ probe nd_syscall.sysfs.return = kernel.function("sys_sysfs").return { # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) probe nd_syscall.sysinfo = - kernel.function("sys_sysinfo"), - kernel.function("compat_sys_sysinfo") ? + kprobe.function("sys_sysinfo"), + kprobe.function("compat_sys_sysinfo") ? { name = "sysinfo" // info_uaddr = $info @@ -3157,8 +3157,8 @@ probe nd_syscall.sysinfo = argstr = sprintf("%p", info_uaddr) } probe nd_syscall.sysinfo.return = - kernel.function("sys_sysinfo").return, - kernel.function("compat_sys_sysinfo").return ? + kprobe.function("sys_sysinfo").return, + kprobe.function("compat_sys_sysinfo").return ? { name = "sysinfo" retstr = returnstr(1) @@ -3168,7 +3168,7 @@ probe nd_syscall.sysinfo.return = # # long sys_syslog(int type, char __user * buf, int len) # -probe nd_syscall.syslog = kernel.function("sys_syslog") { +probe nd_syscall.syslog = kprobe.function("sys_syslog") { name = "syslog" // type = $type // bufp_uaddr = $buf @@ -3180,7 +3180,7 @@ probe nd_syscall.syslog = kernel.function("sys_syslog") { len = int_arg(3) argstr = sprintf("%d, %p, %d", type, bufp_uaddr, len) } -probe nd_syscall.syslog.return = kernel.function("sys_syslog").return { +probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return { name = "syslog" retstr = returnstr(1) } @@ -3189,13 +3189,13 @@ probe nd_syscall.syslog.return = kernel.function("sys_syslog").return { # # long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) # -probe nd_syscall.tee = kernel.function("sys_tee") ? { +probe nd_syscall.tee = kprobe.function("sys_tee") ? { name = "tee" // argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) asmlinkage() argstr = sprintf("%d, %d, %d, 0x%x", int_arg(1), int_arg(2), ulong_arg(3), uint_arg(4)) } -probe nd_syscall.tee.return = kernel.function("sys_tee").return ? { +probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? { name = "tee" retstr = returnstr(1) } @@ -3207,7 +3207,7 @@ probe nd_syscall.tee.return = kernel.function("sys_tee").return ? { # int pid, # int sig) # -probe nd_syscall.tgkill = kernel.function("sys_tgkill") { +probe nd_syscall.tgkill = kprobe.function("sys_tgkill") { name = "tgkill" // tgid = $tgid // pid = $pid @@ -3219,7 +3219,7 @@ probe nd_syscall.tgkill = kernel.function("sys_tgkill") { sig = int_arg(3) argstr = sprintf("%d, %d, %s", tgid, pid, _signal_name(sig)) } -probe nd_syscall.tgkill.return = kernel.function("sys_tgkill").return { +probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return { name = "tgkill" retstr = returnstr(1) } @@ -3231,10 +3231,10 @@ probe nd_syscall.tgkill.return = kernel.function("sys_tgkill").return { # long compat_sys_time(compat_time_t __user * tloc) # probe nd_syscall.time = - kernel.function("sys_time")?, - kernel.function("sys32_time") ?, - kernel.function("sys_time64") ?, - kernel.function("compat_sys_time") ? + kprobe.function("sys_time")?, + kprobe.function("sys32_time") ?, + kprobe.function("sys_time64") ?, + kprobe.function("compat_sys_time") ? { name = "time" // t_uaddr = $tloc @@ -3244,10 +3244,10 @@ probe nd_syscall.time = argstr = sprintf("%p", t_uaddr) } probe nd_syscall.time.return = - kernel.function("sys_time").return?, - kernel.function("sys32_time").return ?, - kernel.function("sys_time64").return ?, - kernel.function("compat_sys_time").return ? + kprobe.function("sys_time").return?, + kprobe.function("sys32_time").return ?, + kprobe.function("sys_time64").return ?, + kprobe.function("compat_sys_time").return ? { name = "time" retstr = returnstr(1) @@ -3259,7 +3259,7 @@ probe nd_syscall.time.return = # struct sigevent __user *timer_event_spec, # timer_t __user * created_timer_id) # -probe nd_syscall.timer_create = kernel.function("sys_timer_create") { +probe nd_syscall.timer_create = kprobe.function("sys_timer_create") { name = "timer_create" // clockid = $which_clock // clockid_str = _get_wc_str($which_clock) @@ -3274,7 +3274,7 @@ probe nd_syscall.timer_create = kernel.function("sys_timer_create") { argstr = sprintf("%s, %p, %p", clockid_str, evp_uaddr, timerid_uaddr) } probe nd_syscall.timer_create.return = - kernel.function("sys_timer_create").return { + kprobe.function("sys_timer_create").return { name = "timer_create" retstr = returnstr(1) } @@ -3283,7 +3283,7 @@ probe nd_syscall.timer_create.return = # # long sys_timer_delete(timer_t timer_id) # -probe nd_syscall.timer_delete = kernel.function("sys_timer_delete") { +probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") { name = "timer_delete" // timerid = $timer_id // argstr = sprint($timer_id) @@ -3291,7 +3291,7 @@ probe nd_syscall.timer_delete = kernel.function("sys_timer_delete") { timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_delete.return = kernel.function("sys_timer_delete").return { +probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").return { name = "timer_delete" retstr = returnstr(1) } @@ -3300,7 +3300,7 @@ probe nd_syscall.timer_delete.return = kernel.function("sys_timer_delete").retur # # long sys_timer_getoverrun(timer_t timer_id) # -probe nd_syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { +probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") { name = "timer_getoverrun" // timerid = $timer_id // argstr = sprint($timer_id) @@ -3309,7 +3309,7 @@ probe nd_syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { argstr = sprint(timerid) } probe nd_syscall.timer_getoverrun.return = - kernel.function("sys_timer_getoverrun").return { + kprobe.function("sys_timer_getoverrun").return { name = "timer_getoverrun" retstr = returnstr(1) } @@ -3319,7 +3319,7 @@ probe nd_syscall.timer_getoverrun.return = # long sys_timer_gettime(timer_t timer_id, # struct itimerspec __user *setting) # -probe nd_syscall.timer_gettime = kernel.function("sys_timer_gettime") { +probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") { name = "timer_gettime" // timerid = $timer_id // value_uaddr = $setting @@ -3330,7 +3330,7 @@ probe nd_syscall.timer_gettime = kernel.function("sys_timer_gettime") { argstr = sprintf("%d, %p", timerid, value_uaddr) } probe nd_syscall.timer_gettime.return = - kernel.function("sys_timer_gettime").return { + kprobe.function("sys_timer_gettime").return { name = "timer_gettime" retstr = returnstr(1) } @@ -3342,7 +3342,7 @@ probe nd_syscall.timer_gettime.return = # const struct itimerspec __user *new_setting, # struct itimerspec __user *old_setting) # -probe nd_syscall.timer_settime = kernel.function("sys_timer_settime") { +probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") { name = "timer_settime" // timerid = $timer_id // flags = $flags @@ -3361,7 +3361,7 @@ probe nd_syscall.timer_settime = kernel.function("sys_timer_settime") { ovalue_uaddr) } probe nd_syscall.timer_settime.return = - kernel.function("sys_timer_settime").return { + kprobe.function("sys_timer_settime").return { name = "timer_settime" retstr = returnstr(1) } @@ -3374,8 +3374,8 @@ probe nd_syscall.timer_settime.return = # const struct compat_itimerspec __user *utmr) # probe nd_syscall.timerfd = - kernel.function("sys_timerfd") ?, - kernel.function("compat_sys_timerfd") ? + kprobe.function("sys_timerfd") ?, + kprobe.function("compat_sys_timerfd") ? { name = "timerfd" // argstr = sprintf("%d, %d, 0x%x", $ufd, $clockid, $flags) @@ -3383,8 +3383,8 @@ probe nd_syscall.timerfd = argstr = sprintf("%d, %d, 0x%x", int_arg(1), int_arg(2), int_arg(3)) } probe nd_syscall.timerfd.return = - kernel.function("sys_timerfd").return ?, - kernel.function("compat_sys_timerfd").return ? + kprobe.function("sys_timerfd").return ?, + kprobe.function("compat_sys_timerfd").return ? { name = "timerfd" retstr = returnstr(1) @@ -3395,8 +3395,8 @@ probe nd_syscall.timerfd.return = # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) probe nd_syscall.times = - kernel.function("sys_times") ?, - kernel.function("compat_sys_times") ? + kprobe.function("sys_times") ?, + kprobe.function("compat_sys_times") ? { name = "times" // argstr = sprintf("%p", $tbuf) @@ -3404,8 +3404,8 @@ probe nd_syscall.times = argstr = sprintf("%p", pointer_arg(1)) } probe nd_syscall.times.return = - kernel.function("sys_times").return ?, - kernel.function("compat_sys_times").return ? + kprobe.function("sys_times").return ?, + kprobe.function("compat_sys_times").return ? { name = "times" retstr = returnstr(1) @@ -3417,7 +3417,7 @@ probe nd_syscall.times.return = # sys_tkill(int pid, # int sig) # -probe nd_syscall.tkill = kernel.function("sys_tkill") { +probe nd_syscall.tkill = kprobe.function("sys_tkill") { name = "tkill" // pid = $pid // sig = $sig @@ -3427,7 +3427,7 @@ probe nd_syscall.tkill = kernel.function("sys_tkill") { sig = int_arg(2) argstr = sprintf("%d, %s", pid, _signal_name(sig)) } -probe nd_syscall.tkill.return = kernel.function("sys_tkill").return { +probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return { name = "tkill" retstr = returnstr(1) } @@ -3437,7 +3437,7 @@ probe nd_syscall.tkill.return = kernel.function("sys_tkill").return { # sys_truncate(const char __user * path, unsigned long length) # sys_truncate64(const char __user * path, loff_t length) # -probe nd_syscall.truncate = kernel.function("sys_truncate")?, kernel.function("sys_truncate64") ? { +probe nd_syscall.truncate = kprobe.function("sys_truncate")?, kprobe.function("sys_truncate64") ? { name = "truncate" // path_uaddr = $path // path = user_string($path) @@ -3452,7 +3452,7 @@ probe nd_syscall.truncate = kernel.function("sys_truncate")?, kernel.function("s length = longlong_arg(2) argstr = sprintf("%s, %d", user_string_quoted(path_uaddr), length) } -probe nd_syscall.truncate.return = kernel.function("sys_truncate").return ?, kernel.function("sys_truncate64").return ? { +probe nd_syscall.truncate.return = kprobe.function("sys_truncate").return ?, kprobe.function("sys_truncate64").return ? { name = "truncate" retstr = returnstr(1) } @@ -3460,7 +3460,7 @@ probe nd_syscall.truncate.return = kernel.function("sys_truncate").return ?, ker # tux ________________________________________________________ # long sys_tux (unsigned int action, user_req_t *u_info) # -probe nd_syscall.tux = kernel.function("sys_tux") ? { +probe nd_syscall.tux = kprobe.function("sys_tux") ? { name = "tux" // action = $action // u_info_uaddr = $u_info @@ -3471,7 +3471,7 @@ probe nd_syscall.tux = kernel.function("sys_tux") ? { u_info_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", action, u_info_uaddr) } -probe nd_syscall.tux.return = kernel.function("sys_tux").return ? { +probe nd_syscall.tux.return = kprobe.function("sys_tux").return ? { name = "tux" retstr = returnstr(1) } @@ -3479,7 +3479,7 @@ probe nd_syscall.tux.return = kernel.function("sys_tux").return ? { # umask ______________________________________________________ # long sys_umask(int mask) # -probe nd_syscall.umask = kernel.function("sys_umask") { +probe nd_syscall.umask = kprobe.function("sys_umask") { name = "umask" // mask = $mask // argstr = sprintf("%#o", $mask) @@ -3487,7 +3487,7 @@ probe nd_syscall.umask = kernel.function("sys_umask") { mask = int_arg(1) argstr = sprintf("%#o", mask) } -probe nd_syscall.umask.return = kernel.function("sys_umask").return { +probe nd_syscall.umask.return = kprobe.function("sys_umask").return { name = "umask" retstr = returnstr(3) } @@ -3495,7 +3495,7 @@ probe nd_syscall.umask.return = kernel.function("sys_umask").return { # umount _____________________________________________________ # long sys_umount(char __user * name, int flags) # -probe nd_syscall.umount = kernel.function("sys_umount") { +probe nd_syscall.umount = kprobe.function("sys_umount") { name = "umount" // target = user_string($name) // flags = $flags @@ -3507,7 +3507,7 @@ probe nd_syscall.umount = kernel.function("sys_umount") { flags_str = _umountflags_str(flags) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), flags_str) } -probe nd_syscall.umount.return = kernel.function("sys_umount").return { +probe nd_syscall.umount.return = kprobe.function("sys_umount").return { name = "umount" retstr = returnstr(1) } @@ -3520,11 +3520,11 @@ probe nd_syscall.umount.return = kernel.function("sys_umount").return { # long sys32_uname(struct old_utsname __user * name) # probe nd_syscall.uname = - kernel.function("sys_uname") ?, - kernel.function("sys_olduname") ?, - kernel.function("sys32_olduname") ?, - kernel.function("sys32_uname") ?, - kernel.function("sys_newuname") ? + kprobe.function("sys_uname") ?, + kprobe.function("sys_olduname") ?, + kprobe.function("sys32_olduname") ?, + kprobe.function("sys32_uname") ?, + kprobe.function("sys_newuname") ? { name = "uname" // argstr = sprintf("%p", $name) @@ -3539,11 +3539,11 @@ probe nd_syscall.uname = } probe nd_syscall.uname.return = - kernel.function("sys_uname").return ?, - kernel.function("sys_olduname").return ?, - kernel.function("sys32_olduname").return ?, - kernel.function("sys32_uname").return ?, - kernel.function("sys_newuname").return ? + kprobe.function("sys_uname").return ?, + kprobe.function("sys_olduname").return ?, + kprobe.function("sys32_olduname").return ?, + kprobe.function("sys32_uname").return ?, + kprobe.function("sys_newuname").return ? { name = "uname" retstr = returnstr(1) @@ -3552,7 +3552,7 @@ probe nd_syscall.uname.return = # unlink _____________________________________________________ # long sys_unlink(const char __user * pathname) # -probe nd_syscall.unlink = kernel.function("sys_unlink") { +probe nd_syscall.unlink = kprobe.function("sys_unlink") { name = "unlink" // pathname_uaddr = $pathname // pathname = user_string($pathname) @@ -3562,7 +3562,7 @@ probe nd_syscall.unlink = kernel.function("sys_unlink") { pathname = user_string(pathname_uaddr) argstr = user_string_quoted(pathname_uaddr) } -probe nd_syscall.unlink.return = kernel.function("sys_unlink").return { +probe nd_syscall.unlink.return = kprobe.function("sys_unlink").return { name = "unlink" retstr = returnstr(1) } @@ -3571,7 +3571,7 @@ probe nd_syscall.unlink.return = kernel.function("sys_unlink").return { # asmlinkage long # sys_uselib(const char __user * library) # -probe nd_syscall.uselib = kernel.function("sys_uselib") { +probe nd_syscall.uselib = kprobe.function("sys_uselib") { name = "uselib" // library_uaddr = $library // library = user_string($library) @@ -3581,14 +3581,14 @@ probe nd_syscall.uselib = kernel.function("sys_uselib") { library = user_string(library_uaddr) argstr = user_string_quoted(library_uaddr) } -probe nd_syscall.uselib.return = kernel.function("sys_uselib").return { +probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return { name = "uselib" retstr = returnstr(1) } # ustat ______________________________________________________ # long sys_ustat(unsigned dev, struct ustat __user * ubuf) # -probe nd_syscall.ustat = kernel.function("sys_ustat") { +probe nd_syscall.ustat = kprobe.function("sys_ustat") { name = "ustat" // dev = $dev // ubuf_uaddr = $ubuf @@ -3600,7 +3600,7 @@ probe nd_syscall.ustat = kernel.function("sys_ustat") { } #long sys32_ustat(unsigned dev, struct ustat32 __user *u32p) -probe nd_syscall.ustat32 = kernel.function("sys32_ustat") ? { +probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ? { name = "ustat" // dev = $dev // argstr = sprintf("%d, %p", $dev, $u32p) @@ -3610,8 +3610,8 @@ probe nd_syscall.ustat32 = kernel.function("sys32_ustat") ? { } probe nd_syscall.ustat.return = - kernel.function("sys_ustat").return, - kernel.function("sys32_ustat").return ? + kprobe.function("sys_ustat").return, + kprobe.function("sys32_ustat").return ? { name = "ustat" retstr = returnstr(1) @@ -3619,7 +3619,7 @@ probe nd_syscall.ustat.return = # utime ______________________________________________________ # long sys_utime(char __user * filename, struct utimbuf __user * times) -probe nd_syscall.utime = kernel.function("sys_utime") ? { +probe nd_syscall.utime = kprobe.function("sys_utime") ? { name = "utime" asmlinkage() filename_uaddr = pointer_arg(1) @@ -3630,13 +3630,13 @@ probe nd_syscall.utime = kernel.function("sys_utime") ? { argstr = sprintf("%s, [%s, %s]", filename, ctime(actime), ctime(modtime)) } -probe nd_syscall.utime.return = kernel.function("sys_utime").return ? { +probe nd_syscall.utime.return = kprobe.function("sys_utime").return ? { name = "utime" retstr = returnstr(1) } # long compat_sys_utime(char __user *filename, struct compat_utimbuf __user *t) -probe nd_syscall.compat_utime = kernel.function("compat_sys_utime") ? { +probe nd_syscall.compat_utime = kprobe.function("compat_sys_utime") ? { name = "utime" asmlinkage() filename_uaddr = pointer_arg(1) @@ -3647,7 +3647,7 @@ probe nd_syscall.compat_utime = kernel.function("compat_sys_utime") ? { argstr = sprintf("%s, [%s, %s]", filename, ctime(actime), ctime(modtime)) } -probe nd_syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? { +probe nd_syscall.compat_utime.return = kprobe.function("compat_sys_utime").return ? { name = "utime" retstr = returnstr(1) } @@ -3656,7 +3656,7 @@ probe nd_syscall.compat_utime.return = kernel.function("compat_sys_utime").retur # # long sys_utimes(char __user * filename, struct timeval __user * utimes) # -probe nd_syscall.utimes = kernel.function("sys_utimes") { +probe nd_syscall.utimes = kprobe.function("sys_utimes") { name = "utimes" // filename_uaddr = $filename // filename = user_string($filename) @@ -3670,7 +3670,7 @@ probe nd_syscall.utimes = kernel.function("sys_utimes") { argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr), _struct_timeval_u(tvp_uaddr, 2)) } -probe nd_syscall.utimes.return = kernel.function("sys_utimes").return { +probe nd_syscall.utimes.return = kprobe.function("sys_utimes").return { name = "utimes" retstr = returnstr(1) } @@ -3678,7 +3678,7 @@ probe nd_syscall.utimes.return = kernel.function("sys_utimes").return { # # long compat_sys_utimes(char __user *filename, struct compat_timeval __user *t) # -probe nd_syscall.compat_sys_utimes = kernel.function("compat_sys_utimes") ? { +probe nd_syscall.compat_sys_utimes = kprobe.function("compat_sys_utimes") ? { name = "utimes" // filename = user_string($filename) // argstr = sprintf("%s, %s", user_string_quoted($filename), @@ -3688,7 +3688,7 @@ probe nd_syscall.compat_sys_utimes = kernel.function("compat_sys_utimes") ? { argstr = sprintf("%s, %s", user_string_quoted(filename), _struct_compat_timeval_u(pointer_arg(2), 2)) } -probe nd_syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").return ? { +probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes").return ? { name = "utimes" retstr = returnstr(1) } @@ -3697,7 +3697,7 @@ probe nd_syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes") # long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) # -probe nd_syscall.utimensat = kernel.function("sys_utimensat") ? { +probe nd_syscall.utimensat = kprobe.function("sys_utimensat") ? { name = "utimensat" // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes,2), // _at_flag_str($flags)) @@ -3705,7 +3705,7 @@ probe nd_syscall.utimensat = kernel.function("sys_utimensat") ? { argstr = sprintf("%s, %s, %s, %s", _dfd_str(int_arg(1)), user_string_quoted(pointer_arg(2)), _struct_timespec_u(pointer_arg(3),2), _at_flag_str(int_arg(4))) } -probe nd_syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? { +probe nd_syscall.compat_utimensat = kprobe.function("compat_sys_utimensat") ? { name = "utimensat" // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t,2), // _at_flag_str($flags)) @@ -3713,11 +3713,11 @@ probe nd_syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? { argstr = sprintf("%s, %s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), _struct_compat_timespec_u(pointer_arg(3),2), _at_flag_str(int_arg(4))) } -probe nd_syscall.utimensat.return = kernel.function("sys_utimensat").return ? { +probe nd_syscall.utimensat.return = kprobe.function("sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) } -probe nd_syscall.compat_utimensat.return = kernel.function("compat_sys_utimensat").return ? { +probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) } @@ -3727,11 +3727,11 @@ probe nd_syscall.compat_utimensat.return = kernel.function("compat_sys_utimensa # asmlinkage long # sys_vhangup(void) # -probe nd_syscall.vhangup = kernel.function("sys_vhangup") { +probe nd_syscall.vhangup = kprobe.function("sys_vhangup") { name = "vhangup" argstr = "" } -probe nd_syscall.vhangup.return = kernel.function("sys_vhangup").return { +probe nd_syscall.vhangup.return = kprobe.function("sys_vhangup").return { name = "vhangup" retstr = returnstr(1) } @@ -3743,23 +3743,23 @@ probe nd_syscall.vhangup.return = kernel.function("sys_vhangup").return { # long compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32, # unsigned int nr_segs, unsigned int flags) # -probe nd_syscall.vmsplice = kernel.function("sys_vmsplice") ? { +probe nd_syscall.vmsplice = kprobe.function("sys_vmsplice") ? { name = "vmsplice" // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) asmlinkage() argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), ulong_arg(3), uint_arg(4)) } -probe nd_syscall.compat_vmsplice = kernel.function("compat_sys_vmsplice") ? { +probe nd_syscall.compat_vmsplice = kprobe.function("compat_sys_vmsplice") ? { name = "vmsplice" // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov32, $nr_segs, $flags) asmlinkage() argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), uint_arg(3), uint_arg(4)) } -probe nd_syscall.vmsplice.return = kernel.function("sys_vmsplice").return ? { +probe nd_syscall.vmsplice.return = kprobe.function("sys_vmsplice").return ? { name = "vmsplice" retstr = returnstr(1) } -probe nd_syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").return ? { +probe nd_syscall.compat_vmsplice.return = kprobe.function("compat_sys_vmsplice").return ? { name = "vmsplice" retstr = returnstr(1) } @@ -3771,7 +3771,7 @@ probe nd_syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice") # int options, # struct rusage __user *ru) # -probe nd_syscall.wait4 = kernel.function("sys_wait4") { +probe nd_syscall.wait4 = kprobe.function("sys_wait4") { name = "wait4" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) // status_uaddr = $stat_addr @@ -3790,7 +3790,7 @@ probe nd_syscall.wait4 = kernel.function("sys_wait4") { argstr = sprintf("%d, %p, %s, %p", pid, status_uaddr,_wait4_opt_str(options), rusage_uaddr) } -probe nd_syscall.wait4.return = kernel.function("sys_wait4").return { +probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return { name = "wait4" retstr = returnstr(1) } @@ -3802,7 +3802,7 @@ probe nd_syscall.wait4.return = kernel.function("sys_wait4").return { # int options, # struct rusage __user *ru) # -probe nd_syscall.waitid = kernel.function("sys_waitid") { +probe nd_syscall.waitid = kprobe.function("sys_waitid") { name = "waitid" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) // which = $which @@ -3825,7 +3825,7 @@ probe nd_syscall.waitid = kernel.function("sys_waitid") { argstr = sprintf("%d, %d, %p, %s, %p", which, pid, infop_uaddr, _waitid_opt_str(options), rusage_uaddr) } -probe nd_syscall.waitid.return = kernel.function("sys_waitid").return { +probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return { name = "waitid" retstr = returnstr(1) } @@ -3837,7 +3837,7 @@ probe nd_syscall.waitid.return = kernel.function("sys_waitid").return { # int options, # struct rusage __user *ru) # -probe nd_syscall.waitpid = kernel.function("sys_wait4") { +probe nd_syscall.waitpid = kprobe.function("sys_wait4") { name = "waitpid" pid = $pid status_uaddr = $stat_addr @@ -3847,7 +3847,7 @@ probe nd_syscall.waitpid = kernel.function("sys_wait4") { argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr, options_str, $ru) } -probe nd_syscall.waitpid.return = kernel.function("sys_wait4").return { +probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return { name = "waitpid" retstr = returnstr(1) } @@ -3859,7 +3859,7 @@ probe nd_syscall.waitpid.return = kernel.function("sys_wait4").return { # const char __user * buf, # size_t count) # -probe nd_syscall.write = kernel.function("sys_write") { +probe nd_syscall.write = kprobe.function("sys_write") { name = "write" // fd = $fd // buf_uaddr = $buf @@ -3872,7 +3872,7 @@ probe nd_syscall.write = kernel.function("sys_write") { argstr = sprintf("%d, %s, %d", fd, text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count) } -probe nd_syscall.write.return = kernel.function("sys_write").return { +probe nd_syscall.write.return = kprobe.function("sys_write").return { name = "write" retstr = returnstr(1) } @@ -3887,8 +3887,8 @@ probe nd_syscall.write.return = kernel.function("sys_write").return { # unsigned long vlen) # probe nd_syscall.writev = - kernel.function("sys_writev"), - kernel.function("compat_sys_writev") ? + kprobe.function("sys_writev"), + kprobe.function("compat_sys_writev") ? { name = "writev" // vector_uaddr = $vec @@ -3908,8 +3908,8 @@ probe nd_syscall.writev = } probe nd_syscall.writev.return = - kernel.function("sys_writev").return, - kernel.function("compat_sys_writev").return ? + kprobe.function("sys_writev").return, + kprobe.function("compat_sys_writev").return ? { name = "writev" retstr = returnstr(1) |