diff options
Diffstat (limited to 'runtime/docs/html/dir_000001.html')
| -rw-r--r-- | runtime/docs/html/dir_000001.html | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/runtime/docs/html/dir_000001.html b/runtime/docs/html/dir_000001.html deleted file mode 100644 index 3e97a453..00000000 --- a/runtime/docs/html/dir_000001.html +++ /dev/null @@ -1,89 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"> -<title>SystemTap: probes/shellsnoop/ Directory Reference</title> -<link href="doxygen.css" rel="stylesheet" type="text/css"> -</head><body> -<!-- Generated by Doxygen 1.4.1 --> -<div class="qindex"><a class="qindex" href="index.html">Main Page</a> | <a class="qindex" href="modules.html">Modules</a> | <a class="qindex" href="dirs.html">Directories</a> | <a class="qindex" href="files.html">File List</a> | <a class="qindex" href="globals.html">Globals</a> | <a class="qindex" href="pages.html">Related Pages</a></div> -<div class="nav"> -<a class="el" href="dir_000000.html">probes</a> / <a class="el" href="dir_000001.html">shellsnoop</a></div> -<h1>shellsnoop Directory Reference</h1>Snoops on what commands are being run by shells. -<a href="#_details">More...</a><table border="0" cellpadding="0" cellspacing="0"> -<tr><td></td></tr> -<tr><td colspan="2"><br><h2>Files</h2></td></tr> -<tr><td class="memItemLeft" nowrap align="right" valign="top">file </td><td class="memItemRight" valign="bottom"><b>dtr.c</b> <a href="shellsnoop_2dtr_8c-source.html">[code]</a></td></tr> - -<tr><td class="memItemLeft" nowrap align="right" valign="top">file </td><td class="memItemRight" valign="bottom"><b>dtr.mod.c</b> <a href="dtr_8mod_8c-source.html">[code]</a></td></tr> - -<tr><td class="memItemLeft" nowrap align="right" valign="top">file </td><td class="memItemRight" valign="bottom"><b>README</b> <a href="probes_2shellsnoop_2README-source.html">[code]</a></td></tr> - -</table> -<hr><a name="_details"></a><h2>Detailed Description</h2> -Snoops on what commands are being run by shells. -<p> -This is a translation of on an old dtr probe. It demonstrates maps, lists, and how to use <a class="el" href="group__copy.html#ga3">_stp_copy_argv_from_user()</a> and <a class="el" href="group__copy.html#ga0">_stp_strncpy_from_user()</a>.<p> -Original dtr source:<p> -<div class="fragment"><pre class="fragment"> -# shellsnoop.probe - snoop shell execution as it occurs. -# clone of dtrace shellsnoop example - -global { - long @pids[long]; -} - -probe do_execve:entry { - char __user *vstr; - char str[256]; - int len; - - /* watch shells only */ - /* FIXME: detect more shells, like csh, tcsh, zsh */ - - if (!strcmp(current->comm,"bash") || !strcmp(current->comm,"sh") || !strcmp(current->comm, "zsh") - || !strcmp(current->comm, "tcsh") || !strcmp(current->comm, "pdksh")) - { - dlog ("%d\t%d\t%d\t%s ", current->uid, current->pid, current->parent->pid, filename); - @pids[current->pid] = 1; - - /* print out argv, ignoring argv[0] */ - if (argv) argv++; - while (argv != NULL) - { - if (get_user (vstr, argv)) - break; - if (!vstr) - break; - len = dtr_strncpy_from_user(str, vstr, 256); - str[len] = 0; - printk ("%s ", str); - argv++; - } - printk ("\n"); - } -} - -# use filp_open because copy_from_user not needed there -probe filp_open:entry { - if (@pids[current->pid]) - dlog ("%d\t%d\t%s\tO %s\n", current->pid, current->parent->pid, current->comm, filename); -} - -probe sys_read:entry { - if (@pids[current->pid]) - dlog ("%d\t%d\t%s\tR %d\n", current->pid, current->parent->pid, current->comm, fd); -} - -probe sys_write:entry { - size_t len; - char str[256]; - if (@pids[current->pid]) - { - if (count < 64) len = count; - else len = 64; - if (len = dtr_strncpy_from_user(str, buf, len)) { - str[len] = 0; - dlog ("%d\t%d\t%s\tW %s\n", current->pid, current->parent->pid, current->comm, str); - } - } -} -</pre></div> </body></html> |