diff options
Diffstat (limited to 'runtime/probes/shellsnoop')
| -rw-r--r-- | runtime/probes/shellsnoop/Makefile | 21 | ||||
| -rwxr-xr-x | runtime/probes/shellsnoop/build | 2 | ||||
| -rw-r--r-- | runtime/probes/shellsnoop/shellsnoop.c | 12 | ||||
| -rw-r--r-- | runtime/probes/shellsnoop/targets | 1 |
4 files changed, 8 insertions, 28 deletions
diff --git a/runtime/probes/shellsnoop/Makefile b/runtime/probes/shellsnoop/Makefile deleted file mode 100644 index 74e35596..00000000 --- a/runtime/probes/shellsnoop/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile - -PWD := $(shell pwd) -RT := $(PWD)/../.. -KVERSION := $(shell uname -r) -KDIR := /lib/modules/$(KVERSION)/build include - -KALLSYMS_LOOKUP_NAME := 0x$(firstword $(shell grep " kallsyms_lookup_name" /boot/System.map-$(KVERSION))) -KALLSYMS_LOOKUP := 0x$(firstword $(shell grep " kallsyms_lookup$$" /boot/System.map-$(KVERSION))) -KTA := 0x$(firstword $(shell grep "__kernel_text_address" /boot/System.map-$(KVERSION))) - -EXTRA_CFLAGS := -I $(RT) -I $(RT)/relayfs -D KALLSYMS_LOOKUP_NAME=$(KALLSYMS_LOOKUP_NAME) -D KALLSYMS_LOOKUP=$(KALLSYMS_LOOKUP) -DKTA=$(KTA) - -obj-m := shellsnoop.o - - -default: - $(MAKE) V=1 -C $(KDIR) M=$(PWD) RT=$(RT) modules - -clean: - /bin/rm -rf *.o *.ko *~ *.mod.c .*.cmd .tmp_versions diff --git a/runtime/probes/shellsnoop/build b/runtime/probes/shellsnoop/build new file mode 100755 index 00000000..f3e83244 --- /dev/null +++ b/runtime/probes/shellsnoop/build @@ -0,0 +1,2 @@ +#!/bin/bash +../build_probe $* diff --git a/runtime/probes/shellsnoop/shellsnoop.c b/runtime/probes/shellsnoop/shellsnoop.c index 081ac700..86d2e54d 100644 --- a/runtime/probes/shellsnoop/shellsnoop.c +++ b/runtime/probes/shellsnoop/shellsnoop.c @@ -1,17 +1,14 @@ #define STP_NETLINK_ONLY #define STP_NUM_STRINGS 1 - #include "runtime.h" +#define NEED_INT64_VALS +#define NEED_STRING_VALS + #define KEY1_TYPE INT64 #include "map-keys.c" -#define VALUE_TYPE INT64 -#include "map-values.c" - -#define VALUE_TYPE STRING -#include "map-values.c" - +#include "map.c" #include "list.c" #include "copy.c" #include "probes.c" @@ -24,6 +21,7 @@ MAP pids, arglist ; int inst_do_execve (char * filename, char __user *__user *argv, char __user *__user *envp, struct pt_regs * regs) { struct map_node *ptr; + /* watch shells only */ /* FIXME: detect more shells, like csh, tcsh, zsh */ diff --git a/runtime/probes/shellsnoop/targets b/runtime/probes/shellsnoop/targets new file mode 100644 index 00000000..fdd0d724 --- /dev/null +++ b/runtime/probes/shellsnoop/targets @@ -0,0 +1 @@ +shellsnoop |