diff options
Diffstat (limited to 'runtime/probes/shellsnoop')
| -rw-r--r-- | runtime/probes/shellsnoop/shellsnoop.c | 10 | ||||
| -rwxr-xr-x | runtime/probes/shellsnoop/stp | 2 |
2 files changed, 5 insertions, 7 deletions
diff --git a/runtime/probes/shellsnoop/shellsnoop.c b/runtime/probes/shellsnoop/shellsnoop.c index db635d23..6c5458f5 100644 --- a/runtime/probes/shellsnoop/shellsnoop.c +++ b/runtime/probes/shellsnoop/shellsnoop.c @@ -1,6 +1,6 @@ -#define STP_NETLINK_ONLY +//#define STP_RELAYFS #define STP_NUM_STRINGS 1 - +#define STP_STRING_SIZE 8192 #include "runtime.h" #define NEED_INT64_VALS @@ -50,10 +50,10 @@ int inst_do_execve (char * filename, char __user *__user *argv, char __user *__u struct file * inst_filp_open (const char * filename, int flags, int mode) { _stp_map_key_int64 (pids, current->pid); - if (_stp_map_get_int64 (pids)) + if (_stp_map_get_int64 (pids)) { _stp_printf ("%d\t%d\t%s\tO %s\n", current->pid, current->parent->pid, current->comm, filename); - - _stp_print_flush(); + _stp_print_flush(); + } jprobe_return(); return 0; } diff --git a/runtime/probes/shellsnoop/stp b/runtime/probes/shellsnoop/stp deleted file mode 100755 index f3feee70..00000000 --- a/runtime/probes/shellsnoop/stp +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -source ../stp |