diff options
Diffstat (limited to 'tapset/nd_syscalls2.stp')
| -rw-r--r-- | tapset/nd_syscalls2.stp | 866 |
1 files changed, 575 insertions, 291 deletions
diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index 53c40453..49210012 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -28,7 +28,8 @@ # long compat_sys_nanosleep(struct compat_timespec __user *rqtp, # struct compat_timespec __user *rmtp) # -probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") +probe nd_syscall.nanosleep = kprobe.function("SyS_nanosleep") ?, + kprobe.function("sys_nanosleep") ? { name = "nanosleep" // req_uaddr = $rqtp @@ -39,7 +40,8 @@ probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") rem_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _struct_timespec_u(req_uaddr, 1), rem_uaddr) } -probe nd_syscall.nanosleep.return = kprobe.function("sys_nanosleep").return +probe nd_syscall.nanosleep.return = kprobe.function("SyS_nanosleep").return ?, + kprobe.function("sys_nanosleep").return ? { name = "nanosleep" retstr = returnstr(1) @@ -91,7 +93,8 @@ probe nd_syscall.nfsservctl.return = kprobe.function("sys_nfsservctl").return ?, # nice _______________________________________________________ # long sys_nice(int increment) # -probe nd_syscall.nice = kprobe.function("sys_nice") ? +probe nd_syscall.nice = kprobe.function("SyS_nice") ?, + kprobe.function("sys_nice") ? { name = "nice" // inc = $increment @@ -100,7 +103,8 @@ probe nd_syscall.nice = kprobe.function("sys_nice") ? inc = int_arg(1) argstr = sprintf("%d", inc) } -probe nd_syscall.nice.return = kprobe.function("sys_nice").return ? +probe nd_syscall.nice.return = kprobe.function("SyS_nice").return ?, + kprobe.function("sys_nice").return ? { name = "nice" retstr = returnstr(1) @@ -125,9 +129,10 @@ probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return # long sys_open(const char __user * filename, int flags, int mode) # (obsolete) long sys32_open(const char * filename, int flags, int mode) # -probe nd_syscall.open = kprobe.function("sys_open") ?, - kprobe.function("compat_sys_open") ?, - kprobe.function("sys32_open") ? +probe nd_syscall.open = kprobe.function("compat_sys_open") ?, + kprobe.function("sys32_open") ?, + kprobe.function("SyS_open") ?, + kprobe.function("sys_open") ? { name = "open" // filename = user_string($filename) @@ -150,9 +155,10 @@ probe nd_syscall.open = kprobe.function("sys_open") ?, argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _sys_open_flag_str(flags)) } -probe nd_syscall.open.return = kprobe.function("sys_open").return ?, - kprobe.function("compat_sys_open").return ?, +probe nd_syscall.open.return = kprobe.function("compat_sys_open").return ?, kprobe.function("sys32_open").return ? + kprobe.function("SyS_open").return ? + kprobe.function("sys_open").return ? { name = "open" retstr = returnstr(1) @@ -162,8 +168,9 @@ probe nd_syscall.open.return = kprobe.function("sys_open").return ?, # long sys_openat(int dfd, const char __user *filename, int flags, int mode) # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # -probe nd_syscall.openat = kprobe.function("sys_openat") ?, - kprobe.function("compat_sys_openat") ? +probe nd_syscall.openat = kprobe.function("compat_sys_openat") ?, + kprobe.function("SyS_openat") ?, + kprobe.function("sys_openat") ? { name = "openat" // filename = user_string($filename) @@ -190,8 +197,9 @@ probe nd_syscall.openat = kprobe.function("sys_openat") ?, user_string_quoted(pointer_arg(2)), _sys_open_flag_str(flags)) } -probe nd_syscall.openat.return = kprobe.function("sys_openat").return ?, - kprobe.function("compat_sys_openat").return ? +probe nd_syscall.openat.return = kprobe.function("compat_sys_openat").return ?, + kprobe.function("SyS_openat").return ?, + kprobe.function("sys_openat").return ? { name = "openat" retstr = returnstr(1) @@ -260,7 +268,7 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe nd_syscall.pciconfig_read.return = # kprobe.function("sys_pciconfig_read").return +#probe nd_syscall.pciconfig_read.return = kprobe.function("sys_pciconfig_read").return #{ # name = "pciconfig_read" # retstr = returnstr(1) @@ -287,7 +295,7 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe nd_syscall.pciconfig_write.return = # kprobe.function("sys_pciconfig_write").return +#probe nd_syscall.pciconfig_write.return = kprobe.function("sys_pciconfig_write").return #{ # name = "pciconfig_write" # retstr = returnstr(1) @@ -298,7 +306,8 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # asmlinkage long # sys_personality(u_long personality) # -probe nd_syscall.personality = kprobe.function("sys_personality") +probe nd_syscall.personality = kprobe.function("SyS_personality") ?, + kprobe.function("sys_personality") ? { name = "personality" // persona = $personality @@ -306,7 +315,8 @@ probe nd_syscall.personality = kprobe.function("sys_personality") persona = ulong_arg(1) argstr = sprintf("%p", persona); } -probe nd_syscall.personality.return = kprobe.function("sys_personality").return +probe nd_syscall.personality.return = kprobe.function("SyS_personality").return ?, + kprobe.function("sys_personality").return ? { name = "personality" retstr = returnstr(1) @@ -317,7 +327,8 @@ probe nd_syscall.personality.return = kprobe.function("sys_personality").return # asmlinkage int # sys_pipe(unsigned long __user * fildes) # -probe nd_syscall.pipe = kprobe.function("sys_pipe") +probe nd_syscall.pipe = kprobe.function("SyS_pipe") ?, + kprobe.function("sys_pipe") ? { name = "pipe" %( arch == "ia64" %? @@ -332,7 +343,8 @@ probe nd_syscall.pipe = kprobe.function("sys_pipe") %) } -probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return +probe nd_syscall.pipe.return = kprobe.function("SyS_pipe").return ?, + kprobe.function("sys_pipe").return ? { name = "pipe" retstr = returnstr(1) @@ -342,7 +354,8 @@ probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return # # long sys_pivot_root(const char __user *new_root, const char __user *put_old) # -probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") +probe nd_syscall.pivot_root = kprobe.function("SyS_pivot_root") ?, + kprobe.function("sys_pivot_root") ? { name = "pivot_root" // new_root_str = user_string($new_root) @@ -355,7 +368,8 @@ probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return +probe nd_syscall.pivot_root.return = kprobe.function("SyS_pivot_root").return ?, + kprobe.function("sys_pivot_root").return ? { name = "pivot_root" retstr = returnstr(1) @@ -365,7 +379,8 @@ probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return # # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) # -probe nd_syscall.poll = kprobe.function("sys_poll") +probe nd_syscall.poll = kprobe.function("SyS_poll") ?, + kprobe.function("sys_poll") ? { name = "poll" // ufds_uaddr = $ufds @@ -378,7 +393,8 @@ probe nd_syscall.poll = kprobe.function("sys_poll") timeout = long_arg(3) argstr = sprintf("%p, %d, %d", ufds_uaddr, nfds, timeout) } -probe nd_syscall.poll.return = kprobe.function("sys_poll").return +probe nd_syscall.poll.return = kprobe.function("SyS_poll").return ?, + kprobe.function("sys_poll").return ? { name = "poll" retstr = returnstr(1) @@ -390,7 +406,8 @@ probe nd_syscall.poll.return = kprobe.function("sys_poll").return # struct timespec __user *tsp, const sigset_t __user *sigmask, # size_t sigsetsize) # -probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? +probe nd_syscall.ppoll = kprobe.function("SyS_ppoll") ?, + kprobe.function("sys_ppoll") ? { name = "ppoll" // argstr = sprintf("%p, %d, %s, %p, %d", @@ -407,7 +424,8 @@ probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? pointer_arg(4), ulong_arg(5)) } -probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ? +probe nd_syscall.ppoll.return = kprobe.function("SyS_ppoll").return ?, + kprobe.function("sys_ppoll").return ? { name = "ppoll" retstr = returnstr(1) @@ -448,7 +466,8 @@ probe nd_syscall.compat_ppoll.return = kprobe.function("compat_sys_ppoll").retur # unsigned long arg4, # unsigned long arg5) # -probe nd_syscall.prctl = kprobe.function("sys_prctl") +probe nd_syscall.prctl = kprobe.function("SyS_prctl") ?, + kprobe.function("sys_prctl") ? { name = "prctl" // option = $option @@ -465,7 +484,8 @@ probe nd_syscall.prctl = kprobe.function("sys_prctl") argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3, arg4, arg5) } -probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return +probe nd_syscall.prctl.return = kprobe.function("SyS_prctl").return ?, + kprobe.function("sys_prctl").return ? { name = "prctl" retstr = returnstr(1) @@ -478,7 +498,8 @@ probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return # size_t count, # loff_t pos) # -probe nd_syscall.pread = kprobe.function("sys_pread64") +probe nd_syscall.pread = kprobe.function("SyS_pread64") ?, + kprobe.function("sys_pread64") ? { name = "pread" // fd = $fd @@ -493,7 +514,8 @@ probe nd_syscall.pread = kprobe.function("sys_pread64") offset = longlong_arg(4) argstr = sprintf("%d, %p, %d, %d", fd, buf_uaddr, count, offset) } -probe nd_syscall.pread.return = kprobe.function("sys_pread64").return +probe nd_syscall.pread.return = kprobe.function("SyS_pread64").return ?, + kprobe.function("sys_pread64").return ? { name = "pread" retstr = returnstr(1) @@ -504,7 +526,8 @@ probe nd_syscall.pread.return = kprobe.function("sys_pread64").return # long sys_pselect6(int n, fd_set __user *inp, fd_set __user *outp, # fd_set __user *exp, struct timespec __user *tsp, void __user *sig) # -probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? +probe nd_syscall.pselect6 = kprobe.function("SyS_pselect6") ?, + kprobe.function("sys_pselect6") ? { name = "pselect6" // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, @@ -513,7 +536,8 @@ probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_timespec_u(pointer_arg(5), 1), pointer_arg(6)) } -probe nd_syscall.pselect6.return = kprobe.function("sys_pselect6").return ? +probe nd_syscall.pselect6.return = kprobe.function("SyS_pselect6").return ?, + kprobe.function("sys_pselect6").return ? { name = "pselect6" retstr = returnstr(1) @@ -575,7 +599,8 @@ probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7") # long addr, # long data) # -probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? +probe nd_syscall.ptrace = kprobe.function("SyS_ptrace") ?, + kprobe.function("sys_ptrace") ? { name = "ptrace" // request = $request @@ -589,7 +614,8 @@ probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? data = long_arg(4) argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) } -probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? +probe nd_syscall.ptrace.return = kprobe.function("SyS_ptrace").return ?, + kprobe.function("sys_ptrace").return ? { name = "ptrace" retstr = returnstr(1) @@ -602,7 +628,8 @@ probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? # size_t count, # loff_t pos) # -probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") +probe nd_syscall.pwrite = kprobe.function("SyS_pwrite64") ?, + kprobe.function("sys_pwrite64") ? { name = "pwrite" // fd = $fd @@ -621,7 +648,8 @@ probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count, offset) } -probe nd_syscall.pwrite.return = kprobe.function("sys_pwrite64").return +probe nd_syscall.pwrite.return = kprobe.function("SyS_pwrite64").return ?, + kprobe.function("sys_pwrite64").return ? { name = "pwrite" retstr = returnstr(1) @@ -668,7 +696,8 @@ probe nd_syscall.pwrite32.return = kprobe.function("sys32_pwrite64").return ? # qid_t id, # void __user *addr) # -probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? +probe nd_syscall.quotactl = kprobe.function("SyS_quotactl") ?, + kprobe.function("sys_quotactl") ? { name = "quotactl" // cmd = $cmd @@ -687,7 +716,8 @@ probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? addr_uaddr = pointer_arg(4) argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, id, addr_uaddr) } -probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? +probe nd_syscall.quotactl.return = kprobe.function("SyS_quotactl").return ?, + kprobe.function("sys_quotactl").return ? { name = "quotactl" retstr = returnstr(1) @@ -695,7 +725,8 @@ probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) -probe nd_syscall.read = kprobe.function("sys_read") +probe nd_syscall.read = kprobe.function("SyS_read") ?, + kprobe.function("sys_read") ? { name = "read" // fd = $fd @@ -708,7 +739,8 @@ probe nd_syscall.read = kprobe.function("sys_read") count = ulong_arg(3) argstr = sprintf("%d, %p, %d", fd, buf_uaddr, count) } -probe nd_syscall.read.return = kprobe.function("sys_read").return +probe nd_syscall.read.return = kprobe.function("SyS_read").return ?, + kprobe.function("sys_read").return ? { name = "read" retstr = returnstr(1) @@ -721,7 +753,8 @@ probe nd_syscall.read.return = kprobe.function("sys_read").return # loff_t offset, # size_t count) # -probe nd_syscall.readahead = kprobe.function("sys_readahead") +probe nd_syscall.readahead = kprobe.function("SyS_readahead") ?, + kprobe.function("sys_readahead") ? { name = "readahead" // fd = $fd @@ -733,7 +766,8 @@ probe nd_syscall.readahead = kprobe.function("sys_readahead") count = ulong_arg(3) argstr = sprintf("%d, %p, %p", fd, offset, count) } -probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return +probe nd_syscall.readahead.return = kprobe.function("SyS_readahead").return ?, + kprobe.function("sys_readahead").return ? { name = "readahead" retstr = returnstr(1) @@ -765,7 +799,8 @@ probe nd_syscall.readdir.return = kprobe.function("compat_sys_old_readdir").retu # char __user * buf, # int bufsiz) # -probe nd_syscall.readlink = kprobe.function("sys_readlink") +probe nd_syscall.readlink = kprobe.function("SyS_readlink") ?, + kprobe.function("sys_readlink") ? { name = "readlink" // path = user_string($path) @@ -780,7 +815,8 @@ probe nd_syscall.readlink = kprobe.function("sys_readlink") argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)), buf_uaddr, bufsiz) } -probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return +probe nd_syscall.readlink.return = kprobe.function("SyS_readlink").return ?, + kprobe.function("sys_readlink").return ? { name = "readlink" retstr = returnstr(1) @@ -792,7 +828,8 @@ probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return # char __user * buf, # int bufsiz) # -probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? +probe nd_syscall.readlinkat = kprobe.function("SyS_readlinkat") ?, + kprobe.function("sys_readlinkat") ? { name = "readlinkat" //dfd = $dfd @@ -809,7 +846,8 @@ probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)), buf_uaddr, bufsiz) } -probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? +probe nd_syscall.readlinkat.return = kprobe.function("SyS_readlinkat").return ?, + kprobe.function("sys_readlinkat").return ? { name = "readlinkat" retstr = returnstr(1) @@ -824,8 +862,9 @@ probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? # const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.readv = kprobe.function("sys_readv"), - kprobe.function("compat_sys_readv") ? +probe nd_syscall.readv = kprobe.function("compat_sys_readv") ?, + kprobe.function("SyS_readv") ?, + kprobe.function("sys_readv") ? { name = "readv" // vector_uaddr = $vec @@ -843,8 +882,9 @@ probe nd_syscall.readv = kprobe.function("sys_readv"), fd = ulong_arg(1) argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.readv.return = kprobe.function("sys_readv").return, - kprobe.function("compat_sys_readv").return ? +probe nd_syscall.readv.return = kprobe.function("compat_sys_readv").return ?, + kprobe.function("SyS_readv").return ?, + kprobe.function("sys_readv").return ? { name = "readv" retstr = returnstr(1) @@ -857,7 +897,8 @@ probe nd_syscall.readv.return = kprobe.function("sys_readv").return, # unsigned int cmd, # void __user * arg) # -probe nd_syscall.reboot = kprobe.function("sys_reboot") +probe nd_syscall.reboot = kprobe.function("SyS_reboot") ?, + kprobe.function("sys_reboot") ? { name = "reboot" // magic = $magic1 @@ -880,7 +921,8 @@ probe nd_syscall.reboot = kprobe.function("sys_reboot") argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, flag_str, arg_uaddr) } -probe nd_syscall.reboot.return = kprobe.function("sys_reboot").return +probe nd_syscall.reboot.return = kprobe.function("SyS_reboot").return ?, + kprobe.function("sys_reboot").return ? { name = "reboot" retstr = returnstr(1) @@ -922,7 +964,8 @@ probe nd_syscall.recv.return = kprobe.function("sys_recv").return ? # struct sockaddr __user *addr, # int __user *addr_len) # -probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? +probe nd_syscall.recvfrom = kprobe.function("SyS_recvfrom") ?, + kprobe.function("sys_recvfrom") ? { name = "recvfrom" // s = $fd @@ -945,7 +988,8 @@ probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? argstr = sprintf("%d, %p, %d, %s, %p, %p", s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr) } -probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? +probe nd_syscall.recvfrom.return = kprobe.function("SyS_recvfrom").return ?, + kprobe.function("sys_recvfrom").return ? { name = "recvfrom" retstr = returnstr(1) @@ -957,7 +1001,8 @@ probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? # struct msghdr __user *msg, # unsigned int flags) # -probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? +probe nd_syscall.recvmsg = kprobe.function("SyS_recvmsg") ?, + kprobe.function("sys_recvmsg") ? { name = "recvmsg" // s = $fd @@ -972,7 +1017,8 @@ probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? flags_str = _recvflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, flags_str) } -probe nd_syscall.recvmsg.return = kprobe.function("sys_recvmsg").return ? +probe nd_syscall.recvmsg.return = kprobe.function("SyS_recvmsg").return ?, + kprobe.function("sys_recvmsg").return ? { name = "recvmsg" retstr = returnstr(1) @@ -1011,7 +1057,8 @@ probe nd_syscall.compat_sys_recvmsg.return = kprobe.function("compat_sys_recvmsg # unsigned long pgoff, # unsigned long flags) # -probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? +probe nd_syscall.remap_file_pages = kprobe.function("SyS_remap_file_pages") ?, + kprobe.function("sys_remap_file_pages") ? { name = "remap_file_pages" // start = $start @@ -1032,7 +1079,8 @@ probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? argstr = sprintf("%p, %p, %p, %p, %p", start, size, prot, pgoff, flags) } -probe nd_syscall.remap_file_pages.return = kprobe.function("sys_remap_file_pages").return ? +probe nd_syscall.remap_file_pages.return = kprobe.function("SyS_remap_file_pages").return ?, + kprobe.function("sys_remap_file_pages").return ? { name = "remap_file_pages" retstr = returnstr(1) @@ -1044,7 +1092,8 @@ probe nd_syscall.remap_file_pages.return = kprobe.function("sys_remap_file_pages # sys_removexattr(char __user *path, # char __user *name) # -probe nd_syscall.removexattr = kprobe.function("sys_removexattr") +probe nd_syscall.removexattr = kprobe.function("SyS_removexattr") ?, + kprobe.function("sys_removexattr") ? { name = "removexattr" // path = user_string($path) @@ -1057,7 +1106,8 @@ probe nd_syscall.removexattr = kprobe.function("sys_removexattr") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return +probe nd_syscall.removexattr.return = kprobe.function("SyS_removexattr").return ?, + kprobe.function("sys_removexattr").return ? { name = "removexattr" retstr = returnstr(1) @@ -1069,7 +1119,8 @@ probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return # sys_rename(const char __user * oldname, # const char __user * newname) # -probe nd_syscall.rename = kprobe.function("sys_rename") +probe nd_syscall.rename = kprobe.function("SyS_rename") ?, + kprobe.function("sys_rename") ? { name = "rename" // oldpath = user_string($oldname) @@ -1082,12 +1133,24 @@ probe nd_syscall.rename = kprobe.function("sys_rename") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.rename.return = kprobe.function("sys_rename").return +probe nd_syscall.rename.return = kprobe.function("SyS_rename").return ?, + kprobe.function("sys_rename").return ? { name = "rename" retstr = returnstr(1) } +# renameat ___________________________________________________ +# TODO +#probe nd_syscall.renameat = kprobe.function("SyS_renameat") ?, +# kprobe.function("sys_renameat") ? +#{ +#} +#probe nd_syscall.renameat.return = kprobe.function("SyS_renameat").return ?, +# kprobe.function("sys_renameat").return ? +#{ +#} + # request_key ________________________________________________ # # long sys_request_key(const char __user *_type, @@ -1096,7 +1159,8 @@ probe nd_syscall.rename.return = kprobe.function("sys_rename").return # key_serial_t destringid) # compat_sys_request_key() calls sys_request_key, so don't need probe there. # -probe nd_syscall.request_key = kprobe.function("sys_request_key") ? +probe nd_syscall.request_key = kprobe.function("SyS_request_key") ?, + kprobe.function("sys_request_key") ? { name = "request_key" // type_uaddr = $_type @@ -1111,7 +1175,8 @@ probe nd_syscall.request_key = kprobe.function("sys_request_key") ? destringid = u32_arg(4) argstr = sprintf("%p, %p, %p, %p", type_uaddr, description_uaddr, callout_info_uaddr, destringid) } -probe nd_syscall.request_key.return = kprobe.function("sys_request_key").return ? +probe nd_syscall.request_key.return = kprobe.function("SyS_request_key").return ?, + kprobe.function("sys_request_key").return ? { name = "request_key" retstr = returnstr(1) @@ -1138,7 +1203,8 @@ probe nd_syscall.restart_syscall.return = kprobe.function("sys_restart_syscall") # asmlinkage long # sys_rmdir(const char __user * pathname) # -probe nd_syscall.rmdir = kprobe.function("sys_rmdir") +probe nd_syscall.rmdir = kprobe.function("SyS_rmdir") ?, + kprobe.function("sys_rmdir") ? { name = "rmdir" // pathname = user_string($pathname) @@ -1147,7 +1213,8 @@ probe nd_syscall.rmdir = kprobe.function("sys_rmdir") pathname = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return +probe nd_syscall.rmdir.return = kprobe.function("SyS_rmdir").return ?, + kprobe.function("sys_rmdir").return ? { name = "rmdir" retstr = returnstr(1) @@ -1160,7 +1227,8 @@ probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return # struct sigaction __user *oact, # size_t sigsetsize) # -probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? +probe nd_syscall.rt_sigaction = kprobe.function("SyS_rt_sigaction") ?, + kprobe.function("sys_rt_sigaction") ? { name = "rt_sigaction" // sig = $sig @@ -1177,7 +1245,8 @@ probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? argstr = sprintf("%s, {%s}, %p, %d", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr, sigsetsize) } -probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").return ? +probe nd_syscall.rt_sigaction.return = kprobe.function("SyS_rt_sigaction").return ?, + kprobe.function("sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) @@ -1221,7 +1290,8 @@ probe nd_syscall.rt_sigaction32.return = kprobe.function("sys32_rt_sigaction").r # # long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) # -probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? +probe nd_syscall.rt_sigpending = kprobe.function("SyS_rt_sigpending") ?, + kprobe.function("sys_rt_sigpending") ? { name = "rt_sigpending" // set_uaddr = $set @@ -1232,7 +1302,8 @@ probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? sigsetsize = ulong_arg(2) argstr = sprintf("%p, %d", set_uaddr, sigsetsize) } -probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").return ? +probe nd_syscall.rt_sigpending.return = kprobe.function("SyS_rt_sigpending").return ?, + kprobe.function("sys_rt_sigpending").return ? { name = "rt_sigpending" retstr = returnstr(1) @@ -1245,6 +1316,7 @@ probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").ret # probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?, kprobe.function("compat_sys_rt_sigprocmask") ?, + kprobe.function("SyS_rt_sigprocmask") ?, kprobe.function("sys_rt_sigprocmask") ? { name = "rt_sigprocmask" @@ -1265,6 +1337,7 @@ probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?, } probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask").return ?, kprobe.function("compat_sys_rt_sigprocmask").return ?, + kprobe.function("SyS_rt_sigprocmask").return ?, kprobe.function("sys_rt_sigprocmask").return ? { name = "rt_sigprocmask" @@ -1275,7 +1348,8 @@ probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask") # # long sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo) # -probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") +probe nd_syscall.rt_sigqueueinfo = kprobe.function("SyS_rt_sigqueueinfo") ?, + kprobe.function("sys_rt_sigqueueinfo") ? { name = "rt_sigqueueinfo" // pid = $pid @@ -1288,7 +1362,8 @@ probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") uinfo_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, _signal_name(sig), uinfo_uaddr) } -probe nd_syscall.rt_sigqueueinfo.return = kprobe.function("sys_rt_sigqueueinfo").return +probe nd_syscall.rt_sigqueueinfo.return = kprobe.function("SyS_rt_sigqueueinfo").return ?, + kprobe.function("sys_rt_sigqueueinfo").return ? { name = "rt_sigqueueinfo" retstr = returnstr(1) @@ -1314,16 +1389,18 @@ probe nd_syscall.rt_sigreturn.return = kprobe.function("sys_rt_sigreturn").retur # # sys_rt_sigsuspend(struct pt_regs regs) # -probe nd_syscall.rt_sigsuspend = kprobe.function("sys_rt_sigsuspend") ?, - kprobe.function("compat_sys_rt_sigsuspend") ?, - kprobe.function("ia64_rt_sigsuspend") ? +probe nd_syscall.rt_sigsuspend = kprobe.function("compat_sys_rt_sigsuspend") ?, + kprobe.function("ia64_rt_sigsuspend") ?, + kprobe.function("SyS_rt_sigsuspend") ?, + kprobe.function("sys_rt_sigsuspend") ? { name = "rt_sigsuspend" argstr = "" } -probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").return ?, - kprobe.function("compat_sys_rt_sigsuspend").return ?, - kprobe.function("ia64_rt_sigsuspend").return ? +probe nd_syscall.rt_sigsuspend.return = kprobe.function("compat_sys_rt_sigsuspend").return ?, + kprobe.function("ia64_rt_sigsuspend").return ?, + kprobe.function("SyS_rt_sigsuspend").return ?, + kprobe.function("sys_rt_sigsuspend").return ? { name = "rt_sigsuspend" retstr = returnstr(1) @@ -1339,8 +1416,9 @@ probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").ret # struct compat_siginfo __user *uinfo, # struct compat_timespec __user *uts, compat_size_t sigsetsize) # -probe nd_syscall.rt_sigtimedwait = kprobe.function("sys_rt_sigtimedwait"), - kprobe.function("compat_sys_rt_sigtimedwait") ? +probe nd_syscall.rt_sigtimedwait = kprobe.function("compat_sys_rt_sigtimedwait") ?, + kprobe.function("SyS_rt_sigtimedwait") ?, + kprobe.function("sys_rt_sigtimedwait") ? { name = "rt_sigtimedwait" // uthese_uaddr = $uthese @@ -1358,8 +1436,9 @@ probe nd_syscall.rt_sigtimedwait = kprobe.function("sys_rt_sigtimedwait"), sigsetsize = u32_arg(4) argstr = sprintf("%p, %p, %p, %d", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize) } -probe nd_syscall.rt_sigtimedwait.return = kprobe.function("sys_rt_sigtimedwait").return, - kprobe.function("compat_sys_rt_sigtimedwait").return ? +probe nd_syscall.rt_sigtimedwait.return = kprobe.function("compat_sys_rt_sigtimedwait").return ?, + kprobe.function("SyS_rt_sigtimedwait").return ?, + kprobe.function("sys_rt_sigtimedwait").return ? { name = "rt_sigtimedwait" retstr = returnstr(1) @@ -1372,7 +1451,8 @@ probe nd_syscall.rt_sigtimedwait.return = kprobe.function("sys_rt_sigtimedwait") # unsigned int len, # unsigned long __user *user_mask_ptr) # -probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") +probe nd_syscall.sched_getaffinity = kprobe.function("SyS_sched_getaffinity") ?, + kprobe.function("sys_sched_getaffinity") ? { name = "sched_getaffinity" // pid = $pid @@ -1384,7 +1464,8 @@ probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") mask_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } -probe nd_syscall.sched_getaffinity.return = kprobe.function("sys_sched_getaffinity").return +probe nd_syscall.sched_getaffinity.return = kprobe.function("SyS_sched_getaffinity").return ?, + kprobe.function("sys_sched_getaffinity").return ? { name = "sched_getaffinity" retstr = returnstr(1) @@ -1396,7 +1477,8 @@ probe nd_syscall.sched_getaffinity.return = kprobe.function("sys_sched_getaffini # sys_sched_getparam(pid_t pid, # struct sched_param __user *param) # -probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") +probe nd_syscall.sched_getparam = kprobe.function("SyS_sched_getparam") ?, + kprobe.function("sys_sched_getparam") ? { name = "sched_getparam" // pid = $pid @@ -1406,7 +1488,8 @@ probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").return +probe nd_syscall.sched_getparam.return = kprobe.function("SyS_sched_getparam").return ?, + kprobe.function("sys_sched_getparam").return ? { name = "sched_getparam" retstr = returnstr(1) @@ -1417,7 +1500,8 @@ probe nd_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").r # asmlinkage long # sys_sched_get_priority_max(int policy) # -probe nd_syscall.sched_get_priority_max = kprobe.function("sys_sched_get_priority_max") +probe nd_syscall.sched_get_priority_max = kprobe.function("SyS_sched_get_priority_max") ?, + kprobe.function("sys_sched_get_priority_max") ? { name = "sched_get_priority_max" // policy = $policy @@ -1425,7 +1509,8 @@ probe nd_syscall.sched_get_priority_max = kprobe.function("sys_sched_get_priorit policy = int_arg(1) argstr = sprint(policy) } -probe nd_syscall.sched_get_priority_max.return = kprobe.function("sys_sched_get_priority_max").return +probe nd_syscall.sched_get_priority_max.return = kprobe.function("SyS_sched_get_priority_max").return ?, + kprobe.function("sys_sched_get_priority_max").return ? { name = "sched_get_priority_max" retstr = returnstr(1) @@ -1436,7 +1521,8 @@ probe nd_syscall.sched_get_priority_max.return = kprobe.function("sys_sched_get_ # asmlinkage long # sys_sched_get_priority_min(int policy) # -probe nd_syscall.sched_get_priority_min = kprobe.function("sys_sched_get_priority_min") +probe nd_syscall.sched_get_priority_min = kprobe.function("SyS_sched_get_priority_min") ?, + kprobe.function("sys_sched_get_priority_min") ? { name = "sched_get_priority_min" // policy = $policy @@ -1444,7 +1530,8 @@ probe nd_syscall.sched_get_priority_min = kprobe.function("sys_sched_get_priorit policy = int_arg(1) argstr = sprint(policy) } -probe nd_syscall.sched_get_priority_min.return = kprobe.function("sys_sched_get_priority_min").return +probe nd_syscall.sched_get_priority_min.return = kprobe.function("SyS_sched_get_priority_min").return ?, + kprobe.function("sys_sched_get_priority_min").return ? { name = "sched_get_priority_min" retstr = returnstr(1) @@ -1454,7 +1541,8 @@ probe nd_syscall.sched_get_priority_min.return = kprobe.function("sys_sched_get_ # # long sys_sched_getscheduler(pid_t pid) # -probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") +probe nd_syscall.sched_getscheduler = kprobe.function("SyS_sched_getscheduler") ?, + kprobe.function("sys_sched_getscheduler") ? { name = "sched_getscheduler" // pid = $pid @@ -1463,7 +1551,8 @@ probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") pid = int_arg(1) argstr = sprint(pid) } -probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getscheduler").return +probe nd_syscall.sched_getscheduler.return = kprobe.function("SyS_sched_getscheduler").return ?, + kprobe.function("sys_sched_getscheduler").return ? { name = "sched_getscheduler" retstr = returnstr(1) @@ -1473,7 +1562,8 @@ probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getsched # # long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) # -probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_interval") +probe nd_syscall.sched_rr_get_interval = kprobe.function("SyS_sched_rr_get_interval") ?, + kprobe.function("sys_sched_rr_get_interval") ? { name = "sched_rr_get_interval" // pid = $pid @@ -1484,7 +1574,8 @@ probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_inter tp_uaddr = pointer_arg(2) argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr, 1)) } -probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_get_interval").return +probe nd_syscall.sched_rr_get_interval.return = kprobe.function("SyS_sched_rr_get_interval").return ?, + kprobe.function("sys_sched_rr_get_interval").return ? { name = "sched_rr_get_interval" retstr = returnstr(1) @@ -1497,7 +1588,8 @@ probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_ge # FIXME: why the problem with x86_64? # %( arch != "x86_64" %? -probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") +probe nd_syscall.sched_setaffinity = kprobe.function("SyS_sched_setaffinity") ?, + kprobe.function("sys_sched_setaffinity") ? { name = "sched_setaffinity" // pid = $pid @@ -1511,7 +1603,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") argstr = sprintf("%d, %d, %p", pid, len, mask_uaddr) } %: -probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") +probe nd_syscall.sched_setaffinity = kprobe.function("SyS_sched_setaffinity") ?, + kprobe.function("sys_sched_setaffinity") ? { name = "sched_setaffinity" // pid = $pid @@ -1525,7 +1618,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") argstr = sprintf("%d, <unknown>, %p", pid, mask_uaddr) } %) -probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffinity").return +probe nd_syscall.sched_setaffinity.return = kprobe.function("SyS_sched_setaffinity").return ?, + kprobe.function("sys_sched_setaffinity").return ? { name = "sched_setaffinity" retstr = returnstr(1) @@ -1535,7 +1629,8 @@ probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffini # # long sys_sched_setparam(pid_t pid, struct sched_param __user *param) # -probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? +probe nd_syscall.sched_setparam = kprobe.function("SyS_sched_setparam") ?, + kprobe.function("sys_sched_setparam") ? { name = "sched_setparam" // pid = $pid @@ -1546,7 +1641,8 @@ probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").return ? +probe nd_syscall.sched_setparam.return = kprobe.function("SyS_sched_setparam").return ?, + kprobe.function("sys_sched_setparam").return ? { name = "sched_setparam" retstr = returnstr(1) @@ -1556,7 +1652,8 @@ probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").r # # long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) # -probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") ? +probe nd_syscall.sched_setscheduler = kprobe.function("SyS_sched_setscheduler") ?, + kprobe.function("sys_sched_setscheduler") ? { name = "sched_setscheduler" // pid = $pid @@ -1571,7 +1668,8 @@ probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") p_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, policy_str, p_uaddr) } -probe nd_syscall.sched_setscheduler.return = kprobe.function("sys_sched_setscheduler").return ? +probe nd_syscall.sched_setscheduler.return = kprobe.function("SyS_sched_setscheduler").return ?, + kprobe.function("sys_sched_setscheduler").return ? { name = "sched_setscheduler" retstr = returnstr(1) @@ -1598,7 +1696,8 @@ probe nd_syscall.sched_yield.return = kprobe.function("sys_sched_yield").return # fd_set __user *exp, # struct timeval __user *tvp) # -probe nd_syscall.select = kprobe.function("sys_select") +probe nd_syscall.select = kprobe.function("SyS_select") ?, + kprobe.function("sys_select") ? { name = "select" // n = $n @@ -1617,7 +1716,8 @@ probe nd_syscall.select = kprobe.function("sys_select") argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } -probe nd_syscall.select.return = kprobe.function("sys_select").return +probe nd_syscall.select.return = kprobe.function("SyS_select").return ?, + kprobe.function("sys_select").return ? { name = "select" retstr = returnstr(1) @@ -1659,7 +1759,8 @@ probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").ret # int cmd, # union semun arg) # -probe nd_syscall.semctl = kprobe.function("sys_semctl") ? +probe nd_syscall.semctl = kprobe.function("SyS_semctl") ?, + kprobe.function("sys_semctl") ? { name = "semctl" // semid = $semid @@ -1676,7 +1777,8 @@ probe nd_syscall.semctl = kprobe.function("sys_semctl") ? cmd = int_arg(3) argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) // ** jk done } -probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? +probe nd_syscall.semctl.return = kprobe.function("SyS_semctl").return ?, + kprobe.function("sys_semctl").return ? { name = "semctl" retstr = returnstr(1) @@ -1700,7 +1802,8 @@ probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? # semget _____________________________________________________ # long sys_semget (key_t key, int nsems, int semflg) # -probe nd_syscall.semget = kprobe.function("sys_semget") ? +probe nd_syscall.semget = kprobe.function("SyS_semget") ?, + kprobe.function("sys_semget") ? { name = "semget" // key = $key @@ -1713,7 +1816,8 @@ probe nd_syscall.semget = kprobe.function("sys_semget") ? semflg = int_arg(3) argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg)) } -probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? +probe nd_syscall.semget.return = kprobe.function("SyS_semget").return ?, + kprobe.function("sys_semget").return ? { name = "semget" retstr = returnstr(1) @@ -1725,7 +1829,8 @@ probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? # struct sembuf __user *tsops, # unsigned nsops) # -probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? +probe nd_syscall.semop = kprobe.function("SyS_semtimedop") ?, + kprobe.function("sys_semtimedop") ? { name = "semop" // semid = $semid @@ -1738,7 +1843,8 @@ probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? nsops = uint_arg(3) argstr = sprintf("%d, %p, %d", semid, tsops_uaddr, nsops) } -probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? +probe nd_syscall.semop.return = kprobe.function("SyS_semtimedop").return ?, + kprobe.function("sys_semtimedop").return ? { name = "semop" retstr = returnstr(1) @@ -1751,7 +1857,8 @@ probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? # unsigned nsops, # const struct timespec __user *timeout) # -probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? +probe nd_syscall.semtimedop = kprobe.function("SyS_semtimedop") ?, + kprobe.function("sys_semtimedop") ? { name = "semtimedop" // semid = $semid @@ -1768,7 +1875,8 @@ probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, _struct_timespec_u(timeout_uaddr, 1)) } -probe nd_syscall.semtimedop.return = kprobe.function("sys_semtimedop").return ? +probe nd_syscall.semtimedop.return = kprobe.function("SyS_semtimedop").return ?, + kprobe.function("sys_semtimedop").return ? { name = "semtimedop" retstr = returnstr(1) @@ -1809,7 +1917,8 @@ probe nd_syscall.compat_sys_semtimedop.return = kprobe.function("compat_sys_semt # size_t len, # unsigned flags) # -probe nd_syscall.send = kprobe.function("sys_send") ? +probe nd_syscall.send = kprobe.function("SyS_send") ?, + kprobe.function("sys_send") ? { name = "send" // s = $fd @@ -1826,7 +1935,8 @@ probe nd_syscall.send = kprobe.function("sys_send") ? flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) } -probe nd_syscall.send.return = kprobe.function("sys_send").return ? +probe nd_syscall.send.return = kprobe.function("SyS_send").return ?, + kprobe.function("sys_send").return ? { name = "send" retstr = returnstr(1) @@ -1839,7 +1949,9 @@ probe nd_syscall.send.return = kprobe.function("sys_send").return ? # off_t __user *offset, # size_t count) # -probe nd_syscall.sendfile = kprobe.function("sys_sendfile") ?, +probe nd_syscall.sendfile = kprobe.function("SyS_sendfile") ?, + kprobe.function("sys_sendfile") ?, + kprobe.function("SyS_sendfile64") ?, kprobe.function("sys_sendfile64") ? { name = "sendfile" @@ -1857,7 +1969,9 @@ probe nd_syscall.sendfile = kprobe.function("sys_sendfile") ?, argstr = sprintf("%d, %d, %p, %d", out_fd, in_fd, offset_uaddr, count) } -probe nd_syscall.sendfile.return = kprobe.function("sys_sendfile").return ?, +probe nd_syscall.sendfile.return = kprobe.function("SyS_sendfile").return ?, + kprobe.function("sys_sendfile").return ?, + kprobe.function("SyS_sendfile64").return ?, kprobe.function("sys_sendfile64").return ? { name = "sendfile" @@ -1868,7 +1982,8 @@ probe nd_syscall.sendfile.return = kprobe.function("sys_sendfile").return ?, # # long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) # -probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? +probe nd_syscall.sendmsg = kprobe.function("SyS_sendmsg") ?, + kprobe.function("sys_sendmsg") ? { name = "sendmsg" // s = $fd @@ -1883,7 +1998,8 @@ probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) } -probe nd_syscall.sendmsg.return = kprobe.function("sys_sendmsg").return ? +probe nd_syscall.sendmsg.return = kprobe.function("SyS_sendmsg").return ?, + kprobe.function("sys_sendmsg").return ? { name = "sendmsg" retstr = returnstr(1) @@ -1921,7 +2037,8 @@ probe nd_syscall.compat_sys_sendmsg.return = kprobe.function("compat_sys_sendmsg # struct sockaddr __user *addr, # int addr_len) # -probe nd_syscall.sendto = kprobe.function("sys_sendto") ? +probe nd_syscall.sendto = kprobe.function("SyS_sendto") ?, + kprobe.function("sys_sendto") ? { name = "sendto" // s = $fd @@ -1944,7 +2061,8 @@ probe nd_syscall.sendto = kprobe.function("sys_sendto") ? argstr = sprintf("%d, %p, %d, %s, %s, %d", s, buf_uaddr, len, flags_str, _struct_sockaddr_u(to_uaddr, tolen), tolen) } -probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? +probe nd_syscall.sendto.return = kprobe.function("SyS_sendto").return ?, + kprobe.function("sys_sendto").return ? { name = "sendto" retstr = returnstr(1) @@ -1956,7 +2074,8 @@ probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? # sys_setdomainname(char __user *name, # int len) # -probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") +probe nd_syscall.setdomainname = kprobe.function("SyS_setdomainname") ?, + kprobe.function("sys_setdomainname") ? { name = "setdomainname" // hostname_uaddr = $name @@ -1967,7 +2086,8 @@ probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") len = int_arg(2) argstr = sprintf("%p, %d", hostname_uaddr, len) } -probe nd_syscall.setdomainname.return = kprobe.function("sys_setdomainname").return +probe nd_syscall.setdomainname.return = kprobe.function("SyS_setdomainname").return ?, + kprobe.function("sys_setdomainname").return ? { name = "setdomainname" retstr = returnstr(1) @@ -1977,8 +2097,9 @@ probe nd_syscall.setdomainname.return = kprobe.function("sys_setdomainname").ret # long sys_setfsgid(gid_t gid) # long sys_setfsgid16(old_gid_t gid) # -probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?, - kprobe.function("sys_setfsgid16") ? +probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid16") ?, + kprobe.function("SyS_setfsgid") ?, + kprobe.function("sys_setfsgid") ? { name = "setfsgid" // fsgid = $gid @@ -1987,8 +2108,9 @@ probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?, fsgid = uint_arg(1) argstr = sprint(fsgid) } -probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?, - kprobe.function("sys_setfsgid16").return ? +probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid16").return ?, + kprobe.function("SyS_setfsgid").return ?, + kprobe.function("sys_setfsgid").return ? { name = "setfsgid" retstr = returnstr(1) @@ -1998,8 +2120,9 @@ probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?, # long sys_setfsuid(uid_t uid) # long sys_setfsuid16(old_uid_t uid) # -probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?, - kprobe.function("sys_setfsuid16") ? +probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid16") ?, + kprobe.function("SyS_setfsuid") ?, + kprobe.function("sys_setfsuid") ? { name = "setfsuid" // fsuid = $uid @@ -2008,8 +2131,9 @@ probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?, fsuid = uint_arg(1) argstr = sprint(fsuid) } -probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?, - kprobe.function("sys_setfsuid16").return ? +probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid16").return ?, + kprobe.function("SyS_setfsuid").return ?, + kprobe.function("sys_setfsuid").return ? { name = "setfsuid" retstr = returnstr(1) @@ -2020,8 +2144,9 @@ probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?, # long sys_setgid(gid_t gid) # long sys_setgid16(old_gid_t gid) # -probe nd_syscall.setgid = kprobe.function("sys_setgid") ?, - kprobe.function("sys_setgid16") ? +probe nd_syscall.setgid = kprobe.function("sys_setgid16") ?, + kprobe.function("SyS_setgid") ?, + kprobe.function("sys_setgid") ? { name = "setgid" // gid = $gid @@ -2030,8 +2155,9 @@ probe nd_syscall.setgid = kprobe.function("sys_setgid") ?, gid = uint_arg(1) argstr = sprint(gid) } -probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?, - kprobe.function("sys_setgid16").return ? +probe nd_syscall.setgid.return = kprobe.function("sys_setgid16").return ?, + kprobe.function("SyS_setgid").return ?, + kprobe.function("sys_setgid").return ? { name = "setgid" retstr = returnstr(1) @@ -2043,9 +2169,10 @@ probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?, # long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # -probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?, - kprobe.function("sys_setgroups16") ?, - kprobe.function("sys32_setgroups16") ? +probe nd_syscall.setgroups = kprobe.function("sys_setgroups16") ?, + kprobe.function("sys32_setgroups16") ?, + kprobe.function("SyS_setgroups") ?, + kprobe.function("sys_setgroups") ? { name = "setgroups" // size = $gidsetsize @@ -2056,9 +2183,10 @@ probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?, list_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", size, list_uaddr) } -probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?, - kprobe.function("sys_setgroups16").return ?, - kprobe.function("sys32_setgroups16").return ? +probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups16").return ?, + kprobe.function("sys32_setgroups16").return ?, + kprobe.function("SyS_setgroups").return ?, + kprobe.function("sys_setgroups").return ? { name = "setgroups" retstr = returnstr(1) @@ -2070,7 +2198,8 @@ probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?, # sys_sethostname(char __user *name, # int len) # -probe nd_syscall.sethostname = kprobe.function("sys_sethostname") +probe nd_syscall.sethostname = kprobe.function("SyS_sethostname") ?, + kprobe.function("sys_sethostname") ? { name = "sethostname" // hostname_uaddr = $name @@ -2083,7 +2212,8 @@ probe nd_syscall.sethostname = kprobe.function("sys_sethostname") len = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(hostname_uaddr), len) } -probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return +probe nd_syscall.sethostname.return = kprobe.function("SyS_sethostname").return ?, + kprobe.function("sys_sethostname").return ? { name = "sethostname" retstr = returnstr(1) @@ -2095,7 +2225,8 @@ probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return # struct itimerval __user *value, # struct itimerval __user *ovalue) # -probe nd_syscall.setitimer = kprobe.function("sys_setitimer") +probe nd_syscall.setitimer = kprobe.function("SyS_setitimer") ?, + kprobe.function("sys_setitimer") ? { name = "setitimer" // which = $which @@ -2110,7 +2241,8 @@ probe nd_syscall.setitimer = kprobe.function("sys_setitimer") argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_itimerval_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return +probe nd_syscall.setitimer.return = kprobe.function("SyS_setitimer").return ?, + kprobe.function("sys_setitimer").return ? { name = "setitimer" retstr = returnstr(1) @@ -2146,8 +2278,9 @@ probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer # unsigned long __user *nmask, # unsigned long maxnode) # -probe nd_syscall.set_mempolicy = kprobe.function("sys_set_mempolicy") ?, - kprobe.function("compat_sys_set_mempolicy") ? +probe nd_syscall.set_mempolicy = kprobe.function("compat_sys_set_mempolicy") ?, + kprobe.function("SyS_set_mempolicy") ?, + kprobe.function("sys_set_mempolicy") ? { name = "set_mempolicy" // mode = $mode @@ -2160,8 +2293,9 @@ probe nd_syscall.set_mempolicy = kprobe.function("sys_set_mempolicy") ?, maxnode = ulong_arg(3) argstr = sprintf("%d, %p, %d", mode, nmask_uaddr, maxnode) } -probe nd_syscall.set_mempolicy.return = kprobe.function("sys_set_mempolicy").return ?, - kprobe.function("compat_sys_set_mempolicy").return ? +probe nd_syscall.set_mempolicy.return = kprobe.function("compat_sys_set_mempolicy").return ?, + kprobe.function("SyS_set_mempolicy").return ?, + kprobe.function("sys_set_mempolicy").return ? { name = "set_mempolicy" retstr = returnstr(1) @@ -2173,7 +2307,8 @@ probe nd_syscall.set_mempolicy.return = kprobe.function("sys_set_mempolicy").ret # sys_setpgid(pid_t pid, # pid_t pgid) # -probe nd_syscall.setpgid = kprobe.function("sys_setpgid") +probe nd_syscall.setpgid = kprobe.function("SyS_setpgid") ?, + kprobe.function("sys_setpgid") ? { name = "setpgid" // pid = $pid @@ -2184,7 +2319,8 @@ probe nd_syscall.setpgid = kprobe.function("sys_setpgid") pgid = int_arg(2) argstr = sprintf("%d, %d", pid, pgid) } -probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return +probe nd_syscall.setpgid.return = kprobe.function("SyS_setpgid").return ?, + kprobe.function("sys_setpgid").return ? { name = "setpgid" retstr = returnstr(1) @@ -2197,7 +2333,8 @@ probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return # int who, # int niceval) # -probe nd_syscall.setpriority = kprobe.function("sys_setpriority") +probe nd_syscall.setpriority = kprobe.function("SyS_setpriority") ?, + kprobe.function("sys_setpriority") ? { name = "setpriority" // which = $which @@ -2212,7 +2349,8 @@ probe nd_syscall.setpriority = kprobe.function("sys_setpriority") prio = int_arg(3) argstr = sprintf("%s, %d, %d", which_str, who, prio) } -probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return +probe nd_syscall.setpriority.return = kprobe.function("SyS_setpriority").return ?, + kprobe.function("sys_setpriority").return ? { name = "setpriority" retstr = returnstr(1) @@ -2221,7 +2359,8 @@ probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return # setregid ___________________________________________________ # long sys_setregid(gid_t rgid, gid_t egid) # -probe nd_syscall.setregid = kprobe.function("sys_setregid") +probe nd_syscall.setregid = kprobe.function("SyS_setregid") ?, + kprobe.function("sys_setregid") ? { name = "setregid" // rgid = __int32($rgid) @@ -2231,7 +2370,8 @@ probe nd_syscall.setregid = kprobe.function("sys_setregid") egid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", rgid, egid) } -probe nd_syscall.setregid.return = kprobe.function("sys_setregid").return +probe nd_syscall.setregid.return = kprobe.function("SyS_setregid").return ?, + kprobe.function("sys_setregid").return ? { name = "setregid" retstr = returnstr(1) @@ -2259,7 +2399,8 @@ probe nd_syscall.setregid16.return = kprobe.function("sys_setregid16").return ? # setresgid __________________________________________________ # long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) # -probe nd_syscall.setresgid = kprobe.function("sys_setresgid") +probe nd_syscall.setresgid = kprobe.function("SyS_setresgid") ?, + kprobe.function("sys_setresgid") ? { name = "setresgid" // rgid = __int32($rgid) @@ -2271,7 +2412,8 @@ probe nd_syscall.setresgid = kprobe.function("sys_setresgid") sgid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe nd_syscall.setresgid.return = kprobe.function("sys_setresgid").return +probe nd_syscall.setresgid.return = kprobe.function("SyS_setresgid").return ?, + kprobe.function("sys_setresgid").return ? { name = "setresgid" retstr = returnstr(1) @@ -2305,7 +2447,8 @@ probe nd_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return # # long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) # -probe nd_syscall.setresuid = kprobe.function("sys_setresuid") +probe nd_syscall.setresuid = kprobe.function("SyS_setresuid") ?, + kprobe.function("sys_setresuid") ? { name = "setresuid" // ruid = __int32($ruid) @@ -2317,7 +2460,8 @@ probe nd_syscall.setresuid = kprobe.function("sys_setresuid") suid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe nd_syscall.setresuid.return = kprobe.function("sys_setresuid").return +probe nd_syscall.setresuid.return = kprobe.function("SyS_setresuid").return ?, + kprobe.function("sys_setresuid").return ? { name = "setresuid" retstr = returnstr(1) @@ -2348,7 +2492,8 @@ probe nd_syscall.setresuid16.return = kprobe.function("sys_setresuid16").return # setreuid ___________________________________________________ # long sys_setreuid(uid_t ruid, uid_t euid) # -probe nd_syscall.setreuid = kprobe.function("sys_setreuid") +probe nd_syscall.setreuid = kprobe.function("SyS_setreuid") ?, + kprobe.function("sys_setreuid") ? { name = "setreuid" // ruid = __int32($ruid) @@ -2358,7 +2503,8 @@ probe nd_syscall.setreuid = kprobe.function("sys_setreuid") euid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", ruid, euid) } -probe nd_syscall.setreuid.return = kprobe.function("sys_setreuid").return +probe nd_syscall.setreuid.return = kprobe.function("SyS_setreuid").return ?, + kprobe.function("sys_setreuid").return ? { name = "setreuid" retstr = returnstr(1) @@ -2389,7 +2535,8 @@ probe nd_syscall.setreuid16.return = kprobe.function("sys_setreuid16").return ? # sys_setrlimit(unsigned int resource, # struct rlimit __user *rlim) # -probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") +probe nd_syscall.setrlimit = kprobe.function("SyS_setrlimit") ?, + kprobe.function("sys_setrlimit") ? { name = "setrlimit" // resource = $resource @@ -2402,7 +2549,8 @@ probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") argstr = sprintf("%s, %s", _rlimit_resource_str(resource), _struct_rlimit_u(rlim_uaddr)) } -probe nd_syscall.setrlimit.return = kprobe.function("sys_setrlimit").return +probe nd_syscall.setrlimit.return = kprobe.function("SyS_setrlimit").return ?, + kprobe.function("sys_setrlimit").return ? { name = "setrlimit" retstr = returnstr(1) @@ -2431,8 +2579,9 @@ probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return # char __user *optval, # int optlen) # -probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?, - kprobe.function("compat_sys_setsockopt") ? +probe nd_syscall.setsockopt = kprobe.function("compat_sys_setsockopt") ?, + kprobe.function("SyS_setsockopt") ?, + kprobe.function("sys_setsockopt") ? { name = "setsockopt" // fd = $fd @@ -2455,8 +2604,9 @@ probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?, argstr = sprintf("%d, %s, %s, %p, %d", fd, level_str, optname_str, optval_uaddr, optlen) } -probe nd_syscall.setsockopt.return = kprobe.function("sys_setsockopt").return ?, - kprobe.function("compat_sys_setsockopt").return ? +probe nd_syscall.setsockopt.return = kprobe.function("compat_sys_setsockopt").return ?, + kprobe.function("SyS_setsockopt").return ?, + kprobe.function("sys_setsockopt").return ? { name = "setsockopt" retstr = returnstr(1) @@ -2467,7 +2617,8 @@ probe nd_syscall.setsockopt.return = kprobe.function("sys_setsockopt").return ?, # asmlinkage long # sys_set_tid_address(int __user *tidptr) # -probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") +probe nd_syscall.set_tid_address = kprobe.function("SyS_set_tid_address") ?, + kprobe.function("sys_set_tid_address") ? { name = "set_tid_address" // tidptr_uaddr = $tidptr @@ -2475,7 +2626,8 @@ probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") tidptr_uaddr = pointer_arg(1) argstr = sprintf("%p", tidptr_uaddr) } -probe nd_syscall.set_tid_address.return = kprobe.function("sys_set_tid_address").return +probe nd_syscall.set_tid_address.return = kprobe.function("SyS_set_tid_address").return ?, + kprobe.function("sys_set_tid_address").return ? { name = "set_tid_address" retstr = returnstr(1) @@ -2486,7 +2638,8 @@ probe nd_syscall.set_tid_address.return = kprobe.function("sys_set_tid_address") # long sys_settimeofday(struct timeval __user *tv, # struct timezone __user *tz) # -probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") +probe nd_syscall.settimeofday = kprobe.function("SyS_settimeofday") ?, + kprobe.function("sys_settimeofday") ? { name = "settimeofday" // ttv_uaddr = $tv @@ -2497,7 +2650,8 @@ probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") tz_uaddr = pointer_arg(2) argstr = sprintf("%s, %s", _struct_timeval_u(tv_uaddr, 1), _struct_timezone_u(tz_uaddr)) } -probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").return +probe nd_syscall.settimeofday.return = kprobe.function("SyS_settimeofday").return ?, + kprobe.function("sys_settimeofday").return ? { name = "settimeofday" retstr = returnstr(1) @@ -2531,7 +2685,8 @@ probe nd_syscall.settimeofday32.return = kprobe.function("sys32_settimeofday").r # long sys_setuid16(old_uid_t uid) # probe nd_syscall.setuid = kprobe.function("sys_setuid16") ?, - kprobe.function("sys_setuid") + kprobe.function("SyS_setuid") ?, + kprobe.function("sys_setuid") ? { name = "setuid" // uid = $uid @@ -2541,7 +2696,8 @@ probe nd_syscall.setuid = kprobe.function("sys_setuid16") ?, argstr = sprint(uid) } probe nd_syscall.setuid.return = kprobe.function("sys_setuid16").return ?, - kprobe.function("sys_setuid").return + kprobe.function("SyS_setuid").return ?, + kprobe.function("sys_setuid").return ? { name = "setuid" retstr = returnstr(1) @@ -2554,7 +2710,8 @@ probe nd_syscall.setuid.return = kprobe.function("sys_setuid16").return ?, # size_t size, # int flags) # -probe nd_syscall.setxattr = kprobe.function("sys_setxattr") +probe nd_syscall.setxattr = kprobe.function("SyS_setxattr") ?, + kprobe.function("sys_setxattr") ? { name = "setxattr" // path_uaddr = $path @@ -2581,7 +2738,8 @@ probe nd_syscall.setxattr = kprobe.function("sys_setxattr") user_string_quoted(name_uaddr), value_uaddr, size, flags) } -probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return +probe nd_syscall.setxattr.return = kprobe.function("SyS_setxattr").return ?, + kprobe.function("sys_setxattr").return ? { name = "setxattr" retstr = returnstr(1) @@ -2591,7 +2749,7 @@ probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return # # sys_sgetmask(void) # -probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask")? +probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask") ? { name = "sgetmask" argstr = "" @@ -2606,7 +2764,8 @@ probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ? # # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # -probe nd_syscall.shmat = kprobe.function("sys_shmat") ? +probe nd_syscall.shmat = kprobe.function("SyS_shmat") ?, + kprobe.function("sys_shmat") ? { name = "shmat" // shmid = $shmid @@ -2619,7 +2778,8 @@ probe nd_syscall.shmat = kprobe.function("sys_shmat") ? shmflg = int_arg(3) argstr = sprintf("%d, %p, %s", shmid, shmaddr_uaddr, _shmat_flags_str(shmflg)) } -probe nd_syscall.shmat.return = kprobe.function("sys_shmat").return ? +probe nd_syscall.shmat.return = kprobe.function("SyS_shmat").return ?, + kprobe.function("sys_shmat").return ? { name = "shmat" retstr = returnstr(1) @@ -2645,7 +2805,7 @@ probe nd_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ? uptr_uaddr = pointer_arg(5) argstr = sprintf("%d, %d, %d, %d, %p", first, second, third, int_arg(4), uptr_uaddr) } -probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? +probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? { name = "compat_sys_shmat" retstr = returnstr(1) @@ -2657,7 +2817,8 @@ probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").r # int cmd, # struct shmid_ds __user *buf) # -probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? +probe nd_syscall.shmctl = kprobe.function("SyS_shmctl") ?, + kprobe.function("sys_shmctl") ? { name = "shmctl" // shmid = $shmid @@ -2670,7 +2831,8 @@ probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", shmid, _semctl_cmd(cmd), buf_uaddr) } -probe nd_syscall.shmctl.return = kprobe.function("sys_shmctl").return ? +probe nd_syscall.shmctl.return = kprobe.function("SyS_shmctl").return ?, + kprobe.function("sys_shmctl").return ? { name = "shmctl" retstr = returnstr(1) @@ -2703,7 +2865,8 @@ probe nd_syscall.compat_sys_shmctl.return = kprobe.function("compat_sys_shmctl") # # long sys_shmdt(char __user *shmaddr) # -probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? +probe nd_syscall.shmdt = kprobe.function("SyS_shmdt") ?, + kprobe.function("sys_shmdt") ? { name = "shmdt" // shmaddr_uaddr = $shmaddr @@ -2712,7 +2875,8 @@ probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? shmaddr_uaddr = pointer_arg(1) argstr = sprintf("%p", shmaddr_uaddr) } -probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? +probe nd_syscall.shmdt.return = kprobe.function("SyS_shmdt").return ?, + kprobe.function("sys_shmdt").return ? { name = "shmdt" retstr = returnstr(1) @@ -2724,7 +2888,8 @@ probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? # size_t size, # int shmflg) # -probe nd_syscall.shmget = kprobe.function("sys_shmget") ? +probe nd_syscall.shmget = kprobe.function("SyS_shmget") ?, + kprobe.function("sys_shmget") ? { name = "shmget" // key = $key @@ -2737,7 +2902,8 @@ probe nd_syscall.shmget = kprobe.function("sys_shmget") ? shmflg = int_arg(3) argstr = sprintf("%d, %d, %d", key, size, shmflg) } -probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? +probe nd_syscall.shmget.return = kprobe.function("SyS_shmget").return ?, + kprobe.function("sys_shmget").return ? { name = "shmget" retstr = returnstr(1) @@ -2747,7 +2913,8 @@ probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? # # long sys_shutdown(int fd, int how) # -probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? +probe nd_syscall.shutdown = kprobe.function("SyS_shutdown") ?, + kprobe.function("sys_shutdown") ? { name = "shutdown" // s = $fd @@ -2760,7 +2927,8 @@ probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? how_str = _shutdown_how_str(how) argstr = sprintf("%d, %s", s, how_str) } -probe nd_syscall.shutdown.return = kprobe.function("sys_shutdown").return ? +probe nd_syscall.shutdown.return = kprobe.function("SyS_shutdown").return ?, + kprobe.function("sys_shutdown").return ? { name = "shutdown" retstr = returnstr(1) @@ -2810,7 +2978,8 @@ probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return # signal _____________________________________________________ # unsigned long sys_signal(int sig, __sighandler_t handler) # -probe nd_syscall.signal = kprobe.function("sys_signal") ? +probe nd_syscall.signal = kprobe.function("SyS_signal") ?, + kprobe.function("sys_signal") ? { name = "signal" // sig = $sig @@ -2821,7 +2990,8 @@ probe nd_syscall.signal = kprobe.function("sys_signal") ? handler = pointer_arg(2) argstr = sprintf("%s, %s", _signal_name(sig), _sighandler_str(handler)) } -probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? +probe nd_syscall.signal.return = kprobe.function("SyS_signal").return ?, + kprobe.function("sys_signal").return ? { name = "signal" retstr = returnstr(1) @@ -2833,14 +3003,16 @@ probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? # long compat_sys_signalfd(int ufd, const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe nd_syscall.signalfd = kprobe.function("sys_signalfd") ? +probe nd_syscall.signalfd = kprobe.function("SyS_signalfd") ?, + kprobe.function("sys_signalfd") ? { name = "signalfd" // argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) asmlinkage() argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), ulong_arg(3)) } -probe nd_syscall.signalfd.return = kprobe.function("sys_signalfd").return ? +probe nd_syscall.signalfd.return = kprobe.function("SyS_signalfd").return ?, + kprobe.function("sys_signalfd").return ? { name = "signalfd" retstr = returnstr(1) @@ -2861,14 +3033,16 @@ probe nd_syscall.compat_signalfd.return = kprobe.function("compat_sys_signalfd") # sigpending _________________________________________________ # long sys_sigpending(old_sigset_t __user *set) # -probe nd_syscall.sigpending = kprobe.function("sys_sigpending") ? +probe nd_syscall.sigpending = kprobe.function("SyS_sigpending") ?, + kprobe.function("sys_sigpending") ? { name = "sigpending" // argstr = sprintf("%p", $set) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? +probe nd_syscall.sigpending.return = kprobe.function("SyS_sigpending").return ?, + kprobe.function("sys_sigpending").return ? { name = "sigpending" retstr = returnstr(1) @@ -2877,7 +3051,8 @@ probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? # sigprocmask ________________________________________________ # long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset) # -probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ? +probe nd_syscall.sigprocmask = kprobe.function("SyS_sigprocmask") ?, + kprobe.function("sys_sigprocmask") ? { name = "sigprocmask" // how = $how @@ -2892,7 +3067,8 @@ probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ? oldset_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", how_str, set_uaddr, oldset_uaddr) } -probe nd_syscall.sigprocmask.return = kprobe.function("sys_sigprocmask").return ? +probe nd_syscall.sigprocmask.return = kprobe.function("SyS_sigprocmask").return ?, + kprobe.function("sys_sigprocmask").return ? { name = "sigprocmask" retstr = returnstr(1) @@ -2932,7 +3108,8 @@ probe nd_syscall.sigsuspend.return = kprobe.function("sys_sigsuspend").return ?, # socket _____________________________________________________ # long sys_socket(int family, int type, int protocol) # -probe nd_syscall.socket = kprobe.function("sys_socket") ? +probe nd_syscall.socket = kprobe.function("SyS_socket") ?, + kprobe.function("sys_socket") ? { name = "socket" // family = $family @@ -2949,7 +3126,8 @@ probe nd_syscall.socket = kprobe.function("sys_socket") ? _sock_type_str(type), protocol) } -probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? +probe nd_syscall.socket.return = kprobe.function("SyS_socket").return ?, + kprobe.function("sys_socket").return ? { name = "socket" retstr = returnstr(1) @@ -2979,7 +3157,8 @@ probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? # int protocol, # int __user *usockvec) # -probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? +probe nd_syscall.socketpair = kprobe.function("SyS_socketpair") ?, + kprobe.function("sys_socketpair") ? { name = "socketpair" // family = $family @@ -3000,7 +3179,8 @@ probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? _sock_type_str(type), protocol, sv_uaddr) } -probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? +probe nd_syscall.socketpair.return = kprobe.function("SyS_socketpair").return ?, + kprobe.function("sys_socketpair").return ? { name = "socketpair" retstr = returnstr(1) @@ -3012,7 +3192,8 @@ probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? # int fd_out, loff_t __user *off_out, # size_t len, unsigned int flags) # -probe nd_syscall.splice = kprobe.function("sys_splice") ? +probe nd_syscall.splice = kprobe.function("SyS_splice") ?, + kprobe.function("sys_splice") ? { name = "splice" // argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", @@ -3021,7 +3202,8 @@ probe nd_syscall.splice = kprobe.function("sys_splice") ? argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), int_arg(3), pointer_arg(4), ulong_arg(5), uint_arg(6)) } -probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? +probe nd_syscall.splice.return = kprobe.function("SyS_splice").return ?, + kprobe.function("sys_splice").return ? { name = "splice" retstr = returnstr(1) @@ -3031,7 +3213,8 @@ probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? # # long sys_ssetmask(int newmask) # -probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? +probe nd_syscall.ssetmask = kprobe.function("SyS_ssetmask") ?, + kprobe.function("sys_ssetmask") ? { name = "ssetmask" // newmask = $newmask @@ -3040,7 +3223,8 @@ probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? newmask = int_arg(1) argstr = sprint(newmask) } -probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? +probe nd_syscall.ssetmask.return = kprobe.function("SyS_ssetmask").return ?, + kprobe.function("sys_ssetmask").return ? { name = "ssetmask" retstr = returnstr(1) @@ -3053,8 +3237,10 @@ probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? # long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) probe nd_syscall.stat = kprobe.function("sys_stat") ?, + kprobe.function("SyS_newstat") ?, kprobe.function("sys_newstat") ?, kprobe.function("sys32_stat64") ?, + kprobe.function("SyS_stat64") ?, kprobe.function("sys_stat64") ?, kprobe.function("sys_oabi_stat64") ?, kprobe.function("compat_sys_newstat") ? @@ -3071,8 +3257,10 @@ probe nd_syscall.stat = kprobe.function("sys_stat") ?, argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), buf_uaddr) } probe nd_syscall.stat.return = kprobe.function("sys_stat").return ?, + kprobe.function("SyS_newstat").return ?, kprobe.function("sys_newstat").return ?, kprobe.function("sys32_stat64").return ?, + kprobe.function("SyS_stat64").return ?, kprobe.function("sys_stat64").return ?, kprobe.function("sys_oabi_stat64").return ?, kprobe.function("compat_sys_newstat").return ? @@ -3085,8 +3273,9 @@ probe nd_syscall.stat.return = kprobe.function("sys_stat").return ?, # long sys_statfs(const char __user * path, struct statfs __user * buf) # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # -probe nd_syscall.statfs = kprobe.function("sys_statfs"), - kprobe.function("compat_sys_statfs") ? +probe nd_syscall.statfs = kprobe.function("compat_sys_statfs") ?, + kprobe.function("SyS_statfs") ?, + kprobe.function("sys_statfs") ? { name = "statfs" // path = user_string($path) @@ -3097,8 +3286,9 @@ probe nd_syscall.statfs = kprobe.function("sys_statfs"), buf_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } -probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return, - kprobe.function("compat_sys_statfs").return ? +probe nd_syscall.statfs.return = kprobe.function("compat_sys_statfs").return ?, + kprobe.function("SyS_statfs").return ?, + kprobe.function("sys_statfs").return ? { name = "statfs" retstr = returnstr(1) @@ -3109,8 +3299,9 @@ probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return, # long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf) # long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) # -probe nd_syscall.statfs64 = kprobe.function("sys_statfs64") ?, - kprobe.function("compat_sys_statfs64") ? +probe nd_syscall.statfs64 = kprobe.function("compat_sys_statfs64") ?, + kprobe.function("SyS_statfs64") ?, + kprobe.function("sys_statfs64") ? { name = "statfs" // path = user_string($path) @@ -3123,8 +3314,9 @@ probe nd_syscall.statfs64 = kprobe.function("sys_statfs64") ?, buf_uaddr = pointer_arg(3) argstr = sprintf("%s, %d, %p", user_string_quoted(pointer_arg(1)), sz, buf_uaddr) } -probe nd_syscall.statfs64.return = kprobe.function("sys_statfs64").return ?, - kprobe.function("compat_sys_statfs64").return ? +probe nd_syscall.statfs64.return = kprobe.function("compat_sys_statfs64").return ?, + kprobe.function("SyS_statfs64").return ?, + kprobe.function("sys_statfs64").return ? { name = "statfs" retstr = returnstr(1) @@ -3135,8 +3327,9 @@ probe nd_syscall.statfs64.return = kprobe.function("sys_statfs64").return ?, # long sys_stime(time_t __user *tptr) # long compat_sys_stime(compat_time_t __user *tptr) # -probe nd_syscall.stime = kprobe.function("sys_stime") ?, - kprobe.function("compat_sys_stime") ? +probe nd_syscall.stime = kprobe.function("compat_sys_stime") ?, + kprobe.function("SyS_stime") ?, + kprobe.function("sys_stime") ? { name = "stime" // t_uaddr = $tptr @@ -3146,8 +3339,9 @@ probe nd_syscall.stime = kprobe.function("sys_stime") ?, t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?, - kprobe.function("compat_sys_stime").return ? +probe nd_syscall.stime.return = kprobe.function("compat_sys_stime").return ?, + kprobe.function("SyS_stime").return ?, + kprobe.function("sys_stime").return ? { name = "stime" retstr = returnstr(1) @@ -3158,7 +3352,8 @@ probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?, # asmlinkage long # sys_swapoff(const char __user * specialfile) # -probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? +probe nd_syscall.swapoff = kprobe.function("SyS_swapoff") ?, + kprobe.function("sys_swapoff") ? { name = "swapoff" // path = user_string($specialfile) @@ -3167,7 +3362,8 @@ probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? +probe nd_syscall.swapoff.return = kprobe.function("SyS_swapoff").return ?, + kprobe.function("sys_swapoff").return ? { name = "swapoff" retstr = returnstr(1) @@ -3179,7 +3375,8 @@ probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? # sys_swapon(const char __user * specialfile, # int swap_flags) # -probe nd_syscall.swapon = kprobe.function("sys_swapon") ? +probe nd_syscall.swapon = kprobe.function("SyS_swapon") ?, + kprobe.function("sys_swapon") ? { name = "swapon" // path = user_string($specialfile) @@ -3190,7 +3387,8 @@ probe nd_syscall.swapon = kprobe.function("sys_swapon") ? swapflags = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(pointer_arg(1)), swapflags) } -probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? +probe nd_syscall.swapon.return = kprobe.function("SyS_swapon").return ?, + kprobe.function("sys_swapon").return ? { name = "swapon" retstr = returnstr(1) @@ -3199,7 +3397,8 @@ probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? # symlink ____________________________________________________ # long sys_symlink(const char __user * oldname, # const char __user * newname) -probe nd_syscall.symlink = kprobe.function("sys_symlink") +probe nd_syscall.symlink = kprobe.function("SyS_symlink") ?, + kprobe.function("sys_symlink") ? { name = "symlink" // oldpath = user_string($oldname) @@ -3212,7 +3411,8 @@ probe nd_syscall.symlink = kprobe.function("sys_symlink") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return +probe nd_syscall.symlink.return = kprobe.function("SyS_symlink").return ?, + kprobe.function("sys_symlink").return ? { name = "symlink" retstr = returnstr(1) @@ -3222,7 +3422,8 @@ probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return # new function with 2.6.16 # long sys_symlinkat(const char __user *oldname, int newdfd, # const char __user *newname) -probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? +probe nd_syscall.symlinkat = kprobe.function("SyS_symlinkat") ?, + kprobe.function("sys_symlinkat") ? { name = "symlinkat" // oldname = $oldname @@ -3243,7 +3444,8 @@ probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? argstr = sprintf("%s, %s, %s", user_string_quoted(oldname), newdfd_str, user_string_quoted(newname)) } -probe nd_syscall.symlinkat.return = kprobe.function("sys_symlinkat").return ? +probe nd_syscall.symlinkat.return = kprobe.function("SyS_symlinkat").return ?, + kprobe.function("sys_symlinkat").return ? { name = "symlinkat" retstr = returnstr(1) @@ -3268,16 +3470,18 @@ probe nd_syscall.sync.return = kprobe.function("sys_sync").return # # long sys_sysctl(struct __sysctl_args __user *args) # -probe nd_syscall.sysctl = kprobe.function("sys_sysctl") ?, - kprobe.function("compat_sys_sysctl") ? +probe nd_syscall.sysctl = kprobe.function("compat_sys_sysctl") ?, + kprobe.function("SyS_sysctl") ?, + kprobe.function("sys_sysctl") ? { name = "sysctl" // argstr = sprintf("%p", $args) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sysctl.return = kprobe.function("sys_sysctl").return ?, - kprobe.function("compat_sys_sysctl").return ? +probe nd_syscall.sysctl.return = kprobe.function("compat_sys_sysctl").return ?, + kprobe.function("SyS_sysctl").return ?, + kprobe.function("sys_sysctl").return ? { name = "sysctl" retstr = returnstr(1) @@ -3290,7 +3494,8 @@ probe nd_syscall.sysctl.return = kprobe.function("sys_sysctl").return ?, # unsigned long arg1, # unsigned long arg2) # -probe nd_syscall.sysfs = kprobe.function("sys_sysfs") +probe nd_syscall.sysfs = kprobe.function("SyS_sysfs") ?, + kprobe.function("sys_sysfs") ? { name = "sysfs" // option = $option @@ -3315,7 +3520,8 @@ probe nd_syscall.sysfs = kprobe.function("sys_sysfs") else argstr = sprintf("%d, %d, %d", option, arg1, arg2) } -probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return +probe nd_syscall.sysfs.return = kprobe.function("SyS_sysfs").return ?, + kprobe.function("sys_sysfs").return ? { name = "sysfs" retstr = returnstr(1) @@ -3325,8 +3531,9 @@ probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return # # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) -probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"), - kprobe.function("compat_sys_sysinfo") ? +probe nd_syscall.sysinfo = kprobe.function("compat_sys_sysinfo") ?, + kprobe.function("SyS_sysinfo") ?, + kprobe.function("sys_sysinfo") ? { name = "sysinfo" // info_uaddr = $info @@ -3335,8 +3542,9 @@ probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"), info_uaddr = pointer_arg(1) argstr = sprintf("%p", info_uaddr) } -probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return, - kprobe.function("compat_sys_sysinfo").return ? +probe nd_syscall.sysinfo.return = kprobe.function("compat_sys_sysinfo").return ?, + kprobe.function("SyS_sysinfo").return ?, + kprobe.function("sys_sysinfo").return ? { name = "sysinfo" retstr = returnstr(1) @@ -3346,7 +3554,8 @@ probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return, # # long sys_syslog(int type, char __user * buf, int len) # -probe nd_syscall.syslog = kprobe.function("sys_syslog") +probe nd_syscall.syslog = kprobe.function("SyS_syslog") ?, + kprobe.function("sys_syslog") ? { name = "syslog" // type = $type @@ -3359,7 +3568,8 @@ probe nd_syscall.syslog = kprobe.function("sys_syslog") len = int_arg(3) argstr = sprintf("%d, %p, %d", type, bufp_uaddr, len) } -probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return +probe nd_syscall.syslog.return = kprobe.function("SyS_syslog").return ?, + kprobe.function("sys_syslog").return ? { name = "syslog" retstr = returnstr(1) @@ -3369,14 +3579,16 @@ probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return # # long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) # -probe nd_syscall.tee = kprobe.function("sys_tee") ? +probe nd_syscall.tee = kprobe.function("SyS_tee") ?, + kprobe.function("sys_tee") ? { name = "tee" // argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) asmlinkage() argstr = sprintf("%d, %d, %d, 0x%x", int_arg(1), int_arg(2), ulong_arg(3), uint_arg(4)) } -probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? +probe nd_syscall.tee.return = kprobe.function("SyS_tee").return ?, + kprobe.function("sys_tee").return ? { name = "tee" retstr = returnstr(1) @@ -3389,7 +3601,8 @@ probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? # int pid, # int sig) # -probe nd_syscall.tgkill = kprobe.function("sys_tgkill") +probe nd_syscall.tgkill = kprobe.function("SyS_tgkill") ?, + kprobe.function("sys_tgkill") ? { name = "tgkill" // tgid = $tgid @@ -3402,7 +3615,8 @@ probe nd_syscall.tgkill = kprobe.function("sys_tgkill") sig = int_arg(3) argstr = sprintf("%d, %d, %s", tgid, pid, _signal_name(sig)) } -probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return +probe nd_syscall.tgkill.return = kprobe.function("SyS_tgkill").return ?, + kprobe.function("sys_tgkill").return ? { name = "tgkill" retstr = returnstr(1) @@ -3415,10 +3629,11 @@ probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return # long sys32_time(compat_time_t __user * tloc) # long compat_sys_time(compat_time_t __user * tloc) # -probe nd_syscall.time = kprobe.function("sys_time")?, - kprobe.function("sys32_time") ?, +probe nd_syscall.time = kprobe.function("sys32_time") ?, kprobe.function("sys_time64") ?, - kprobe.function("compat_sys_time") ? + kprobe.function("compat_sys_time") ?, + kprobe.function("SyS_time") ?, + kprobe.function("sys_time") ? { name = "time" // t_uaddr = $tloc @@ -3427,10 +3642,11 @@ probe nd_syscall.time = kprobe.function("sys_time")?, t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.time.return = kprobe.function("sys_time").return?, - kprobe.function("sys32_time").return ?, +probe nd_syscall.time.return = kprobe.function("sys32_time").return ?, kprobe.function("sys_time64").return ?, - kprobe.function("compat_sys_time").return ? + kprobe.function("compat_sys_time").return ?, + kprobe.function("SyS_time").return ?, + kprobe.function("sys_time").return ? { name = "time" retstr = returnstr(1) @@ -3442,7 +3658,8 @@ probe nd_syscall.time.return = kprobe.function("sys_time").return?, # struct sigevent __user *timer_event_spec, # timer_t __user * created_timer_id) # -probe nd_syscall.timer_create = kprobe.function("sys_timer_create") +probe nd_syscall.timer_create = kprobe.function("SyS_timer_create") ?, + kprobe.function("sys_timer_create") ? { name = "timer_create" // clockid = $which_clock @@ -3457,7 +3674,8 @@ probe nd_syscall.timer_create = kprobe.function("sys_timer_create") timerid_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", clockid_str, evp_uaddr, timerid_uaddr) } -probe nd_syscall.timer_create.return = kprobe.function("sys_timer_create").return +probe nd_syscall.timer_create.return = kprobe.function("SyS_timer_create").return ?, + kprobe.function("sys_timer_create").return ? { name = "timer_create" retstr = returnstr(1) @@ -3467,7 +3685,8 @@ probe nd_syscall.timer_create.return = kprobe.function("sys_timer_create").retur # # long sys_timer_delete(timer_t timer_id) # -probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") +probe nd_syscall.timer_delete = kprobe.function("SyS_timer_delete") ?, + kprobe.function("sys_timer_delete") ? { name = "timer_delete" // timerid = $timer_id @@ -3476,7 +3695,8 @@ probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").return +probe nd_syscall.timer_delete.return = kprobe.function("SyS_timer_delete").return ?, + kprobe.function("sys_timer_delete").return ? { name = "timer_delete" retstr = returnstr(1) @@ -3486,7 +3706,8 @@ probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").retur # # long sys_timer_getoverrun(timer_t timer_id) # -probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") +probe nd_syscall.timer_getoverrun = kprobe.function("SyS_timer_getoverrun") ?, + kprobe.function("sys_timer_getoverrun") ? { name = "timer_getoverrun" // timerid = $timer_id @@ -3495,7 +3716,8 @@ probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_getoverrun.return = kprobe.function("sys_timer_getoverrun").return +probe nd_syscall.timer_getoverrun.return = kprobe.function("SyS_timer_getoverrun").return ?, + kprobe.function("sys_timer_getoverrun").return ? { name = "timer_getoverrun" retstr = returnstr(1) @@ -3506,7 +3728,8 @@ probe nd_syscall.timer_getoverrun.return = kprobe.function("sys_timer_getoverrun # long sys_timer_gettime(timer_t timer_id, # struct itimerspec __user *setting) # -probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") +probe nd_syscall.timer_gettime = kprobe.function("SyS_timer_gettime") ?, + kprobe.function("sys_timer_gettime") ? { name = "timer_gettime" // timerid = $timer_id @@ -3517,7 +3740,8 @@ probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") value_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", timerid, value_uaddr) } -probe nd_syscall.timer_gettime.return = kprobe.function("sys_timer_gettime").return +probe nd_syscall.timer_gettime.return = kprobe.function("SyS_timer_gettime").return ?, + kprobe.function("sys_timer_gettime").return ? { name = "timer_gettime" retstr = returnstr(1) @@ -3530,7 +3754,8 @@ probe nd_syscall.timer_gettime.return = kprobe.function("sys_timer_gettime").ret # const struct itimerspec __user *new_setting, # struct itimerspec __user *old_setting) # -probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") +probe nd_syscall.timer_settime = kprobe.function("SyS_timer_settime") ?, + kprobe.function("sys_timer_settime") ? { name = "timer_settime" // timerid = $timer_id @@ -3549,7 +3774,8 @@ probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") _struct_itimerspec_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.timer_settime.return = kprobe.function("sys_timer_settime").return +probe nd_syscall.timer_settime.return = kprobe.function("SyS_timer_settime").return ?, + kprobe.function("sys_timer_settime").return ? { name = "timer_settime" retstr = returnstr(1) @@ -3581,16 +3807,18 @@ probe nd_syscall.timerfd.return = kprobe.function("sys_timerfd").return ?, # # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) -probe nd_syscall.times = kprobe.function("sys_times") ?, - kprobe.function("compat_sys_times") ? +probe nd_syscall.times = kprobe.function("compat_sys_times") ?, + kprobe.function("SyS_times") ?, + kprobe.function("sys_times") ? { name = "times" // argstr = sprintf("%p", $tbuf) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.times.return = kprobe.function("sys_times").return ?, - kprobe.function("compat_sys_times").return ? +probe nd_syscall.times.return = kprobe.function("compat_sys_times").return ?, + kprobe.function("SyS_times").return ?, + kprobe.function("sys_times").return ? { name = "times" retstr = returnstr(1) @@ -3602,7 +3830,8 @@ probe nd_syscall.times.return = kprobe.function("sys_times").return ?, # sys_tkill(int pid, # int sig) # -probe nd_syscall.tkill = kprobe.function("sys_tkill") +probe nd_syscall.tkill = kprobe.function("SyS_tkill") ?, + kprobe.function("sys_tkill") ? { name = "tkill" // pid = $pid @@ -3613,7 +3842,8 @@ probe nd_syscall.tkill = kprobe.function("sys_tkill") sig = int_arg(2) argstr = sprintf("%d, %s", pid, _signal_name(sig)) } -probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return +probe nd_syscall.tkill.return = kprobe.function("SyS_tkill").return ?, + kprobe.function("sys_tkill").return ? { name = "tkill" retstr = returnstr(1) @@ -3624,7 +3854,8 @@ probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return # sys_truncate(const char __user * path, unsigned long length) # sys_truncate64(const char __user * path, loff_t length) # -probe nd_syscall.truncate = kprobe.function("sys_truncate")?, +probe nd_syscall.truncate = kprobe.function("SyS_truncate") ?, + kprobe.function("sys_truncate") ?, kprobe.function("sys_truncate64") ? { name = "truncate" @@ -3641,7 +3872,8 @@ probe nd_syscall.truncate = kprobe.function("sys_truncate")?, length = longlong_arg(2) argstr = sprintf("%s, %d", user_string_quoted(path_uaddr), length) } -probe nd_syscall.truncate.return = kprobe.function("sys_truncate").return ?, +probe nd_syscall.truncate.return = kprobe.function("SyS_truncate").return ?, + kprobe.function("sys_truncate").return ?, kprobe.function("sys_truncate64").return ? { name = "truncate" @@ -3672,7 +3904,8 @@ probe nd_syscall.tux.return = kprobe.function("sys_tux").return ? # umask ______________________________________________________ # long sys_umask(int mask) # -probe nd_syscall.umask = kprobe.function("sys_umask") +probe nd_syscall.umask = kprobe.function("SyS_umask") ?, + kprobe.function("sys_umask") ? { name = "umask" // mask = $mask @@ -3681,7 +3914,8 @@ probe nd_syscall.umask = kprobe.function("sys_umask") mask = int_arg(1) argstr = sprintf("%#o", mask) } -probe nd_syscall.umask.return = kprobe.function("sys_umask").return +probe nd_syscall.umask.return = kprobe.function("SyS_umask").return ?, + kprobe.function("sys_umask").return ? { name = "umask" retstr = returnstr(3) @@ -3690,7 +3924,8 @@ probe nd_syscall.umask.return = kprobe.function("sys_umask").return # umount _____________________________________________________ # long sys_umount(char __user * name, int flags) # -probe nd_syscall.umount = kprobe.function("sys_umount") +probe nd_syscall.umount = kprobe.function("SyS_umount") ?, + kprobe.function("sys_umount") ? { name = "umount" // target = user_string($name) @@ -3703,7 +3938,8 @@ probe nd_syscall.umount = kprobe.function("sys_umount") flags_str = _umountflags_str(flags) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), flags_str) } -probe nd_syscall.umount.return = kprobe.function("sys_umount").return +probe nd_syscall.umount.return = kprobe.function("SyS_umount").return ?, + kprobe.function("sys_umount").return ? { name = "umount" retstr = returnstr(1) @@ -3721,6 +3957,7 @@ probe nd_syscall.uname = kprobe.function("sys_uname") ?, kprobe.function("sys_olduname") ?, kprobe.function("sys32_olduname") ?, kprobe.function("sys32_uname") ?, + kprobe.function("SyS_newuname") ?, kprobe.function("sys_newuname") ? { name = "uname" @@ -3739,6 +3976,7 @@ probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?, kprobe.function("sys_olduname").return ?, kprobe.function("sys32_olduname").return ?, kprobe.function("sys32_uname").return ?, + kprobe.function("SyS_newuname").return ?, kprobe.function("sys_newuname").return ? { name = "uname" @@ -3748,7 +3986,8 @@ probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?, # unlink _____________________________________________________ # long sys_unlink(const char __user * pathname) # -probe nd_syscall.unlink = kprobe.function("sys_unlink") +probe nd_syscall.unlink = kprobe.function("SyS_unlink") ?, + kprobe.function("sys_unlink") ? { name = "unlink" // pathname_uaddr = $pathname @@ -3759,18 +3998,42 @@ probe nd_syscall.unlink = kprobe.function("sys_unlink") pathname = user_string(pathname_uaddr) argstr = user_string_quoted(pathname_uaddr) } -probe nd_syscall.unlink.return = kprobe.function("sys_unlink").return +probe nd_syscall.unlink.return = kprobe.function("SyS_unlink").return ?, + kprobe.function("sys_unlink").return ? { name = "unlink" retstr = returnstr(1) } +# unlinkat ___________________________________________________ +# TODO +#probe nd_syscall.unlinkat = kprobe.function("SyS_unlinkat") ?, +# kprobe.function("sys_unlinkat") ? +#{ +#} +#probe nd_syscall.unlinkat.return = kprobe.function("SyS_unlinkat").return ?, +# kprobe.function("sys_unlinkat").return ? +#{ +#} + +# unshare ____________________________________________________ +# TODO +#probe nd_syscall.unshare = kprobe.function("SyS_unshare") ?, +# kprobe.function("sys_unshare") ? +#{ +#} +#probe nd_syscall.unshare.return = kprobe.function("SyS_unshare").return ?, +# kprobe.function("sys_unshare").return ? +#{ +#} + # uselib _____________________________________________________ # # asmlinkage long # sys_uselib(const char __user * library) # -probe nd_syscall.uselib = kprobe.function("sys_uselib") +probe nd_syscall.uselib = kprobe.function("SyS_uselib") ?, + kprobe.function("sys_uselib") ? { name = "uselib" // library_uaddr = $library @@ -3781,7 +4044,8 @@ probe nd_syscall.uselib = kprobe.function("sys_uselib") library = user_string(library_uaddr) argstr = user_string_quoted(library_uaddr) } -probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return +probe nd_syscall.uselib.return = kprobe.function("SyS_uselib").return ?, + kprobe.function("sys_uselib").return ? { name = "uselib" retstr = returnstr(1) @@ -3790,7 +4054,8 @@ probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return # ustat ______________________________________________________ # long sys_ustat(unsigned dev, struct ustat __user * ubuf) # -probe nd_syscall.ustat = kprobe.function("sys_ustat") +probe nd_syscall.ustat = kprobe.function("SyS_ustat") ?, + kprobe.function("sys_ustat") ? { name = "ustat" // dev = $dev @@ -3813,7 +4078,8 @@ probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ? argstr = sprintf("%d, %p", dev, pointer_arg(2)) } -probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return, +probe nd_syscall.ustat.return = kprobe.function("SyS_ustat").return ?, + kprobe.function("sys_ustat").return ?, kprobe.function("sys32_ustat").return ? { name = "ustat" @@ -3822,7 +4088,8 @@ probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return, # utime ______________________________________________________ # long sys_utime(char __user * filename, struct utimbuf __user * times) -probe nd_syscall.utime = kprobe.function("sys_utime") ? +probe nd_syscall.utime = kprobe.function("SyS_utime") ?, + kprobe.function("sys_utime") ? { name = "utime" asmlinkage() @@ -3834,7 +4101,8 @@ probe nd_syscall.utime = kprobe.function("sys_utime") ? argstr = sprintf("%s, [%s, %s]", filename, ctime(actime), ctime(modtime)) } -probe nd_syscall.utime.return = kprobe.function("sys_utime").return ? +probe nd_syscall.utime.return = kprobe.function("SyS_utime").return ?, + kprobe.function("sys_utime").return ? { name = "utime" retstr = returnstr(1) @@ -3863,7 +4131,8 @@ probe nd_syscall.compat_utime.return = kprobe.function("compat_sys_utime").retur # # long sys_utimes(char __user * filename, struct timeval __user * utimes) # -probe nd_syscall.utimes = kprobe.function("sys_utimes") +probe nd_syscall.utimes = kprobe.function("SyS_utimes") ?, + kprobe.function("sys_utimes") ? { name = "utimes" // filename_uaddr = $filename @@ -3878,7 +4147,8 @@ probe nd_syscall.utimes = kprobe.function("sys_utimes") argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr), _struct_timeval_u(tvp_uaddr, 2)) } -probe nd_syscall.utimes.return = kprobe.function("sys_utimes").return +probe nd_syscall.utimes.return = kprobe.function("SyS_utimes").return ?, + kprobe.function("sys_utimes").return ? { name = "utimes" retstr = returnstr(1) @@ -3909,7 +4179,8 @@ probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes") # long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) # -probe nd_syscall.utimensat = kprobe.function("sys_utimensat") ? +probe nd_syscall.utimensat = kprobe.function("SyS_utimensat") ?, + kprobe.function("sys_utimensat") ? { name = "utimensat" // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes, 2), @@ -3927,12 +4198,13 @@ probe nd_syscall.compat_utimensat = kprobe.function("compat_sys_utimensat") ? argstr = sprintf("%s, %s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), _struct_compat_timespec_u(pointer_arg(3), 2), _at_flag_str(int_arg(4))) } -probe nd_syscall.utimensat.return = kprobe.function("sys_utimensat").return ? +probe nd_syscall.utimensat.return = kprobe.function("SyS_utimensat").return ?, + kprobe.function("sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) } -probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? +probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) @@ -3961,7 +4233,8 @@ probe nd_syscall.vhangup.return = kprobe.function("sys_vhangup").return # long compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32, # unsigned int nr_segs, unsigned int flags) # -probe nd_syscall.vmsplice = kprobe.function("sys_vmsplice") ? +probe nd_syscall.vmsplice = kprobe.function("SyS_vmsplice") ?, + kprobe.function("sys_vmsplice") ? { name = "vmsplice" // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) @@ -3975,7 +4248,8 @@ probe nd_syscall.compat_vmsplice = kprobe.function("compat_sys_vmsplice") ? asmlinkage() argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), uint_arg(3), uint_arg(4)) } -probe nd_syscall.vmsplice.return = kprobe.function("sys_vmsplice").return ? +probe nd_syscall.vmsplice.return = kprobe.function("SyS_vmsplice").return ?, + kprobe.function("sys_vmsplice").return ? { name = "vmsplice" retstr = returnstr(1) @@ -3993,7 +4267,8 @@ probe nd_syscall.compat_vmsplice.return = kprobe.function("compat_sys_vmsplice") # int options, # struct rusage __user *ru) # -probe nd_syscall.wait4 = kprobe.function("sys_wait4") +probe nd_syscall.wait4 = kprobe.function("SyS_wait4") ?, + kprobe.function("sys_wait4") ? { name = "wait4" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) @@ -4013,7 +4288,8 @@ probe nd_syscall.wait4 = kprobe.function("sys_wait4") argstr = sprintf("%d, %p, %s, %p", pid, status_uaddr, _wait4_opt_str(options), rusage_uaddr) } -probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return +probe nd_syscall.wait4.return = kprobe.function("SyS_wait4").return ?, + kprobe.function("sys_wait4").return ? { name = "wait4" retstr = returnstr(1) @@ -4027,7 +4303,8 @@ probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return # int options, # struct rusage __user *ru) # -probe nd_syscall.waitid = kprobe.function("sys_waitid") +probe nd_syscall.waitid = kprobe.function("SyS_waitid") ?, + kprobe.function("sys_waitid") ? { name = "waitid" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) @@ -4051,7 +4328,8 @@ probe nd_syscall.waitid = kprobe.function("sys_waitid") argstr = sprintf("%d, %d, %p, %s, %p", which, pid, infop_uaddr, _waitid_opt_str(options), rusage_uaddr) } -probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return +probe nd_syscall.waitid.return = kprobe.function("SyS_waitid").return ?, + kprobe.function("sys_waitid").return ? { name = "waitid" retstr = returnstr(1) @@ -4065,7 +4343,8 @@ probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return # int options, # struct rusage __user *ru) # -probe nd_syscall.waitpid = kprobe.function("sys_wait4") +probe nd_syscall.waitpid = kprobe.function("SyS_wait4") ?, + kprobe.function("sys_wait4") ? { name = "waitpid" pid = $pid @@ -4076,7 +4355,8 @@ probe nd_syscall.waitpid = kprobe.function("sys_wait4") argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr, options_str, $ru) } -probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return +probe nd_syscall.waitpid.return = kprobe.function("SyS_wait4").return ?, + kprobe.function("sys_wait4").return ? { name = "waitpid" retstr = returnstr(1) @@ -4089,7 +4369,8 @@ probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return # const char __user * buf, # size_t count) # -probe nd_syscall.write = kprobe.function("sys_write") +probe nd_syscall.write = kprobe.function("SyS_write") ?, + kprobe.function("sys_write") ? { name = "write" // fd = $fd @@ -4103,7 +4384,8 @@ probe nd_syscall.write = kprobe.function("sys_write") argstr = sprintf("%d, %s, %d", fd, text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count) } -probe nd_syscall.write.return = kprobe.function("sys_write").return +probe nd_syscall.write.return = kprobe.function("SyS_write").return ?, + kprobe.function("sys_write").return ? { name = "write" retstr = returnstr(1) @@ -4118,8 +4400,9 @@ probe nd_syscall.write.return = kprobe.function("sys_write").return # const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.writev = kprobe.function("sys_writev"), - kprobe.function("compat_sys_writev") ? +probe nd_syscall.writev = kprobe.function("compat_sys_writev") ?, + kprobe.function("SyS_writev") ?, + kprobe.function("sys_writev") ? { name = "writev" // vector_uaddr = $vec @@ -4138,8 +4421,9 @@ probe nd_syscall.writev = kprobe.function("sys_writev"), argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.writev.return = kprobe.function("sys_writev").return, - kprobe.function("compat_sys_writev").return ? +probe nd_syscall.writev.return = kprobe.function("compat_sys_writev").return ?, + kprobe.function("SyS_writev").return ?, + kprobe.function("sys_writev").return ? { name = "writev" retstr = returnstr(1) |