From 849e99602e4b0487dad23e28cb6a94bf013f40a4 Mon Sep 17 00:00:00 2001 From: hunt Date: Thu, 26 May 2005 07:18:22 +0000 Subject: Remove all the generated html files. --- runtime/docs/html/dir_000001.html | 89 --------------------------------------- 1 file changed, 89 deletions(-) delete mode 100644 runtime/docs/html/dir_000001.html (limited to 'runtime/docs/html/dir_000001.html') diff --git a/runtime/docs/html/dir_000001.html b/runtime/docs/html/dir_000001.html deleted file mode 100644 index 3e97a453..00000000 --- a/runtime/docs/html/dir_000001.html +++ /dev/null @@ -1,89 +0,0 @@ - - -SystemTap: probes/shellsnoop/ Directory Reference - - - -
Main Page | Modules | Directories | File List | Globals | Related Pages
-
-probes / shellsnoop
-

shellsnoop Directory Reference

Snoops on what commands are being run by shells. -More... - - - - - - - - -

Files

file  dtr.c [code]
file  dtr.mod.c [code]
file  README [code]
-

Detailed Description

-Snoops on what commands are being run by shells. -

-This is a translation of on an old dtr probe. It demonstrates maps, lists, and how to use _stp_copy_argv_from_user() and _stp_strncpy_from_user().

-Original dtr source:

-

-# shellsnoop.probe - snoop shell execution as it occurs.
-# clone of dtrace shellsnoop example
-
-global {
-  long @pids[long];
-}
-
-probe do_execve:entry {
-  char __user *vstr;
-  char str[256];
-  int len;
-
-  /* watch shells only */
-  /* FIXME: detect more shells, like csh, tcsh, zsh */
-
-  if (!strcmp(current->comm,"bash") || !strcmp(current->comm,"sh") || !strcmp(current->comm, "zsh")
-      || !strcmp(current->comm, "tcsh") || !strcmp(current->comm, "pdksh"))
-    {
-      dlog ("%d\t%d\t%d\t%s ", current->uid, current->pid, current->parent->pid, filename);
-      @pids[current->pid] = 1;
-
-      /* print out argv, ignoring argv[0] */
-      if (argv) argv++;
-      while (argv != NULL)
-        {
-          if (get_user (vstr, argv))
-            break;
-          if (!vstr)
-            break;
-          len = dtr_strncpy_from_user(str, vstr, 256);
-          str[len] = 0;
-          printk ("%s ", str);
-          argv++;
-        }
-      printk ("\n");
-    }
-}
-
-# use filp_open because copy_from_user not needed there
-probe filp_open:entry {
-  if (@pids[current->pid])
-    dlog ("%d\t%d\t%s\tO %s\n", current->pid, current->parent->pid, current->comm, filename);
-}
-
-probe sys_read:entry {
-  if (@pids[current->pid])
-    dlog ("%d\t%d\t%s\tR %d\n", current->pid, current->parent->pid, current->comm, fd);
-}
-
-probe sys_write:entry {
-  size_t len;
-  char str[256];
-  if (@pids[current->pid])
-    {
-      if (count < 64) len = count;
-      else len = 64;
-      if (len = dtr_strncpy_from_user(str, buf, len)) {
-        str[len] = 0;
-        dlog ("%d\t%d\t%s\tW %s\n", current->pid, current->parent->pid, current->comm, str);
-        }
-    }
-}
-
-- cgit