# IA64 system calls # mmap # sys_mmap (unsigned long addr, unsigned long len, int prot, int flags, int fd, long off) # probe syscall.mmap = kernel.function("sys_mmap") ? { name = "mmap" start = $addr len = $len prot = $prot flags = $flags # Although the kernel gets an unsigned long fd, on the # user-side it is a signed int. Fix this. fd = __int32($fd) offset = $off argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, _mprotect_prot_str($prot), _mmap_flags($flags), __int32($fd), $off) } probe syscall.mmap.return = kernel.function("sys_mmap").return ? { name = "mmap" retstr = returnstr(2) } # mmap2 # sys_mmap2 (unsigned long addr, unsigned long len, int prot, int flags, int fd, long pgoff) probe syscall.mmap2 = kernel.function("sys_mmap2") ? { name = "mmap2" start = $addr length = $len prot = $prot flags = $flags fd = $fd pgoffset = $pgoff argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $pgoff) } probe syscall.mmap2.return = kernel.function("sys_mmap2").return ? { name = "mmap2" retstr = returnstr(2) } # sigaltstack _______________________________________________ # asmlinkage long # sys_sigaltstack (const stack_t __user *uss, stack_t __user *uoss, long arg2, # long arg3, long arg4, long arg5, long arg6, long arg7, # struct pt_regs regs) # probe syscall.sigaltstack = kernel.function("sys_sigaltstack") { name = "sigaltstack"; ss_uaddr = $uss oss_uaddr = $uoss argstr = sprintf("%p, %p", $uss, $uoss) } probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return { name = "sigaltstack"; retstr = returnstr(1) } # sysctl _____________________________________________________ # # long sys32_sysctl (struct sysctl32 __user *args) # probe syscall.sysctl32 = kernel.function("sys32_sysctl") ? { name = "sysctl" argstr = sprintf("%p", $args) } probe syscall.sysctl32.return = kernel.function("sys32_sysctl").return ? { name = "sysctl" retstr = returnstr(1) }