1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
probe begin
{
curr = task_current()
// Compare PIDs
pid = pid()
cast_pid = @cast(curr, "task_struct")->tgid
if (pid == cast_pid)
println("PID OK")
else
printf("PID %d != %d\n", pid, cast_pid)
// Compare PIDs using a generated kernel module
cast_pid = @cast(curr, "task_struct", "kernel<linux/sched.h>")->tgid
if (pid == cast_pid)
println("PID2 OK")
else
printf("PID2 %d != %d\n", pid, cast_pid)
// Compare execnames
name = execname()
cast_name = kernel_string(@cast(curr, "task_struct")->comm)
if (name == cast_name)
println("execname OK")
else
printf("execname \"%s\" != \"%s\"\n", name, cast_name)
// Compare sa_data using a generated user module
data = 42
cast_data = @cast(get_sockaddr(data), "sockaddr", "<sys/socket.h>")->sa_data[0]
if (data == cast_data)
println("sa_data OK")
else
printf("sa_data %d != %d\n", data, cast_data)
exit()
}
%{
#include <linux/socket.h>
%}
function get_sockaddr:long(data:long) %{
static struct sockaddr sa = {0};
sa.sa_data[0] = THIS->data;
THIS->__retvalue = (long)&sa;
%}
|
