1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
probe fs.read.return = kernel.function("vfs_read").return {
bytes = ($return > 0 ? $return : 0)
}
probe fs.write.return = kernel.function("vfs_write").return {
bytes = ($return > 0 ? $return : 0)
}
function file2name:string(filep:long)
%{
char *start = NULL, buf[MAXSTRINGLEN];
struct file *file = (struct file *)(long) kread(&(THIS->filep));
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26)
struct dentry *dentry = NULL;
struct vfsmount *mnt = NULL;
if (file) {
mnt = (struct vfsmount *) kread(&(file->f_vfsmnt));
dentry = (struct dentry *) kread(&(file->f_dentry));
}
if (mnt && dentry)
start = d_path(dentry, mnt, buf, MAXSTRINGLEN);
#else
struct path *path = NULL;
if (file)
start = d_path(&(file->f_path), buf, MAXSTRINGLEN);
#endif
if (start > 0)
strlcpy(THIS->__retvalue, start, MAXSTRINGLEN);
CATCH_DEREF_FAULT();
%}
function dentry2name:string(dentry_:long)
%{
struct dentry *dentry = (struct dentry *)(long) kread(&(THIS->dentry_));
strlcpy(THIS->__retvalue, dentry->d_name.name, MAXSTRINGLEN);
CATCH_DEREF_FAULT();
%}
function file2ops:string(filep:long)
%{
char *start = NULL, buf[MAXSTRINGLEN];
struct file *file = (struct file *)(long) kread(&(THIS->filep));
struct file_operations *f_ops;
if (file) {
f_ops = (struct file_operations *)(long) kread(&(file->f_op));
snprintf(THIS->__retvalue, MAXSTRINGLEN, "aio_write: %p",
f_ops->aio_write);
/*
snprintf(THIS->__retvalue, MAXSTRINGLEN, "writev: %s",
symname(f_ops->writev));
*/
}
CATCH_DEREF_FAULT();
%}
function pathdump:string(pathp:long)
%{
struct path *path = (struct path *)(long) kread(&(THIS->pathp));
struct vfsmount *mnt=NULL;
if (path) {
mnt = (struct vfsmount *) kread(&(path->mnt));
}
if (mnt) {
snprintf(THIS->__retvalue, MAXSTRINGLEN, "pathdump: mnt_sb 0x%p mnt_root 0x%p dentry 0x%p",
mnt->mnt_sb, mnt->mnt_root, path->dentry);
}
CATCH_DEREF_FAULT();
%}
|
