관리-도구

편집 파일: sysc_sys32_swapcontext.stp

# sys32_swapcontext ________________________________________ # # long sys32_swapcontext(struct ucontext32 __user *old_ctx, # struct ucontext32 __user *new_ctx, # int ctx_size, int r6, int r7, int r8, # struct pt_regs *regs) # @define _SYSCALL_SYS32_SWAPCONTEXT_NAME %( name = "sys32_swapcontext" %) @define _SYSCALL_SYS32_SWAPCONTEXT_ARGSTR %( argstr = sprintf("%p, %p, %d, %d, %d, %d, %p", old_ctx_uaddr, new_ctx_uaddr, r5, r6, r7, r8, regs) %) probe syscall.sys32_swapcontext = dw_syscall.sys32_swapcontext !, nd_syscall.sys32_swapcontext ? {} probe syscall.sys32_swapcontext.return = dw_syscall.sys32_swapcontext.return !, nd_syscall.sys32_swapcontext.return ? {} # dw_sys32_swapcontext _____________________________________________________ probe dw_syscall.sys32_swapcontext = kernel.function("sys32_swapcontext") ? { @_SYSCALL_SYS32_SWAPCONTEXT_NAME old_ctx_uaddr = $old_ctx new_ctx_uaddr = $new_ctx r5 = $ctx_size r6 = $r6 r7 = $r7 r8 = $r8 regs = $regs @_SYSCALL_SYS32_SWAPCONTEXT_ARGSTR } probe dw_syscall.sys32_swapcontext.return = kernel.function("sys32_swapcontext").return ? { @_SYSCALL_SYS32_SWAPCONTEXT_NAME @SYSC_RETVALSTR($return) } # nd_sys32_swapcontext _____________________________________________________ probe nd_syscall.sys32_swapcontext = kprobe.function("sys32_swapcontext") ? { @_SYSCALL_SYS32_SWAPCONTEXT_NAME asmlinkage() old_ctx_uaddr = pointer_arg(1) new_ctx_uaddr = pointer_arg(2) r5 = int_arg(3) r6 = int_arg(4) r7 = int_arg(5) r8 = int_arg(6) regs = pointer_arg(7) @_SYSCALL_SYS32_SWAPCONTEXT_ARGSTR } probe nd_syscall.sys32_swapcontext.return = kprobe.function("sys32_swapcontext").return ? { @_SYSCALL_SYS32_SWAPCONTEXT_NAME @SYSC_RETVALSTR(returnval()) }