관리-도구

편집 파일: sysc_settimeofday.stp

# settimeofday _______________________________________________ # # long sys_settimeofday(struct timeval __user *tv, # struct timezone __user *tz) # @define _SYSCALL_SETTIMEOFDAY_NAME %( name = "settimeofday" %) @define _SYSCALL_SETTIMEOFDAY_ARGSTR %( argstr = sprintf("%s, %s", tv_str, tz_str) %) @define _SYSCALL_SETTIMEOFDAY_REGARGS %( tv_uaddr = pointer_arg(1) tz_uaddr = pointer_arg(2) tz_str = _struct_timezone_u(tz_uaddr) %) probe syscall.settimeofday = dw_syscall.settimeofday !, nd_syscall.settimeofday ? {} probe syscall.settimeofday.return = dw_syscall.settimeofday.return !, nd_syscall.settimeofday.return ? {} # dw_settimeofday _____________________________________________________ probe dw_syscall.settimeofday = kernel.function("sys_settimeofday").call { @_SYSCALL_SETTIMEOFDAY_NAME tv_uaddr = $tv tv_str = _struct_timeval_u(tv_uaddr, 1) tz_uaddr = $tz tz_str = _struct_timezone_u(tz_uaddr) @_SYSCALL_SETTIMEOFDAY_ARGSTR } probe dw_syscall.settimeofday.return = kernel.function("sys_settimeofday").return { @_SYSCALL_SETTIMEOFDAY_NAME @SYSC_RETVALSTR($return) } # nd_settimeofday _____________________________________________________ probe nd_syscall.settimeofday = nd1_syscall.settimeofday!, nd2_syscall.settimeofday!, tp_syscall.settimeofday { } probe nd1_syscall.settimeofday = kprobe.function("sys_settimeofday") ? { @_SYSCALL_SETTIMEOFDAY_NAME asmlinkage() @_SYSCALL_SETTIMEOFDAY_REGARGS tv_str = _struct_timeval_u(tv_uaddr, 1) @_SYSCALL_SETTIMEOFDAY_ARGSTR } /* kernel 4.17+ */ probe nd2_syscall.settimeofday = kprobe.function(@arch_syscall_prefix "sys_settimeofday") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_SETTIMEOFDAY_NAME @_SYSCALL_SETTIMEOFDAY_REGARGS tv_str = _struct_timeval_u(tv_uaddr, 1) @_SYSCALL_SETTIMEOFDAY_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.settimeofday = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__syscall_gate(@const("__NR_settimeofday")) @_SYSCALL_SETTIMEOFDAY_NAME @_SYSCALL_SETTIMEOFDAY_REGARGS tv_str = _struct_timeval_u(tv_uaddr, 1) @_SYSCALL_SETTIMEOFDAY_ARGSTR } probe nd_syscall.settimeofday.return = nd1_syscall.settimeofday.return!, nd2_syscall.settimeofday.return!, tp_syscall.settimeofday.return { } probe nd1_syscall.settimeofday.return = kprobe.function("sys_settimeofday").return ? { @_SYSCALL_SETTIMEOFDAY_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 4.17+ */ probe nd2_syscall.settimeofday.return = kprobe.function(@arch_syscall_prefix "sys_settimeofday").return ? { @_SYSCALL_SETTIMEOFDAY_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.settimeofday.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__syscall_gate(@const("__NR_settimeofday")) @_SYSCALL_SETTIMEOFDAY_NAME @SYSC_RETVALSTR($ret) } # # long sys32_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # long compat_sys_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # probe syscall.settimeofday32 = dw_syscall.settimeofday32 !, nd_syscall.settimeofday32 ? {} probe syscall.settimeofday32.return = dw_syscall.settimeofday32.return !, nd_syscall.settimeofday32.return ? {} # dw_settimeofday32 _____________________________________________________ probe dw_syscall.settimeofday32 = kernel.function("sys32_settimeofday").call ?, kernel.function("compat_sys_settimeofday").call ? { @_SYSCALL_SETTIMEOFDAY_NAME tv_uaddr = @__pointer($tv) tv_str = _struct_compat_timeval_u(tv_uaddr, 1) tz_uaddr = @__pointer($tz) tz_str = _struct_timezone_u(tz_uaddr) @_SYSCALL_SETTIMEOFDAY_ARGSTR } probe dw_syscall.settimeofday32.return = kernel.function("sys32_settimeofday").return ?, kernel.function("compat_sys_settimeofday").return ? { @_SYSCALL_SETTIMEOFDAY_NAME @SYSC_RETVALSTR($return) } # nd_settimeofday32 _____________________________________________________ probe nd_syscall.settimeofday32 = nd1_syscall.settimeofday32!, nd2_syscall.settimeofday32!, tp_syscall.settimeofday32 { } probe nd1_syscall.settimeofday32 = kprobe.function("sys32_settimeofday") ?, kprobe.function("compat_sys_settimeofday") ? { @_SYSCALL_SETTIMEOFDAY_NAME asmlinkage() @_SYSCALL_SETTIMEOFDAY_REGARGS tv_str = _struct_compat_timeval_u(tv_uaddr, 1) @_SYSCALL_SETTIMEOFDAY_ARGSTR } /* kernel 4.17+ */ probe nd2_syscall.settimeofday32 = kprobe.function(@arch_syscall_prefix "compat_sys_settimeofday") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_SETTIMEOFDAY_NAME @_SYSCALL_SETTIMEOFDAY_REGARGS tv_str = _struct_compat_timeval_u(tv_uaddr, 1) @_SYSCALL_SETTIMEOFDAY_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.settimeofday32 = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__compat_syscall_gate(@const("__NR_compat_settimeofday")) @_SYSCALL_SETTIMEOFDAY_NAME @_SYSCALL_SETTIMEOFDAY_REGARGS tv_str = _struct_compat_timeval_u(tv_uaddr, 1) @_SYSCALL_SETTIMEOFDAY_ARGSTR } probe nd_syscall.settimeofday32.return = nd1_syscall.settimeofday32.return!, nd2_syscall.settimeofday32.return!, tp_syscall.settimeofday32.return { } probe nd1_syscall.settimeofday32.return = kprobe.function("sys32_settimeofday").return ?, kprobe.function("compat_sys_settimeofday").return ? { @_SYSCALL_SETTIMEOFDAY_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 4.17+ */ probe nd2_syscall.settimeofday32.return = kprobe.function(@arch_syscall_prefix "compat_sys_settimeofday").return ? { @_SYSCALL_SETTIMEOFDAY_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.settimeofday32.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__compat_syscall_gate(@const("__NR_compat_settimeofday")) @_SYSCALL_SETTIMEOFDAY_NAME @SYSC_RETVALSTR($ret) }