// Public License (GPL); either version 2, or (at your option) any
// later version.
-/* Each syscall probe collects the call's standard parameters. Beyond that:
-*
-* User-space pointers, including chacter strings, are stored as
-* integer variables named "foo_uaddr", to which one might apply
-* user_string().
+/* Each syscall returns the calls parameters. In addition, the following
+* variables are set:
*
* name - generally the syscall name minus the "sys_".
*
fd = $fd
buf_uaddr = $buf
count = $count
- argstr = sprintf("%d, ..., %d", fd, count)
+ argstr = sprintf("%d, [0x%x], %d", fd, buf_uaddr, count)
}
probe syscall.read.return = kernel.function("sys_read").return {
name = "read"
* rem_tv_sec = __uget_ts_m($rmtp,0)
* rem_tv_nsec = __uget_ts_m($rmtp,1)
*/
- argstr = "...., ..."
+ argstr = sprintf("[0x%x], [0x%x]", req_uaddr, rem_uaddr)
}
probe syscall.nanosleep.return = kernel.function("sys_nanosleep").return {
name = "nanosleep"
name = "newfstat"
fd = $fd
buf_uaddr = $statbuf
- argstr = sprintf("%d, ...", fd)
+ argstr = sprintf("%d, [0x%x]", fd, buf_uaddr)
}
probe syscall.newfstat.return = kernel.function("sys_newfstat").return {
name = "newfstat"
#
probe syscall.newlstat = kernel.function("sys_newlstat") {
name = "newlstat"
- filename_uaddr = $filename
+ pathname = user_string($filename)
buf_uaddr = $statbuf
- argstr = "..., ..."
+ argstr = sprintf("\"%s\", [0x%x]", pathname, buf_uaddr)
}
probe syscall.newlstat.return = kernel.function("sys_newlstat").return {
name = "newlstat"
#
probe syscall.newstat = kernel.function("sys_newstat") {
name = "newstat"
- filename_uaddr = $filename
+ pathname = user_string($filename)
buf_uaddr = $statbuf
- argstr = "..., ..."
+ argstr = sprintf("\"%s\", [0x%x]", pathname, buf_uaddr)
}
probe syscall.newstat.return = kernel.function("sys_newstat").return {
name = "newstat"
probe syscall.newuname = kernel.function("sys_newuname") {
name = "newuname"
name_uaddr = $name
- argstr = "..."
+ argstr = sprintf("[0x%x]", name_uaddr)
}
probe syscall.newuname.return = kernel.function("sys_newuname").return {
name = "newuname"
cmd = $cmd
argp_uaddr = $arg
resp_uaddr = $res
+ argstr = sprintf("0x%x, [0x%x], [0x%x]", cmd, argp_uaddr, resp_uaddr)
}
probe syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return {
- name = "nfsservctl.return"
+ name = "nfsservctl"
returnp = 1
}
# nice _______________________________________________________
kernel.function("sys_nice") {
name = "nice"
inc = $increment
+ argstr = sprintf("0x%x", inc)
}
probe syscall.nice.return = kernel.function("sys_nice").return {
name = "nice"
#
probe syscall.ni_syscall = kernel.function("sys_ni_syscall") {
name = "ni_syscall"
+ argstr = ""
}
probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return {
name = "ni_syscall"
resource = $resource
resource_str = _rlimit_resource_str($resource)
rlim_uaddr = $rlim
+ argstr = sprintf("%s, [0x%x]", resource_str, rlim_uaddr)
}
probe syscall.old_getrlimit.return = kernel.function("sys_old_getrlimit").return {
name = "old_getrlimit"
#
probe syscall.oldumount = kernel.function("sys_umount") {
name = "oldumount"
- target_uaddr = $name
+ name_str = user_string($name)
+ argstr = sprintf("%s", name_str)
}
probe syscall.oldumount.return = kernel.function("sys_umount").return {
name = "oldumount"
#
probe syscall.pause = kernel.function("sys_pause") {
name = "pause"
+ argstr = ""
}
probe syscall.pause.return = kernel.function("sys_pause").return {
name = "pause"
# which = $which
# bus = $bus
# dfn = $dfn
+# argstr = sprintf("0x%x, 0x%x, 0x%x", which, bus, dfn)
#}
#probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return {
# name = "pciconfig_iobase"
# off = $off
# len = $len
# buf_uaddr = $buf
+# argstr = sprintf("0x%x, 0x%x, 0x%x, %d, [0x%x]", bus, dfn, off,
+# len, buf_uaddr)
#}
#probe syscall.pciconfig_read.return =
# kernel.function("sys_pciconfig_read").return {
# off = $off
# len = $len
# buf_uaddr = $buf
+# argstr = sprintf("0x%x, 0x%x, 0x%x, %d, [0x%x]", bus, dfn, off,
+# len, buf_uaddr)
#}
#probe syscall.pciconfig_write.return =
# kernel.function("sys_pciconfig_write").return {
probe syscall.personality = kernel.function("sys_personality") {
name = "personality"
persona = $personality
+ argstr = sprintf("0x%x", persona);
}
probe syscall.personality.return = kernel.function("sys_personality").return {
name = "personality"
probe syscall.pipe = kernel.function("sys_pipe") {
name = "pipe"
fildes_uaddr = $fildes
+ argstr = sprintf("[0x%x]", fildes_uaddr)
}
probe syscall.pipe.return = kernel.function("sys_pipe").return {
name = "pipe"
#
probe syscall.pivot_root = kernel.function("sys_pivot_root") {
name = "pivot_root"
- new_root_uaddr = $new_root
- old_root_uaddr = $put_old
+ new_root_str = user_string($new_root)
+ old_root_str = user_string($put_old)
+ argstr = sprintf("%s, %s", new_root_str, old_root_str)
}
probe syscall.pivot_root.return = kernel.function("sys_pivot_root").return {
name = "pivot_root"
ufds_uaddr = $ufds
nfds = $nfds
timeout = $timeout
+ argstr = sprintf("[0x%x], %d, %d", ufds_uaddr, nfds, timeout)
}
probe syscall.poll.return = kernel.function("sys_poll").return {
name = "poll"
arg3 = $arg3
arg4 = $arg4
arg5 = $arg5
+ argstr = sprintf("0x%x, 0x%x, 0x%x, 0x%x, 0x%x", option, arg2, arg3,
+ arg4, arg5)
}
probe syscall.prctl.return = kernel.function("sys_prctl").return {
name = "prctl"
buf_uaddr = $buf
count = $count
offset = $pos
+ argstr = sprintf("%d, [0x%x], 0x%x, 0x%x", fd, buf_uaddr,
+ count, offset)
}
probe syscall.pread64.return = kernel.function("sys_pread64").return {
name = "pread64"
pid = $pid
addr = $addr
data = $data
+ argstr = sprintf("0x%x, 0x%x, 0x%x, 0x%x", request, pid,
+ addr, data)
}
probe syscall.ptrace.return = kernel.function("sys_ptrace").return {
name = "ptrace"
buf_uaddr = $buf
count = $count
offset = $pos
+ argstr = sprintf("%d, [0x%x], 0x%x, 0x%x", fd, buf_uaddr,
+ count, offset)
}
probe syscall.pwrite64.return = kernel.function("sys_pwrite64").return {
name = "pwrite64"
name = "quotactl"
cmd = $cmd
cmd_str = _quotactl_cmd_str($cmd)
- special_uaddr = $special
+ special_str = user_string($special)
id = $id
addr_uaddr = $addr
+ argstr = sprintf("%s, %s, 0x%x, [0x%x]", cmd_str, special_str,
+ id, addr_uaddr)
}
probe syscall.quotactl.return = kernel.function("sys_quotactl").return {
name = "quotactl"
fd = $fd
offset = $offset
count = $count
+ argstr = sprintf("%d, 0x%x, 0x%x", fd, offset, count)
}
probe syscall.readahead.return = kernel.function("sys_readahead").return {
name = "readahead"
probe syscall.readlink = kernel.function("sys_readlink") {
name = "readlink"
path_uaddr = $path
+ path_str = user_string(path_uaddr)
buf_uaddr = $buf
bufsiz = $bufsiz
+ argstr = sprintf("%s, [0x%x], 0x%x", path_str, buf_uaddr, bufsiz)
}
probe syscall.readlink.return = kernel.function("sys_readlink").return {
name = "readlink"
fd = $fd
vector_uaddr = $vec
count = $vlen
+ argstr = sprintf("%d, [0x%x], 0x%x", fd, vector_uaddr, count)
}
probe syscall.readv.return = kernel.function("sys_readv").return {
name = "readv"
flag = $cmd
flag_str = _reboot_flag_str(flag)
arg_uaddr = $arg
+ argstr = sprintf("%s, %s, %s, [0x%x]", magic_str, magic2_str,
+ flag_str, arg_uaddr)
}
probe syscall.reboot.return = kernel.function("sys_reboot").return {
name = "reboot"
len = $size
flags = $flags
flags_str = _recvflags_str($flags)
- from_uaddr = $addr
- fromlen_uaddr = $addr_len
+ addr_uaddr = $addr
+ addrlen_uaddr = $addr_len
+ argstr = sprintf("%d, [0x%x], 0x%x, %s, [0x%x], 0x%x",
+ s, buf_uaddr, len, flags_str, addr_uaddr,
+ addrlen_uaddr)
}
probe syscall.recv.return = kernel.function("sys_recvfrom").return {
name = "recv"
len = $size
flags = $flags
flags_str = _recvflags_str($flags)
- from_uaddr = $addr
- fromlen = $addr_len
+ addr_uaddr = $addr
+ addrlen_uaddr = $addr_len
+ argstr = sprintf("%d, [0x%x], 0x%x, %s, 0x%x, 0x%x",
+ s, buf_uaddr, len, flags_str,
+ addr_uaddr, addrlen_uaddr)
}
probe syscall.recvfrom.return = kernel.function("sys_recvfrom").return {
name = "recvfrom"
msg_uaddr = $msg
flags = $flags
flags_str = _recvflags_str($flags)
+ argstr = sprintf("%d, [0x%x], %s", s, msg_uaddr, flags_str)
}
probe syscall.recvmsg.return = kernel.function("sys_recvmsg").return {
name = "recvmsg"
prot = $__prot
pgoff = $pgoff
flags = $flags
+ argstr = sprintf("0x%x, 0x%x, 0x%x, 0x%x, 0x%x", start, size, prot,
+ pgoff, flags)
}
probe syscall.remap_file_pages.return =
kernel.function("sys_remap_file_pages").return {
#
probe syscall.removexattr = kernel.function("sys_removexattr") {
name = "removexattr"
- path_uaddr = $path
- name_uaddr = $name
+ path_str = user_string($path)
+ name_str = user_string($name)
+ argstr = sprintf("%s, %s", path_str, name_str)
}
probe syscall.removexattr.return = kernel.function("sys_removexattr").return {
name = "removexattr"
#
probe syscall.rename = kernel.function("sys_rename") {
name = "rename"
- oldpath_uaddr = $oldname
- newpath_uaddr = $newname
+ oldpath_str = user_string($oldname)
+ newpath_str = user_string($newname)
+ argstr = sprintf("%s, %s", oldpath_str, newpath_str)
}
probe syscall.rename.return = kernel.function("sys_rename").return {
name = "rename"
description_uaddr = $_description
callout_info_uaddr = $_callout_info
destringid = $destringid
+ argstr = sprintf("[0x%x], [0x%x], [0x%x], 0x%x", type_uaddr,
+ description_uaddr, callout_info_uaddr, destringid)
}
probe syscall.request_key.return = kernel.function("sys_request_key").return {
name = "request_key"
#
probe syscall.restart_syscall = kernel.function("sys_restart_syscall") {
name = "restart_syscall"
+ argstr = ""
}
probe syscall.restart_syscall.return =
kernel.function("sys_restart_syscall").return {
#
probe syscall.rmdir = kernel.function("sys_rmdir") {
name = "rmdir"
- pathname_uaddr = $pathname
+ pathname_str = user_string($pathname)
+ argstr = pathname_str
}
probe syscall.rmdir.return = kernel.function("sys_rmdir").return {
name = "rmdir"
* unable to find local 'restorer' (maybe i386 specific)
* restorer_uaddr = $restorer
*/
+ argstr = sprintf("%d, [0x%x], [0x%x], 0x%x", sig,
+ act_uaddr, oact_uaddr, sigsetsize)
}
probe syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return {
name = "rt_sigaction"
name = "rt_sigpending"
set_uaddr = $set
sigsetsize = $sigsetsize
+ argstr = sprintf("[0x%x], 0x%x", set_uaddr, sigsetsize)
}
probe syscall.rt_sigpending.return = kernel.function("do_sigpending").return {
name = "rt_sigpending"
set_uaddr = $set
oset_uaddr = $oset
sigsetsize = $sigsetsize
+ argstr = sprintf("%s, [0x%x], [0x%x], 0x%x", how_str, set_uaddr,
+ oset_uaddr, sigsetsize)
}
probe syscall.rt_sigprocmask.return =
kernel.function("sys_rt_sigprocmask").return {
pid = $pid
sig = $sig
uinfo_uaddr = $uinfo
+ argstr = sprintf("0x%x, 0x%x, [0x%x]", pid, sig, uinfo_uaddr)
}
probe syscall.rt_sigqueueinfo.return =
kernel.function("sys_rt_sigqueueinfo").return {
* unsupported type identifier '$regs'
* regs = $regs
*/
+ argstr = ""
}
probe syscall.rt_sigsuspend.return = kernel.function("sys_rt_sigsuspend").return {
name = "rt_sigsuspend"
uinfo_uaddr = $uinfo
uts_uaddr = $uts
sigsetsize = $sigsetsize
+ argstr = sprintf("[0x%x], [0x%x], [0x%x], 0x%x", uthese_uaddr,
+ uinfo_uaddr, uts_uaddr, sigsetsize)
}
probe syscall.rt_sigtimedwait.return =
kernel.function("sys_rt_sigtimedwait").return {
pid = $pid
len = $len
mask_uaddr = $user_mask_ptr
+ argstr = sprintf("0x%x, 0x%x, [0x%x]", pid, len, mask_uaddr)
}
probe syscall.sched_getaffinity.return =
kernel.function("sys_sched_getaffinity").return {
name = "sched_getaffinity"
+ returnp = 1
}
# sched_getparam _____________________________________________
#
name = "sched_getparam"
pid = $pid
p_uaddr = $param
+ argstr = ""
}
probe syscall.sched_getparam.return =
kernel.function("sys_sched_getparam").return {
kernel.function("sys_sched_get_priority_max") {
name = "sched_get_priority_max"
policy = $policy
+ argstr = ""
}
probe syscall.sched_get_priority_max.return =
kernel.function("sys_sched_get_priority_max").return {
kernel.function("sys_sched_get_priority_min") {
name = "sched_get_priority_min"
policy = $policy
+ argstr = ""
}
probe syscall.sched_get_priority_min.return =
kernel.function("sys_sched_get_priority_min").return {
probe syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") {
name = "sched_getscheduler"
pid = $pid
+ argstr = ""
}
probe syscall.sched_getscheduler.return =
kernel.function("sys_sched_getscheduler").return {
name = "sched_rr_get_interval"
pid = $pid
tp_uaddr = $interval
+ argstr = ""
}
probe syscall.sched_rr_get_interval.return =
kernel.function("sys_sched_rr_get_interval").return {
#
probe syscall.sched_yield = kernel.function("sys_sched_yield") {
name = "sched_yield"
+ argstr = ""
}
probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return {
name = "sched_yield"
writefds_uaddr = $outp
exceptfds_uaddr = $exp
timeout_uaddr = $tvp
+ argstr = ""
}
probe syscall.select.return = kernel.function("sys_select").return {
name = "select"
* unsupported type tag identifier '$arg'
* arg = $arg
*/
+ argstr = ""
}
probe syscall.semctl.return = kernel.function("sys_semctl").return {
name = "semctl"
key = $key
nsems = $nsems
semflg = $semflg
+ argstr = ""
}
probe syscall.semget.return = kernel.function("sys_semget").return {
name = "semget"
semid = $semid
tsops_uaddr = $tsops
nsops = $nsops
+ argstr = ""
}
probe syscall.semop.return = kernel.function("sys_semtimedop").return {
name = "semop"
sops_uaddr = $tsops
nsops = $nsops
timeout_uaddr = $timeout
+ argstr = ""
}
probe syscall.semtimedop.return = kernel.function("sys_semtimedop").return {
name = "semtimedop"
flags_str = _send_flags_str($flags)
to_uaddr = $addr
tolen = $addr_len
+ argstr = ""
}
probe syscall.send.return = kernel.function("sys_sendto").return {
name = "send"
in_fd = $in_fd
offset_uaddr = $offset
count = $count
+ argstr = ""
}
probe syscall.sendfile.return = kernel.function("sys_sendfile").return {
name = "sendfile"
in_fd = $in_fd
offset_uaddr = $offset
count = $count
+ argstr = ""
}
probe syscall.sendfile64.return = kernel.function("sys_sendfile64").return {
name = "sendfile64"
msg_uaddr = $msg
flags = $flags
flags_str = _send_flags_str($flags)
+ argstr = ""
}
probe syscall.sendmsg.return = kernel.function("sys_sendmsg").return {
name = "sendmsg"
flags_str = _send_flags_str($flags)
to_uaddr = $addr
tolen = $addr_len
+ argstr = ""
}
probe syscall.sendto.return = kernel.function("sys_sendto").return {
name = "sendto"
name = "setdomainname"
hostname_uaddr = $name
len = $len
+ argstr = ""
}
probe syscall.setdomainname.return =
kernel.function("sys_setdomainname").return {
probe syscall.setfsgid = kernel.function("sys_setfsgid") {
name = "setfsgid"
fsgid = $gid
+ argstr = ""
}
probe syscall.setfsgid.return = kernel.function("sys_setfsgid").return {
name = "setfsgid"
probe syscall.setfsgid16 = kernel.function("sys_setfsgid") {
name = "setfsgid16"
gid = $gid
+ argstr = ""
}
probe syscall.setfsgid16.return = kernel.function("sys_setfsgid").return {
name = "setfsgid16"
probe syscall.setfsuid = kernel.function("sys_setfsuid") {
name = "setfsuid"
fsuid = $uid
+ argstr = ""
}
probe syscall.setfsuid.return = kernel.function("sys_setfsuid").return {
name = "setfsuid"
probe syscall.setfsuid16 = kernel.function("sys_setfsuid") {
name = "setfsuid16"
uid = $uid
+ argstr = ""
}
probe syscall.setfsuid16.return = kernel.function("sys_setfsuid").return {
name = "setfsuid16"
probe syscall.setgid = kernel.function("sys_setgid") {
name = "setgid"
gid = $gid
+ argstr = ""
}
probe syscall.setgid.return = kernel.function("sys_setgid").return {
name = "setgid"
probe syscall.setgid16 = kernel.function("sys_setgid") {
name = "setgid16"
gid = $gid
+ argstr = ""
}
probe syscall.setgid16.return = kernel.function("sys_setgid").return {
name = "setgid16"
* embedded C if need be.
*/
list_uaddr = $grouplist
+ argstr = ""
}
probe syscall.setgroups.return = kernel.function("sys_setgroups").return {
name = "setgroups"
name = "setgroups16"
size = $gidsetsize
list_uaddr = $grouplist
+ argstr = ""
}
probe syscall.setgroups16.return = kernel.function("sys_setgroups16").return {
name = "setgroups16"
name = "sethostname"
hostname_uaddr = $name
len = $len
+ argstr = ""
}
probe syscall.sethostname.return = kernel.function("sys_sethostname").return {
name = "sethostname"
+ returnp = 1
}
# setitimer __________________________________________________
#
* ovalue_it_value_tv_sec = __uget_itimerval_tv_m($ovalue,2)
* ovalue_it_value_tv_usec = __uget_itimerval_tv_m($ovalue,3)
*/
+ argstr = ""
}
probe syscall.setitimer.return = kernel.function("sys_setitimer").return {
name = "setitimer"
name = "setpgid"
pid = $pid
pgid = $pgid
+ argstr = ""
}
probe syscall.setpgid.return = kernel.function("sys_setpgid").return {
name = "setpgid"
which_str = _priority_which_str($which)
who = $who
prio = $niceval
+ argstr = ""
}
probe syscall.setpriority.return = kernel.function("sys_setpriority").return {
name = "setpriority"
name = "setregid"
rgid = $rgid
egid = $egid
+ argstr = ""
}
probe syscall.setregid.return = kernel.function("sys_setregid").return {
name = "setregid"
name = "setregid16"
rgid = $rgid
egid = $egid
+ argstr = ""
}
probe syscall.setregid16.return = kernel.function("sys_setregid").return {
name = "setregid16"
rgid = $rgid
egid = $egid
sgid = $sgid
+ argstr = ""
}
probe syscall.setresgid.return = kernel.function("sys_setresgid").return {
name = "setresgid"
rgid = $rgid
egid = $egid
sgid = $sgid
+ argstr = ""
}
probe syscall.setresgid16.return = kernel.function("sys_setresgid").return {
name = "setresgid16"
ruid = $ruid
euid = $euid
suid = $suid
+ argstr = ""
}
probe syscall.setresuid.return = kernel.function("sys_setresuid").return {
name = "setresuid"
ruid = $ruid
euid = $euid
suid = $suid
+ argstr = ""
}
probe syscall.setresuid16.return = kernel.function("sys_setresuid").return {
name = "setresuid16"
name = "setreuid"
ruid = $ruid
euid = $euid
+ argstr = ""
}
probe syscall.setreuid.return = kernel.function("sys_setreuid").return {
name = "setreuid"
name = "setreuid16"
ruid = $ruid
euid = $euid
+ argstr = ""
}
probe syscall.setreuid16.return = kernel.function("sys_setreuid").return {
name = "setreuid16"
resource = $resource
resource_str = _rlimit_resource_str($resource)
rlim_uaddr = $rlim
+ argstr = ""
}
probe syscall.setrlimit.return = kernel.function("sys_setrlimit").return {
name = "setrlimit"
#
probe syscall.setsid = kernel.function("sys_setsid") {
name = "setsid"
+ argstr = ""
}
probe syscall.setsid.return = kernel.function("sys_setsid").return {
name = "setsid"
optname_str = _sockopt_optname_str($optname)
optval_uaddr = $optval
optlen = $optlen
+ argstr = ""
}
probe syscall.setsockopt.return = kernel.function("sys_setsockopt").return {
name = "setsockopt"
probe syscall.set_tid_address = kernel.function("sys_set_tid_address") {
name = "set_tid_address"
tidptr_uaddr = $tidptr
+ argstr = ""
}
probe syscall.set_tid_address.return =
kernel.function("sys_set_tid_address").return {
* tz_tz_minuteswest = __uget_tz_m($tz,0)
* tz_tz_dsttime = __uget_tz_m($tz,1)
*/
+ argstr = ""
}
probe syscall.settimeofday.return =
kernel.function("sys_settimeofday").return {
probe syscall.setuid = kernel.function("sys_setuid") {
name = "setuid"
uid = $uid
+ argstr = ""
}
probe syscall.setuid.return = kernel.function("sys_setuid").return {
name = "setuid"
probe syscall.setuid16 = kernel.function("sys_setuid") {
name = "setuid16"
uid = $uid
+ argstr = ""
}
probe syscall.setuid16.return = kernel.function("sys_setuid").return {
name = "setuid16"
value_uaddr = $value
size = $size
flags = $flags
+ argstr = ""
}
probe syscall.setxattr.return = kernel.function("sys_setxattr").return {
name = "setxattr"
#
probe syscall.sgetmask = kernel.function("sys_sgetmask") {
name = "sgetmask"
+ argstr = ""
}
probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return {
name = "sgetmask"
shmid = $shmid
cmd = $cmd
buf_uaddr = $buf
+ argstr = ""
}
probe syscall.shmctl.return = kernel.function("sys_shmctl").return {
name = "shmctl"
probe syscall.shmdt = kernel.function("sys_shmdt") {
name = "shmdt"
shmaddr_uaddr = $shmaddr
+ argstr = ""
}
probe syscall.shmdt.return = kernel.function("sys_shmdt").return {
name = "shmdt"
key = $key
size = $size
shmflg = $shmflg
+ argstr = ""
}
probe syscall.shmget.return = kernel.function("sys_shmget").return {
name = "shmget"
s = $fd
how = $how
how_str = _shutdown_how_str($how)
+ argstr = ""
}
probe syscall.shutdown.return = kernel.function("sys_shutdown").return {
name = "shutdown"
name = "signal"
sig = $sig
handler = $handler
+ argstr = ""
}
probe syscall.signal.return = kernel.function("sys_signal").return {
name = "signal"
* with embedded C if need be.
*/
set_uaddr = $set
+ argstr = ""
}
probe syscall.sigpending.return = kernel.function("do_sigpending").return {
name = "sigpending"
*/
set_uaddr = $set
oldset_uaddr = $oset
+ argstr = ""
}
probe syscall.sigprocmask.return = kernel.function("sigprocmask").return {
name = "sigprocmask"
type = $type
type_str = _sock_type_str($type)
protocol = $protocol
+ argstr = ""
}
probe syscall.socket.return = kernel.function("sys_socket").return {
name = "socket"
name = "socketcall"
call = $call
args_uaddr = $args
+ argstr = ""
}
probe syscall.socketcall.return = kernel.function("sys_socketcall").return {
name = "socketcall"
type_str = _sock_type_str($type)
protocol = $protocol
sv_uaddr = $usockvec
+ argstr = ""
}
probe syscall.socketpair.return = kernel.function("sys_socketpair").return {
name = "socketpair"
probe syscall.ssetmask = kernel.function("sys_ssetmask") {
name = "ssetmask"
newmask = $newmask
+ argstr = ""
}
probe syscall.ssetmask.return = kernel.function("sys_ssetmask").return {
name = "ssetmask"
name = "stat"
filename_uaddr = $filename
buf_uaddr = $statbuf
+ argstr = ""
}
probe syscall.stat.return = kernel.function("sys_stat").return {
name = "stat"
name = "statfs"
path_uaddr = $path
buf_uaddr = $buf
+ argstr = ""
}
probe syscall.statfs.return = kernel.function("sys_statfs").return {
name = "statfs"
path_uaddr = $path
sz = $sz
buf_uaddr = $buf
+ argstr = ""
}
probe syscall.statfs64.return = kernel.function("sys_statfs64").return {
name = "statfs64"
* XXX NOT SAFE -- might sleep
* t = __uget_num($tptr)
*/
+ argstr = ""
}
probe syscall.stime.return = kernel.function("sys_stime").return {
name = "stime"
probe syscall.swapoff = kernel.function("sys_swapoff") {
name = "swapoff"
path_uaddr = $specialfile
+ argstr = ""
}
probe syscall.swapoff.return = kernel.function("sys_swapoff").return {
name = "swapoff"
name = "swapon"
path_uaddr = $specialfile
swapflags = $swap_flags
+ argstr = ""
}
probe syscall.swapon.return = kernel.function("sys_swapon").return {
name = "swapon"
name = "symlink"
oldpath_uaddr = $oldname
newpath_uaddr = $newname
+ argstr = ""
}
probe syscall.symlink.return = kernel.function("sys_symlink").return {
name = "symlink"
probe syscall.sync = kernel.function("do_sync") {
name = "sync"
wait = $wait
+ argstr = ""
}
probe syscall.sync.return = kernel.function("do_sync").return {
name = "sync"
probe syscall.sysctl = kernel.function("sys_sysctl") {
name = "sysctl"
args_uaddr = $args
+ argstr = ""
}
probe syscall.sysctl.return = kernel.function("sys_sysctl").return {
name = "sysctl"
option = $option
arg1 = $arg1
arg2 = $arg2
+ argstr = ""
}
probe syscall.sysfs.return = kernel.function("sys_sysfs").return {
name = "sysfs"
probe syscall.sysinfo = kernel.function("sys_sysinfo") {
name = "sysinfo"
info_uaddr = $info
+ argstr = ""
}
probe syscall.sysinfo.return = kernel.function("sys_sysinfo").return {
name = "sysinfo"
type = $type
bufp_uaddr = $buf
len = $len
+ argstr = ""
}
probe syscall.syslog.return = kernel.function("do_syslog").return {
name = "syslog"
tgid = $tgid
pid = $pid
sig = $sig
+ argstr = ""
}
probe syscall.tgkill.return = kernel.function("sys_tgkill").return {
name = "tgkill"
* XXX NOT SAFE -- might sleep
* t = __uget_num($tloc)
*/
+ argstr = ""
}
probe syscall.time.return = kernel.function("sys_time").return {
name = "time"
* XXX NOT SAFE -- might sleep
* timerid = __uget_num($created_timer_id)
*/
+ argstr = ""
}
probe syscall.timer_create.return =
kernel.function("sys_timer_create").return {
probe syscall.timer_delete = kernel.function("sys_timer_delete") {
name = "timer_delete"
timerid = $timer_id
+ argstr = ""
}
probe syscall.timer_delete.return = kernel.function("sys_timer_delete").return {
name = "timer_delete"
probe syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") {
name = "timer_getoverrun"
timerid = $timer_id
+ argstr = ""
}
probe syscall.timer_getoverrun.return =
kernel.function("sys_timer_getoverrun").return {
* value_it_value_tv_sec = __uget_itimerspec_ts_m($setting,2)
* value_it_value_tv_nsec = __uget_itimerspec_ts_m($setting,3)
*/
+ argstr = ""
}
probe syscall.timer_gettime.return =
kernel.function("sys_timer_gettime").return {
flags = $flags
value_uaddr = $new_setting
ovalue_uaddr = $old_setting
+ argstr = ""
}
probe syscall.timer_settime.return =
kernel.function("sys_timer_settime").return {
* buf_tms_cutime = __uget_tms_m($tbuf,2)
* buf_tms_cstime = __uget_tms_m($tbuf,3)
*/
+ argstr = ""
}
probe syscall.times.return = kernel.function("sys_times").return {
name = "times"
name = "tkill"
pid = $pid
sig = $sig
+ argstr = ""
}
probe syscall.tkill.return = kernel.function("sys_tkill").return {
name = "tkill"
name = "truncate"
path_uaddr = $path
length = $length
+ argstr = ""
}
probe syscall.truncate.return = kernel.function("sys_truncate").return {
name = "truncate"
name = "truncate64"
path_uaddr = $path
length = $length
+ argstr = ""
}
probe syscall.truncate64.return = kernel.function("sys_truncate").return {
name = "truncate64"
target_uaddr = $name
flags = $flags
flags_str = _mountflags_str($flags)
+ argstr = ""
}
probe syscall.umount.return = kernel.function("sys_umount").return {
name = "umount"
probe syscall.uname = kernel.function("sys_uname") {
name = "uname"
name_uaddr = $name
+ argstr = ""
}
probe syscall.uname.return = kernel.function("sys_uname").return {
name = "uname"
probe syscall.unlink = kernel.function("sys_unlink") {
name = "unlink"
pathname_uaddr = $pathname
+ argstr = ""
}
probe syscall.unlink.return = kernel.function("sys_unlink").return {
name = "unlink"
probe syscall.uselib = kernel.function("sys_uselib") {
name = "uselib"
library_uaddr = $library
+ argstr = ""
}
probe syscall.uselib.return = kernel.function("sys_uselib").return {
name = "uselib"
name = "ustat"
dev = $dev
ubuf_uaddr = $ubuf
+ argstr = ""
}
probe syscall.ustat.return = kernel.function("sys_ustat").return {
name = "ustat"
name = "utime"
filename_uaddr = $filename
buf_uaddr = $times
+ argstr = ""
}
probe syscall.utime.return = kernel.function("sys_utime").return {
name = "utime"
name = "utimes"
filename_uaddr = $filename
tvp_uaddr = $utimes
+ argstr = ""
}
probe syscall.utimes.return = kernel.function("sys_utimes").return {
name = "utimes"
returnp = 1
}
-# vfork ______________________________________________________
-#
-# asmlinkage long
-# do_fork(unsigned long clone_flags,
-# unsigned long stack_start,
-# struct pt_regs *regs,
-# unsigned long stack_size,
-# int __user *parent_tidptr,
-# int __user *child_tidptr)
-#
-probe syscall.vfork = kernel.function("do_fork") {
- name = "vfork"
- clone_flags = $clone_flags
- /*
- * unable to find local 'start_stack' (maybe i386 specific)
- * start_stack = $start_stack
- */
- regs_uaddr = $regs
- stack_size = $stack_size
- parent_tid_uaddr = $parent_tidptr
- child_tid_uaddr = $child_tidptr
-}
-probe syscall.vfork.return = kernel.function("do_fork").return {
- name = "vfork"
- returnp = 1
-}
# vhangup ____________________________________________________
#
# asmlinkage long
#
probe syscall.vhangup = kernel.function("sys_vhangup") {
name = "vhangup"
+ argstr = ""
}
probe syscall.vhangup.return = kernel.function("sys_vhangup").return {
name = "vhangup"
options = $options
options_str = _wait4_opt_str($options)
rusage_uaddr = $ru
+ argstr = ""
}
probe syscall.wait4.return = kernel.function("sys_wait4").return {
name = "wait4"
infop_uaddr = $infop
options = $options
options_str = _wait4_opt_str($options)
+ argstr = ""
}
probe syscall.waitid.return = kernel.function("sys_waitid").return {
name = "waitid"
options = $options
options_str = _wait4_opt_str($options)
rusage_uaddr = $ru
+ argstr = ""
}
probe syscall.waitpid.return = kernel.function("sys_wait4").return {
name = "waitpid"
fd = $fd
buf_uaddr = $buf
count = $count
+ argstr = ""
}
probe syscall.write.return = kernel.function("sys_write").return {
name = "write"
fd = $fd
vector_uaddr = $vec
count = $vlen
+ argstr = ""
}
probe syscall.writev.return = kernel.function("sys_writev").return {
name = "writev"