This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: Can SystemTap change system call's arguments?
- From: "Frank Ch. Eigler" <fche at elastic dot org>
- To: LiuChenhong <diabloneo at gmail dot com>
- Cc: systemtap at sourceware dot org
- Date: Sun, 21 Mar 2010 11:13:33 -0400
- Subject: Re: Can SystemTap change system call's arguments?
- References: <861674c01003210806i5fc7c618oeca178fa5bd4e18b@mail.gmail.com>
Hi -
> Hi, I'm a newbie to systemtap. I just want to ask a simple
> question. Can I use systemtap to change the arguments of a system
> call before entering it? Thanks.
Sometimes. If you invoke systemtap in guru mode (-g), then dwarf-based
probes such as syscall.* or kernel.function("...") or process(*).*
will have assignable $variables, including function parameters.
Of course, changing arguments like this can be very dangerous. OTOH
some security bugs can be temporarily patched this way.
- FChE