-
-
Save coderplay/41717cc4359aff0c4d51e8bbc75da55a to your computer and use it in GitHub Desktop.
bpf playground
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo /usr/local/sbin/ply -D -c 'kprobe:vfs_read{ printf("%v: %v\n", comm(), arg(0)); }' | |
symtable: | |
ast: | |
`-> <script> (type:script/none size:0x0 loc:nowhere) | |
`-> kprobe:vfs_read (type:probe/none size:0x0 loc:nowhere) | |
`-> <auto>.printf (type:call/none size:0x0 loc:reg/0) | |
|-> "%v: %v\n"(type:str/str size:0x8 loc:virtual) | |
`-> <rec> (type:rec/none size:0x20 loc:stack/-0x20) | |
|-> 0 (type:int/int size:0x8 loc:stack/-0x20) | |
|-> <auto>.comm (type:call/str size:0x10 loc:stack/-0x18) | |
`-> <auto>.arg (type:call/int size:0x8 loc:stack/-0x8) | |
`-> 0xe (type:int/int size:0x8 loc:virtual) | |
0: mov ctx, r1 | |
dmp compile_post : > <int> (int/int/0x8) | |
1: stw [sp - 0x20], #0x0 | |
2: stw [sp - 0x1c], #0x0 | |
dmp compile_post : < <int> (int/int/0x8) | |
dmp compile_post : > comm (call/str/0x10) | |
3: mov r0, #0x0 | |
4: stdw [sp - 0x18], r0 | |
5: stdw [sp - 0x10], r0 | |
6: mov r1, sp | |
7: add r1, #-0x18 | |
8: mov r2, #0x10 | |
9: call get_current_comm | |
dmp compile_post : < comm (call/str/0x10) | |
dmp compile_post : > arg (call/int/0x8) | |
10: mov r0, #0x0 | |
11: stdw [sp - 0x8], r0 | |
12: mov r1, sp | |
13: add r1, #-0x8 | |
14: mov r2, #0x8 | |
15: mov r3, ctx | |
16: add r3, #0x70 | |
17: call probe_read | |
dmp compile_post : < arg (call/int/0x8) | |
dmp compile_post : > <rec> (rec/none/0x20) | |
dmp compile_post : < <rec> (rec/none/0x20) | |
dmp compile_post : > printf (call/none/0) | |
18: call 8 | |
19: mov r3, r0 | |
20: mov r1, ctx | |
21: lddw r2, r1 | |
22: ldw r0, #0x0 | |
23: mov r4, sp | |
24: add r4, #-0x20 | |
25: mov r5, #0x20 | |
26: call perf_event_output | |
dmp compile_post : < printf (call/none/0) | |
27: mov r0, #0x0 | |
28: exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment