Sindbad~EG File Manager
# io_getevents _______________________________________________
# long sys_io_getevents(aio_context_t ctx_id,
# long min_nr,
# long nr,
# struct io_event __user *events,
# struct timespec __user *timeout)
# long compat_sys_io_getevents(aio_context_t ctx_id,
# long min_nr,
# long nr,
# struct io_event __user *events,
# struct compat_timespec __user *timeout)
#
@define _SYSCALL_IO_GETEVENTS_NAME
%(
name = "io_getevents"
%)
@define _SYSCALL_IO_GETEVENTS_ARGSTR
%(
argstr = sprintf("%u, %d, %d, %p, %s", ctx_id, min_nr,
nr, events_uaddr, timestr)
%)
@define _SYSCALL_IO_GETEVENTS_REGARGS
%(
ctx_id = ulong_arg(1)
min_nr = @__compat_task ? int_arg(2) : long_arg(2)
nr = @__compat_task ? int_arg(3) : long_arg(3)
events_uaddr = pointer_arg(4)
timeout_uaddr = pointer_arg(5)
timestr = (@__compat_task
? _struct_compat_timespec_u(timeout_uaddr, 1)
: _struct_timespec_u(timeout_uaddr, 1))
%)
@define _SYSCALL_IO_GETEVENTS_REGARGS_STORE
%(
if (@probewrite(ctx_id))
set_ulong_arg(1, ctx_id)
if (@probewrite(min_nr)) {
if (@__compat_task)
set_int_arg(2, min_nr)
else
set_long_arg(2, min_nr)
}
if (@probewrite(nr)) {
if (@__compat_task)
set_int_arg(3, nr)
else
set_long_arg(3, nr)
}
if (@probewrite(events_uaddr))
set_pointer_arg(4, events_uaddr)
if (@probewrite(timeout_uaddr))
set_pointer_arg(5, timeout_uaddr)
%)
probe syscall.io_getevents = dw_syscall.io_getevents !, nd_syscall.io_getevents ? {}
probe syscall.io_getevents.return = dw_syscall.io_getevents.return !,
nd_syscall.io_getevents.return ? {}
# dw_io_getevents _____________________________________________________
probe dw_syscall.io_getevents = __syscall.io_getevents ?,
kernel.function("compat_sys_io_getevents").call ?
{
@_SYSCALL_IO_GETEVENTS_NAME
ctx_id = @__compat_ulong($ctx_id)
events_uaddr = $events
timeout_uaddr = $timeout
nr = @__compat_long($nr)
min_nr = @__compat_long($min_nr)
timestr = (@__compat_task ?
_struct_compat_timespec_u($timeout, 1) :
_struct_timespec_u($timeout, 1))
@_SYSCALL_IO_GETEVENTS_ARGSTR
}
probe __syscall.io_getevents = kernel.function("sys_io_getevents").call
{
@__syscall_gate(@const("__NR_io_getevents"))
}
probe dw_syscall.io_getevents.return = __syscall.io_getevents.return,
kernel.function("compat_sys_io_getevents").return ?
{
@_SYSCALL_IO_GETEVENTS_NAME
@SYSC_RETVALSTR($return)
}
probe __syscall.io_getevents.return = kernel.function("sys_io_getevents").return ?
{
@__syscall_gate(@const("__NR_io_getevents"))
}
# nd_io_getevents _____________________________________________________
probe nd_syscall.io_getevents = nd1_syscall.io_getevents!, nd2_syscall.io_getevents!, tp_syscall.io_getevents
{ }
probe nd1_syscall.io_getevents = __nd1_syscall.io_getevents ?,
kprobe.function("compat_sys_io_getevents") ?
{
@_SYSCALL_IO_GETEVENTS_NAME
asmlinkage()
@_SYSCALL_IO_GETEVENTS_REGARGS
@_SYSCALL_IO_GETEVENTS_ARGSTR
}
probe __nd1_syscall.io_getevents = kprobe.function("sys_io_getevents")
{
@__syscall_gate_compat_simple
}
/* kernel 4.17+ */
probe nd2_syscall.io_getevents = kprobe.function(@arch_syscall_prefix "sys_io_getevents") ?,
kprobe.function(@arch_syscall_prefix "compat_sys_io_getevents") ?
{
__set_syscall_pt_regs(pointer_arg(1))
@_SYSCALL_IO_GETEVENTS_NAME
@_SYSCALL_IO_GETEVENTS_REGARGS
@_SYSCALL_IO_GETEVENTS_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_IO_GETEVENTS_REGARGS_STORE %)
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.io_getevents = kernel.trace("sys_enter")
{
__set_syscall_pt_regs($regs)
@__syscall_compat_gate(@const("__NR_io_getevents"), @const("__NR_compat_io_getevents"))
@_SYSCALL_IO_GETEVENTS_NAME
@_SYSCALL_IO_GETEVENTS_REGARGS
@_SYSCALL_IO_GETEVENTS_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_IO_GETEVENTS_REGARGS_STORE %)
}
probe nd_syscall.io_getevents.return = nd1_syscall.io_getevents.return!, nd2_syscall.io_getevents.return!, tp_syscall.io_getevents.return
{ }
probe nd1_syscall.io_getevents.return = __nd1_syscall.io_getevents.return,
kprobe.function("compat_sys_io_getevents").return ?
{
@_SYSCALL_IO_GETEVENTS_NAME
@SYSC_RETVALSTR(returnval())
}
probe __nd1_syscall.io_getevents.return =
kprobe.function("sys_io_getevents").return ?
{
@__syscall_gate_compat_simple
}
/* kernel 4.17+ */
probe nd2_syscall.io_getevents.return = kprobe.function(@arch_syscall_prefix "sys_io_getevents").return ?,
kprobe.function(@arch_syscall_prefix "compat_sys_io_getevents").return ?
{
@_SYSCALL_IO_GETEVENTS_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.io_getevents.return = kernel.trace("sys_exit")
{
__set_syscall_pt_regs($regs)
@__syscall_compat_gate(@const("__NR_io_getevents"), @const("__NR_compat_io_getevents"))
@_SYSCALL_IO_GETEVENTS_NAME
@SYSC_RETVALSTR($ret)
}
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists