Sindbad~EG File Manager

Current Path : /proc/1603417/root/usr/share/systemtap/tapset/linux/
Upload File :
Current File : //proc/1603417/root/usr/share/systemtap/tapset/linux/sysc_futimesat.stp

# futimesat _____________________________________________________
#
# long sys_futimesat(int dfd, char __user *filename, struct timeval __user *utimes)
# long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t)
#


@define _SYSCALL_FUTIMESAT_NAME
%(
	name = "futimesat"
%)

@define _SYSCALL_FUTIMESAT_ARGSTR
%(
	argstr = sprintf("%s, %s, %s", dirfd_str, filename, tvp_str)
%)

@define _SYSCALL_FUTIMESAT_REGARGS
%(
	dirfd = int_arg(1)
	dirfd_str = _dfd_str(dirfd)
	filename_uaddr = pointer_arg(2)
	filename = user_string_quoted(filename_uaddr)
	filename_unquoted = user_string_nofault(pointer_arg(2))
	tvp_uaddr = pointer_arg(3)
%)

@define _SYSCALL_FUTIMESAT_REGARGS_STORE
%(
        if (@probewrite(dirfd))
          set_int_arg(1, dirfd)

	if (@probewrite(filename_uaddr))
	  set_pointer_arg(2, filename_uaddr)

	if (@probewrite(filename_unquoted))
	  set_user_string_arg(pointer_arg(2), filename_unquoted)

	if (@probewrite(tvp_uaddr))
	  set_pointer_arg(3, tvp_uaddr)
%)

probe syscall.futimesat = dw_syscall.futimesat !, nd_syscall.futimesat ? {}
probe syscall.futimesat.return = dw_syscall.futimesat.return !,
                                 nd_syscall.futimesat.return ? {}

probe syscall.compat_futimesat = dw_syscall.compat_futimesat !,
                                 nd_syscall.compat_futimesat ? {}
probe syscall.compat_futimesat.return = dw_syscall.compat_futimesat.return !,
                                        nd_syscall.compat_futimesat.return ? {}


# dw_futimesat _____________________________________________________

probe dw_syscall.futimesat = kernel.function("sys_futimesat").call ?
{
	@__syscall_gate(@const("__NR_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	dirfd = __int32($dfd)
	dirfd_str = _dfd_str(__int32($dfd))
	filename_uaddr = $filename
	filename = user_string_quoted($filename)
	tvp_uaddr = $utimes
	tvp_str = _struct_timeval_u(tvp_uaddr, 2)
	@_SYSCALL_FUTIMESAT_ARGSTR
}
probe dw_syscall.compat_futimesat = kernel.function("compat_sys_futimesat").call ?
{
	@__compat_syscall_gate(@const("__NR_compat_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	dirfd = __int32($dfd)
	dirfd_str = _dfd_str(__int32($dfd))
	filename_uaddr = @__pointer($filename)
	filename = user_string_quoted($filename)
	tvp_uaddr = @__pointer($t)
	tvp_str = _struct_compat_timeval_u(tvp_uaddr, 2)
	@_SYSCALL_FUTIMESAT_ARGSTR
}
probe dw_syscall.futimesat.return = kernel.function("sys_futimesat").return ?
{
	@__syscall_gate(@const("__NR_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@SYSC_RETVALSTR($return)
}
probe dw_syscall.compat_futimesat.return =
	kernel.function("compat_sys_futimesat").return ?
{
	@__compat_syscall_gate(@const("__NR_compat_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@SYSC_RETVALSTR($return)
}

# nd_futimesat _____________________________________________________

probe nd_syscall.futimesat = nd1_syscall.futimesat!, nd2_syscall.futimesat!, tp_syscall.futimesat
  { }

probe nd1_syscall.futimesat = kprobe.function("sys_futimesat") ?
{
	asmlinkage()
	@__syscall_gate(@const("__NR_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@_SYSCALL_FUTIMESAT_REGARGS
	tvp_str = _struct_timeval_u(tvp_uaddr, 2)
	@_SYSCALL_FUTIMESAT_ARGSTR
}

/* kernel 4.17+ */
probe nd2_syscall.futimesat = kprobe.function(@arch_syscall_prefix "sys_futimesat") ?
{
	__set_syscall_pt_regs(pointer_arg(1))
	@_SYSCALL_FUTIMESAT_NAME
	@_SYSCALL_FUTIMESAT_REGARGS
	tvp_str = _struct_timeval_u(tvp_uaddr, 2)
	@_SYSCALL_FUTIMESAT_ARGSTR
},
{
        @_SYSCALL_FUTIMESAT_REGARGS_STORE
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.futimesat = kernel.trace("sys_enter")
{
	__set_syscall_pt_regs($regs)
	@__syscall_gate(@const("__NR_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@_SYSCALL_FUTIMESAT_REGARGS
	tvp_str = _struct_timeval_u(tvp_uaddr, 2)
	@_SYSCALL_FUTIMESAT_ARGSTR
},
{
        @_SYSCALL_FUTIMESAT_REGARGS_STORE
}

probe nd_syscall.futimesat.return = nd1_syscall.futimesat.return!, nd2_syscall.futimesat.return!, tp_syscall.futimesat.return
  { }
  
probe nd1_syscall.futimesat.return = kprobe.function("sys_futimesat").return ?
{
	@__syscall_gate(@const("__NR_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 4.17+ */
probe nd2_syscall.futimesat.return = kprobe.function(@arch_syscall_prefix "sys_futimesat").return ?
{
	@_SYSCALL_FUTIMESAT_NAME
	@SYSC_RETVALSTR(returnval())
}
 
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.futimesat.return = kernel.trace("sys_exit")
{
	__set_syscall_pt_regs($regs)
	@__syscall_gate(@const("__NR_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@SYSC_RETVALSTR($ret)
}

probe nd_syscall.compat_futimesat = nd1_syscall.compat_futimesat!, nd2_syscall.compat_futimesat!, tp_syscall.compat_futimesat
  { }

probe nd1_syscall.compat_futimesat = kprobe.function("compat_sys_futimesat") ?
{
	asmlinkage()
	@__compat_syscall_gate(@const("__NR_compat_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@_SYSCALL_FUTIMESAT_REGARGS
	tvp_str = _struct_compat_timeval_u(tvp_uaddr, 2)
	@_SYSCALL_FUTIMESAT_ARGSTR
}

/* kernel 4.17+ */
probe nd2_syscall.compat_futimesat = kprobe.function(@arch_syscall_prefix "compat_sys_futimesat") ?
{
	__set_syscall_pt_regs(pointer_arg(1))
	@_SYSCALL_FUTIMESAT_NAME
	@_SYSCALL_FUTIMESAT_REGARGS
	tvp_str = _struct_compat_timeval_u(tvp_uaddr, 2)
	@_SYSCALL_FUTIMESAT_ARGSTR
},
{
        @_SYSCALL_FUTIMESAT_REGARGS_STORE
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.compat_futimesat = kernel.trace("sys_enter")
{
	__set_syscall_pt_regs($regs)
	@__compat_syscall_gate(@const("__NR_compat_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@_SYSCALL_FUTIMESAT_REGARGS
	tvp_str = _struct_compat_timeval_u(tvp_uaddr, 2)
	@_SYSCALL_FUTIMESAT_ARGSTR
},
{
        @_SYSCALL_FUTIMESAT_REGARGS_STORE
}

probe nd_syscall.compat_futimesat.return = nd1_syscall.compat_futimesat.return!, nd2_syscall.compat_futimesat.return!, tp_syscall.compat_futimesat.return
  { }
  
probe nd1_syscall.compat_futimesat.return = kprobe.function("compat_sys_futimesat").return ?
{
	@__compat_syscall_gate(@const("__NR_compat_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 4.17+ */
probe nd2_syscall.compat_futimesat.return = kprobe.function(@arch_syscall_prefix "compat_sys_futimesat").return ?
{
	@_SYSCALL_FUTIMESAT_NAME
	@SYSC_RETVALSTR(returnval())
}
 
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.compat_futimesat.return = kernel.trace("sys_exit")
{
	__set_syscall_pt_regs($regs)
	@__compat_syscall_gate(@const("__NR_compat_futimesat"))
	@_SYSCALL_FUTIMESAT_NAME
	@SYSC_RETVALSTR($ret)
}

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists