Sindbad~EG File Manager
# get_mempolicy ______________________________________________
# long sys_get_mempolicy(int __user *policy,
# unsigned long __user *nmask,
# unsigned long maxnode,
# unsigned long addr,
# unsigned long flags)
# long compat_sys_get_mempolicy(int __user *policy,
# compat_ulong_t __user *nmask,
# compat_ulong_t maxnode,
# compat_ulong_t addr, compat_ulong_t flags)
#
@define _SYSCALL_GET_MEMPOLICY_NAME
%(
name = "get_mempolicy"
%)
@define _SYSCALL_GET_MEMPOLICY_ARGSTR
%(
argstr = sprintf("%p, %p, %u, %p, %s", policy_uaddr, nmask_uaddr,
maxnode, addr, _mempolicy_flags_str(flags))
%)
@define _SYSCALL_GET_MEMPOLICY_REGARGS
%(
policy_uaddr = pointer_arg(1)
nmask_uaddr = pointer_arg(2)
maxnode = ulong_arg(3)
addr = ulong_arg(4)
flags = ulong_arg(5)
flags_str = _mempolicy_flags_str(flags)
%)
@define _SYSCALL_GET_MEMPOLICY_REGARGS_STORE
%(
if (@probewrite(policy_uaddr))
set_pointer_arg(1, policy_uaddr)
if (@probewrite(nmask_uaddr))
set_pointer_arg(2, nmask_uaddr)
if (@probewrite(maxnode))
set_ulong_arg(3, nmask_uaddr)
if (@probewrite(addr))
set_ulong_arg(4, addr)
if (@probewrite(flags))
set_ulong_arg(5, flags)
%)
probe syscall.get_mempolicy = dw_syscall.get_mempolicy !, nd_syscall.get_mempolicy ? {}
probe syscall.get_mempolicy.return = dw_syscall.get_mempolicy.return !, nd_syscall.get_mempolicy.return ? {}
# dw_get_mempolicy _____________________________________________________
probe dw_syscall.get_mempolicy = __syscall.get_mempolicy ?,
kernel.function("compat_sys_get_mempolicy").call ?
{
@_SYSCALL_GET_MEMPOLICY_NAME
policy_uaddr = $policy
nmask_uaddr = $nmask
maxnode = $maxnode
addr = $addr
flags = $flags
flags_str = _mempolicy_flags_str($flags)
@_SYSCALL_GET_MEMPOLICY_ARGSTR
}
probe __syscall.get_mempolicy = kernel.function("sys_get_mempolicy").call ?
{
@__syscall_gate_compat_simple
}
probe dw_syscall.get_mempolicy.return = __syscall.get_mempolicy.return ?,
kernel.function("compat_sys_get_mempolicy").return ?
{
@_SYSCALL_GET_MEMPOLICY_NAME
@SYSC_RETVALSTR($return)
}
probe __syscall.get_mempolicy.return =
kernel.function("sys_get_mempolicy").return ?
{
@__syscall_gate_compat_simple
}
# nd_get_mempolicy _____________________________________________________
probe nd_syscall.get_mempolicy = nd1_syscall.get_mempolicy!, nd2_syscall.get_mempolicy!, tp_syscall.get_mempolicy
{ }
probe nd1_syscall.get_mempolicy = __nd1_syscall.get_mempolicy ?,
kprobe.function("compat_sys_get_mempolicy") ?
{
@_SYSCALL_GET_MEMPOLICY_NAME
asmlinkage()
@_SYSCALL_GET_MEMPOLICY_REGARGS
@_SYSCALL_GET_MEMPOLICY_ARGSTR
}
probe __nd1_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?
{
asmlinkage()
@__syscall_gate_compat_simple
}
/* kernel 4.17+ */
probe nd2_syscall.get_mempolicy = kprobe.function(@arch_syscall_prefix "sys_get_mempolicy") ?,
kprobe.function(@arch_syscall_prefix "compat_sys_get_mempolicy") ?
{
__set_syscall_pt_regs(pointer_arg(1))
@_SYSCALL_GET_MEMPOLICY_NAME
@_SYSCALL_GET_MEMPOLICY_REGARGS
@_SYSCALL_GET_MEMPOLICY_ARGSTR
},
{
@_SYSCALL_GET_MEMPOLICY_REGARGS_STORE
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.get_mempolicy = kernel.trace("sys_enter")
{
__set_syscall_pt_regs($regs)
@__syscall_compat_gate(@const("__NR_get_mempolicy"), @const("__NR_compat_get_mempolicy"))
@_SYSCALL_GET_MEMPOLICY_NAME
@_SYSCALL_GET_MEMPOLICY_REGARGS
@_SYSCALL_GET_MEMPOLICY_ARGSTR
},
{
@_SYSCALL_GET_MEMPOLICY_REGARGS_STORE
}
probe nd_syscall.get_mempolicy.return = nd1_syscall.get_mempolicy.return!, nd2_syscall.get_mempolicy.return!, tp_syscall.get_mempolicy.return
{ }
probe nd1_syscall.get_mempolicy.return = __nd1_syscall.get_mempolicy.return ?,
kprobe.function("compat_sys_get_mempolicy").return ?
{
@_SYSCALL_GET_MEMPOLICY_NAME
@SYSC_RETVALSTR(returnval())
}
probe __nd1_syscall.get_mempolicy.return =
kprobe.function("sys_get_mempolicy").return ?
{
asmlinkage()
@__syscall_gate_compat_simple
}
/* kernel 4.17+ */
probe nd2_syscall.get_mempolicy.return =
kprobe.function(@arch_syscall_prefix "sys_get_mempolicy").return ?,
kprobe.function(@arch_syscall_prefix "compat_sys_get_mempolicy").return ?
{
@_SYSCALL_GET_MEMPOLICY_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.get_mempolicy.return = kernel.trace("sys_exit")
{
__set_syscall_pt_regs($regs)
@__syscall_compat_gate(@const("__NR_get_mempolicy"), @const("__NR_compat_get_mempolicy"))
@_SYSCALL_GET_MEMPOLICY_NAME
@SYSC_RETVALSTR($ret)
}
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists