Sindbad~EG File Manager

/**
 * equivalent to linux module syscall_any - Record entry into a syscall
 *
 * @syscall_nr: number of the syscall
 * @name: name of the syscall
 *
 * Context: The process performing the syscall
 *
 * The syscall_any probe point is designed to be a low overhead
 * that monitors all the syscalls entered via a kernel tracepoint.
 * Because of the breadth of syscalls it monitors it provides
 * no information about the syscall arguments or argstr string
 * representation of those arguments.
 *
 * This requires kernel 3.5+ and newer which have the
 * kernel.trace("sys_enter") probe point.
 */
probe syscall_any = kernel.trace("sys_enter")
{
	syscall_nr = $id
	name = syscall_name($id)
}


/**
 * equivalent to linux module syscall_any.return - Record exit from a syscall
 *
 * @syscall_nr: number of the syscall
 * @name: name of the syscall
 * @retval: return value of the syscall
 *
 * Context: The process performing the syscall
 *
 * The syscall_any.return probe point is designed to be a low overhead
 * that monitors all the syscalls returns via a kernel tracepoint.
 * Because of the breadth of syscalls it monitors it provides
 * no information about the syscall arguments, argstr string
 * representation of those arguments, or a string interpretation
 * of the return value (retval).
 *
 * This requires kernel 3.5+ and newer which have the
 * kernel.trace("sys_exit") probe point.
 */
probe syscall_any.return = kernel.trace("sys_exit")
{
	syscall_nr = _stp_bpf_syscall_get_nr($regs)
	name = syscall_name(_stp_bpf_syscall_get_nr($regs))
	retval = $ret
}