Sindbad~EG File Manager
# FIXME: the getresgid16/getresuid16 probes could be combined with
# their "generic" versions in tapset/syscalls.stp.
# getresgid __________________________________________________
# long sys32_getresgid16(u16 __user *rgid, u16 __user *egid, u16 __user *sgid)
#
@define _SYSCALL_GETRESGID16_NAME
%(
name = "getresgid"
%)
@define _SYSCALL_GETRESGID16_ARGSTR
%(
argstr = sprintf("%p, %p, %p", rgid_uaddr, egid_uaddr, sgid_uaddr)
%)
probe syscall.getresgid16 = dw_syscall.getresgid16 !, nd_syscall.getresgid16 ? {}
probe syscall.getresgid16.return = dw_syscall.getresgid16.return !,
nd_syscall.getresgid16.return ? {}
# dw_getresgid16 _____________________________________________________
probe dw_syscall.getresgid16 = kernel.function("sys32_getresgid16").call ?,
kernel.function("compat_sys_s390_getresgid16").call ?
{
@_SYSCALL_GETRESGID16_NAME
rgid_uaddr = @choose_defined($rgidp, $rgid)
egid_uaddr = @choose_defined($egidp, $egid)
sgid_uaddr = @choose_defined($sgidp, $sgid)
@_SYSCALL_GETRESGID16_ARGSTR
}
probe dw_syscall.getresgid16.return =
kernel.function("sys32_getresgid16").return ?,
kernel.function("compat_sys_s390_getresgid16").return ?
{
@_SYSCALL_GETRESGID16_NAME
@SYSC_RETVALSTR($return)
}
# nd_getresgid16 _____________________________________________________
probe nd_syscall.getresgid16 = kprobe.function("sys32_getresgid16") ?,
kprobe.function("compat_sys_s390_getresgid16") ?
{
@_SYSCALL_GETRESGID16_NAME
asmlinkage()
rgid_uaddr = pointer_arg(1)
egid_uaddr = pointer_arg(2)
sgid_uaddr = pointer_arg(3)
@_SYSCALL_GETRESGID16_ARGSTR
}
probe nd_syscall.getresgid16.return =
kprobe.function("sys32_getresgid16").return ?,
kprobe.function("compat_sys_s390_getresgid16").return ?
{
@_SYSCALL_GETRESGID16_NAME
@SYSC_RETVALSTR(returnval())
}
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists