Sindbad~EG File Manager
# sys32_swapcontext ________________________________________
#
# long sys32_swapcontext(struct ucontext32 __user *old_ctx,
# struct ucontext32 __user *new_ctx,
# int ctx_size, int r6, int r7, int r8,
# struct pt_regs *regs)
#
@define _SYSCALL_SYS32_SWAPCONTEXT_NAME
%(
name = "sys32_swapcontext"
%)
@define _SYSCALL_SYS32_SWAPCONTEXT_ARGSTR
%(
argstr = sprintf("%p, %p, %d, %d, %d, %d, %p",
old_ctx_uaddr, new_ctx_uaddr, r5, r6, r7, r8, regs)
%)
probe syscall.sys32_swapcontext = dw_syscall.sys32_swapcontext !,
nd_syscall.sys32_swapcontext ? {}
probe syscall.sys32_swapcontext.return = dw_syscall.sys32_swapcontext.return !,
nd_syscall.sys32_swapcontext.return ? {}
# dw_sys32_swapcontext _____________________________________________________
probe dw_syscall.sys32_swapcontext = kernel.function("sys32_swapcontext") ?
{
@_SYSCALL_SYS32_SWAPCONTEXT_NAME
old_ctx_uaddr = $old_ctx
new_ctx_uaddr = $new_ctx
r5 = $ctx_size
r6 = $r6
r7 = $r7
r8 = $r8
regs = $regs
@_SYSCALL_SYS32_SWAPCONTEXT_ARGSTR
}
probe dw_syscall.sys32_swapcontext.return = kernel.function("sys32_swapcontext").return ?
{
@_SYSCALL_SYS32_SWAPCONTEXT_NAME
@SYSC_RETVALSTR($return)
}
# nd_sys32_swapcontext _____________________________________________________
probe nd_syscall.sys32_swapcontext = kprobe.function("sys32_swapcontext") ?
{
@_SYSCALL_SYS32_SWAPCONTEXT_NAME
asmlinkage()
old_ctx_uaddr = pointer_arg(1)
new_ctx_uaddr = pointer_arg(2)
r5 = int_arg(3)
r6 = int_arg(4)
r7 = int_arg(5)
r8 = int_arg(6)
regs = pointer_arg(7)
@_SYSCALL_SYS32_SWAPCONTEXT_ARGSTR
}
probe nd_syscall.sys32_swapcontext.return = kprobe.function("sys32_swapcontext").return ?
{
@_SYSCALL_SYS32_SWAPCONTEXT_NAME
@SYSC_RETVALSTR(returnval())
}
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists