Sindbad~EG File Manager
%( systemtap_v < "2.7" %?
# sys32_ipc() is just a syscall multiplexer (similar to
# sys_socketcall()). So, we don't really need to probe it, since we'll
# be probing what sys32_ipc() will call (semget, msgsnd, msgrcv,
# shmat, etc.).
# ipc _________________________________________________
# long sys32_ipc(u32 call, int first, int second, int third, u32 ptr)
#
@define _SYSCALL_IPC_NAME
%(
name = "ipc"
%)
@define _SYSCALL_IPC_ARGSTR
%(
argstr = sprintf("%d, %d, %d, %d, %p", call, first, second, third, ptr)
%)
probe syscall.ipc = dw_syscall.ipc !, nd_syscall.ipc ? {}
probe syscall.ipc.return = dw_syscall.ipc.return !, nd_syscall.ipc.return ? {}
# dw_ipc _____________________________________________________
probe dw_syscall.ipc = kernel.function("sys32_ipc") ?
{
@_SYSCALL_IPC_NAME
call = $call
first = $first
second = $second
third = $third
ptr = $ptr
@_SYSCALL_IPC_ARGSTR
}
probe dw_syscall.ipc.return = kernel.function("sys32_ipc").return ?
{
@_SYSCALL_IPC_NAME
@SYSC_RETVALSTR($return)
}
# nd_ipc _____________________________________________________
probe nd_syscall.ipc = kprobe.function("sys32_ipc") ?
{
@_SYSCALL_IPC_NAME
asmlinkage()
call = uint_arg(1)
first = int_arg(2)
second = int_arg(3)
third = int_arg(4)
ptr = uint_arg(5)
@_SYSCALL_IPC_ARGSTR
}
probe nd_syscall.ipc.return = kprobe.function("sys32_ipc").return ?
{
@_SYSCALL_IPC_NAME
@SYSC_RETVALSTR(returnval())
}
%)
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists