Comments (4)
the same code as bash_kern.c in https://github.com/iovisor/bcc/blob/master/tools/bashreadline.py
from ecapture.
when i use BCC to impliment bash-kern, I always get such as the picture show
the code just as same as the kern/bash_kern.c, can you tell me what's wrong?
THANK YOU!
from ecapture.
the code
from bcc import BPF
from time import sleep
text = """
#include <uapi/linux/ptrace.h>
struct event_data_t {
u32 pid;
u8 line[80];
char comm[16];
};
BPF_PERF_OUTPUT(listen_evt);
int uretprobe_bash_readline(struct pt_regs *ctx) {
s64 pid_tgid = bpf_get_current_pid_tgid();
int pid = pid_tgid >> 32;
struct event_data_t event = {};
event.pid = pid;
bpf_get_current_comm(&event.comm, sizeof(event.comm));
bpf_probe_read(&event.line, sizeof(event.line), (void *)PT_REGS_RC(ctx));
listen_evt.perf_submit(ctx, &event, sizeof(event));
return 0;
}
"""
from ctypes import *
b = BPF(text=text)
b.attach_uprobe(name="/bin/bash",sym="readline",fn_name="uretprobe_bash_readline")
def print_event(cpu, data, size):
event = b["listen_evt"].event(data)
#line = bytearray(event.line).decode()
print("Rcv Event %d, %s,%s"%(event.pid, event.comm,bytes(event.line)))
b["listen_evt"].open_perf_buffer(print_event)
while True:
try:
b.perf_buffer_poll()
except:
exit()
from ecapture.
THANK YOU
from ecapture.
Related Issues (20)
- gotls: hook dockerd fail HOT 1
- gojue/ebpfmanager dependency with an AGPL license HOT 3
- In v0.7.6, the gotls module works exceptionally in pie mode on x64 platform. HOT 3
- module run failed, [skip it]. error:EBPFProbeOPENSSL couldn't find asset open user/bytecode: file does not exist HOT 5
- SSL_in_before hook点在openssl 1.0.2k的系统上找不到符号表 HOT 4
- 执行时报Permission denied HOT 4
- 数据抓不全的问题 HOT 8
- 获取https request response header+ body HOT 5
- BoringSSL is not supported on linux HOT 4
- Keylog capture not working with OpenSSL 1.1.0 HOT 3
- support updated versions of OpenSSL such as 1.1.1u, v, w, etc.
- masterKey被多次写入pcapng文件中 HOT 3
- load bpf failed on kernel 4.18.0
- android version compilation has failed. HOT 1
- gotls shared object not supported HOT 11
- FTL module run failed, skip it. error="couldn't init manager xxx error:program probe_entry_SSL_read HOT 3
- unsupported arch library HOT 2
- ecapture cannot work on linux with boringssl HOT 9
- panic on pixel 6 pro(android13) HOT 1
- tls module couldn't find binPath stat /usr/lib/firefox/libnspr4.so: no such file or directory HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ecapture.