http://www-users.cs.umn.edu/%7Eboutcher/kprobes/1: /* Trace do_execv. Taken basically from Documentation/kprobes.txt */ 2: #include <linux/kernel.h> 3: #include <linux/module.h> 4: #include <linux/sched.h> 5: #include <linux/kprobes.h> 6: #include <linux/kallsyms.h> 7: 8: /* 9: * Pre-entry point for do_execve. 10: */ 11: static int my_do_execve(char * filename, 12: char __user *__user *argv, 13: char __user *__user *envp, 14: struct pt_regs * regs) 15: { 16: printk("do_execve for %s from %s\n", filename, current->comm); 17: /* Always end with a call to jprobe_return(). */ 18: jprobe_return(); 19: /*NOTREACHED*/ 20: return 0; 21: } 22: 23: static struct jprobe my_jprobe = { 24: .entry = (kprobe_opcode_t *) my_do_execve 25: }; 26: 27: int init_module(void) 28: { 29: int ret; 30: my_jprobe.kp.addr = 31: (kprobe_opcode_t *) kallsyms_lookup_name("do_execve"); 32: if (!my_jprobe.kp.addr) { 33: printk("Couldn't find %s to plant jprobe\n", "do_execve"); 34: return -1; 35: } 36: 37: if ((ret = register_jprobe(&my_jprobe)) <0) { 38: printk("register_jprobe failed, returned %d\n", ret); 39: return -1; 40: } 41: printk("Planted jprobe at %p, handler addr %p\n", 42: my_jprobe.kp.addr, my_jprobe.entry); 43: return 0; 44: } 45: 46: void cleanup_module(void) 47: { 48: unregister_jprobe(&my_jprobe); 49: printk("jprobe unregistered\n"); 50: } 51: 52: MODULE_LICENSE("GPL"); |
