3rd-party/linux-kernel-module-cheat
1
0
Fork 0
mirror of https://github.com/cirosantilli/linux-kernel-module-cheat.git synced 2026-01-26 11:41:35 +01:00
Code Issues Releases Wiki Activity

conf.sh: base insensitive for even less typing

Browse Source
This commit is contained in:
Ciro Santilli
2018-05-06 11:28:54 +01:00
parent e05f447f87
commit 37743c40c3
3 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
README.adoc
View File

@@ -2682,6 +2682,11 @@ TODO: why does this produce no output?
* https://serverfault.com/questions/199654/does-anyone-know-a-simple-way-to-monitor-root-process-spawn
* https://unix.stackexchange.com/questions/260162/how-to-track-newly-created-processes
TODO can you get process data such as UID and process arguments? It seems not since `exec_proc_event` contains so little data: https://github.com/torvalds/linux/blob/v4.16/include/uapi/linux/cn_proc.h#L80 We could try to immediately read it from `/proc`, but there is a risk that the process finished and another one took its PID, so it wouldn't be reliable.
* https://unix.stackexchange.com/questions/163681/print-pids-and-names-of-processes-as-they-are-created/163689 requests process name
* https://serverfault.com/questions/199654/does-anyone-know-a-simple-way-to-monitor-root-process-spawn requests UID
===== CONFIG_PROC_EVENTS aarch64
0111ca406bdfa6fd65a2605d353583b4c4051781 was failing with:
@@ -2747,7 +2752,7 @@ cd /sys/kernel/debug/tracing/
echo 0 > tracing_on
# Clear previous trace.
echo '' > trace
echo > trace
# List the available tracers, and pick one.
cat available_tracers
@@ -2831,9 +2836,15 @@ TODO: what do `+` and `!` mean?
Each `enable` under the `events/` tree enables a certain set of functions, the higher the `enable` more functions are enabled.
TODO: can you get function arguments? https://stackoverflow.com/questions/27608752/does-ftrace-allow-capture-of-system-call-arguments-to-the-linux-kernel-or-only
==== Kprobes
Inject arbitrary code at a given address in a trap instruction. Oh the good old kernel. :-)
Inject arbitrary code at a given address in a trap instruction, much like GDB. Oh the good old kernel. :-)
I don't think your code can refer to the surrounding kernel code however: the only visible thing is the value of the registers.
Maybe you can then hack it up to read the stack and read argument values, but do you really want to?
....
./build -c 'CONFIG_KPROBES=y'