We use cookies to ensure you get the best experience on our website
Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
0ct0pu5
/
moby
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Ağaç: 462cd7de50
Dallar Biçim İmleri
moby
/
vendor
/
github.com
/
cilium
/
ebpf
/
examples
/
kprobe
/
bpf
/
kprobe_example.c

kprobe_example.c 571 B
Geçmiş Ham

1234567891011121314151617181920212223242526 
  1. #include "common.h"
    2. 

  2. #include "bpf_helpers.h"
    3. 

  3. 

  4. char __license[] SEC("license") = "Dual MIT/GPL";
    5. 

  5. 

  6. struct bpf_map_def SEC("maps") kprobe_map = {
    7. 

  7.     .type = BPF_MAP_TYPE_ARRAY,
    8. 

  8.     .key_size = sizeof(u32),
    9. 

  9.     .value_size = sizeof(u64),
    10. 

  10.     .max_entries = 1,
    11. 

  11. };
    12. 

  12. 

  13. SEC("kprobe/__x64_sys_execve")
    14. 

  14. int kprobe_execve() {
    15. 

  15.     u32 key = 0;
    16. 

  16.     u64 initval = 1, *valp;
    17. 

  17. 

  18.     valp = bpf_map_lookup_elem(&kprobe_map, &key);
    19. 

  19.     if (!valp) {
    20. 

  20.         bpf_map_update_elem(&kprobe_map, &key, &initval, BPF_ANY);
    21. 

  21.         return 0;
    22. 

  22.     }
    23. 

  23.     __sync_fetch_and_add(valp, 1);
    24. 

  24. 

  25.     return 0;
    26. 

  26. }
    27.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5