Get a function's return value in a kretprobe handler

Question

I want to know if it is possible to hook a kretprobe on a kernel function and capture it's return value in the return handler of kretprobe.

What is wrong with kprobe documentation (`Documentation/kprobes.txt` in kernel sources) and kretprobe example it refers (`samples/kprobes/kretprobe_example.c`)? — Tsyvarev, Jul 08 '15 at 09:20
It doesn't mentions anything about capturing the return value, does it ? — bawejakunal, Jul 08 '15 at 09:25
Line `int retval = regs_return_value(regs);` in `ret_handler` captures return value. You could guess that by function's description and variable's name. — Tsyvarev, Jul 08 '15 at 09:31

score 4 · Accepted Answer · answered Mar 23 '17 at 08:39

It's little bit old question, but for those who is still looking for an answer..

How to register kretprobe you can see in the documentation for kprobes (https://www.kernel.org/doc/Documentation/kprobes.txt)

An architecture independent function that captures ret value from syscalls:

#include <linux/ptrace.h>

...

int hook_retcode(struct kretprobe_instance *ri, struct pt_regs *regs)
{
    unsigned long retval = 0;

    retval = regs_return_value(regs);

    if (is_syscall_success(regs))
    {
        printk("%pf exited with a code %#lx\n", ri->rp->kp.addr, retval);
    }
    else
    {
        printk("%pf failed with a code %#lx\n", ri->rp->kp.addr, retval);
    }
}

Get a function's return value in a kretprobe handler

1 Answers1