Highest Voted 'kprobe' Questions

0

votes

0 answers

kprobe not working for some functions

I am trying to use kprobe to track handle_pte_fault function calls in linux kernel. I can probe handle_mm_fault but when I try to probe handle_pte_dault, kprobe's handler for handle_pte_fault doesn't print anything. Using this I figured that i can't…

asked Mar 25 '18 at 19:42

psin

59
8

0

votes

1 answer

kprobe modules cannot work after execute "echo 0 > /proc/sys/kernel/ftrace_enabled "

Just do some research of ftrace. TCP echo program is running between two host. When I shutdown the big switch(echo 0 > /proc/sys/kernel/ftrace_enabled ), my own kprobe module cannot work also. The printk message cannot be seen in the kernel log…

linux-kernel ftrace kprobe

asked Mar 02 '18 at 02:52

Mean Chou

1
3

0

votes

1 answer

Always get 0 session ID in BPF program

I am trying to write a BPF program that examines the session ID of any process that calls the tty_write kernel function. I am trying to do this by retrieving a field from the current task_struct struct. My code is as follows:…

bpf ebpf kprobe bcc-bpf

asked Feb 13 '18 at 23:04

dippynark

2,743
20
58

0

votes

0 answers

Why can't kprobe probe some functions in the kernel?

I tried to probe a simple function (e.g. myfunc) which I added in the kernel as following: I created a file (myfile.c) under ~/source/kernel/ i.e. ~/source/kernel/myfile.c I added a simple system call mysyscall and a local function myfunc in this…

linux linux-kernel kernel-module kprobe

asked May 15 '17 at 19:07

psin

59
8

0

votes

1 answer

insmod: ERROR: could not insert module kprobe_example.ko: Operation not permitted

I was referring: http://www-users.cs.umn.edu/~boutcher/kprobes/kprobes.txt.html to understand kprobe. I used kprobe_example.c as given in the doc. I compiled it using the makefile (code taken from the same document) I got compilation errors because…

c linux-kernel fork insmod kprobe

asked Sep 19 '16 at 07:06

flyingunicorn

26
2
7

0

votes

0 answers

error: ‘struct pt_regs’ has no member named ‘eip’

I followed this document: http://www-users.cs.umn.edu/~boutcher/kprobes/kprobes.txt.html to understand kprobe. As said in the document I created kprobe_example.c and a Makefile. (code for both the files are given in the document. I did a copy-paste…

c makefile linux-kernel kprobe

asked Sep 18 '16 at 07:30

flyingunicorn

26
2
7

0

votes

1 answer

Kprobe: associate return probe with entry probe

I'd like to trace writes on a specific file, so I've had the idea that I could do this: I create a probe on do_sys_open, if the filename argument matches the pattern I'm looking for I use a trigger to enable a return probe that fetches the returned…

linux linux-kernel ftrace kprobe

asked Jan 27 '16 at 06:45

replay

3,569
3
21
30

0

votes

0 answers

Inconsistent register values after setting up them in a Jprobes module

This question is in continuation to my previous question on Intercepting ELF loader. Now the exact problem is that previously the code logic was implemented within the load_elf_binary function wherein at the end of the function eax, ebx, ecx and edx…

linux linux-kernel kernel cpu-registers kprobe

asked Jun 19 '15 at 02:31

bawejakunal

1,678
2
25
54

0

votes

0 answers

how to use kprobe to monitor multiple system calls

SO I want to monitor multiple system calls mkdir, fork, write, open, pipe, read, rmdir, etc. I have gotten a kprobe solution to work where I can monitor a single system call. my First attempt at doing this was to create multiple system calls like…

linux-kernel kernel kernel-module kprobe

asked Oct 18 '13 at 16:18

noztol

494
6
25

0

votes

1 answer

XenServer with DDK doesn't support Kprobes?

I installed XenServer 6.0.0 and DDK, and I want to develop a kernel module, so I code a basic kprobes program. It is running OK on normal linux like redhat and output "Before sys_ioctl", but on XenServer it just output "Hypercall FI kernel module:…

linux-kernel kernel-module xen kprobe

asked May 24 '13 at 01:44

Feng Gang

597
1
5
10

-1

votes

1 answer

can't get bpfptr_r uattr parameter when tracing __sys_bpf

my environment: ubuntu 20.04 kernel version: 5.15.0-46-generic x86_64 below is my code: import sys import signal from bcc import BPF import os # define BPF program bpf_text = """ #include #include #include…

ebpf bcc kprobe

asked Oct 25 '22 at 13:37

luke zou

21
4

-1

votes

1 answer

Can one retrieve a socket's port from the Linux Kernel data type `struct sock`?

Motivation I'm trying to write a bpftrace program to trace out when a socket is ready for reading by hooking into the kprobe sock_def_readable. I will get a struct sock to inspect. I'd like to map it back to the socket I created in user-land.…

sockets linux-kernel kprobe

asked May 08 '20 at 07:02

Jonathan Fischoff

1,467
12
22

Questions tagged [kprobe]