Comments (4)
the same code as bash_kern.c in https://github.com/iovisor/bcc/blob/master/tools/bashreadline.py
from ecapture.
when i use BCC to impliment bash-kern, I always get such as the picture show
the code just as same as the kern/bash_kern.c, can you tell me what's wrong?
THANK YOU!
from ecapture.
the code
from bcc import BPF
from time import sleep
text = """
#include <uapi/linux/ptrace.h>
struct event_data_t {
u32 pid;
u8 line[80];
char comm[16];
};
BPF_PERF_OUTPUT(listen_evt);
int uretprobe_bash_readline(struct pt_regs *ctx) {
s64 pid_tgid = bpf_get_current_pid_tgid();
int pid = pid_tgid >> 32;
struct event_data_t event = {};
event.pid = pid;
bpf_get_current_comm(&event.comm, sizeof(event.comm));
bpf_probe_read(&event.line, sizeof(event.line), (void *)PT_REGS_RC(ctx));
listen_evt.perf_submit(ctx, &event, sizeof(event));
return 0;
}
"""
from ctypes import *
b = BPF(text=text)
b.attach_uprobe(name="/bin/bash",sym="readline",fn_name="uretprobe_bash_readline")
def print_event(cpu, data, size):
event = b["listen_evt"].event(data)
#line = bytearray(event.line).decode()
print("Rcv Event %d, %s,%s"%(event.pid, event.comm,bytes(event.line)))
b["listen_evt"].open_perf_buffer(print_event)
while True:
try:
b.perf_buffer_poll()
except:
exit()
from ecapture.
THANK YOU
from ecapture.
Related Issues (20)
- Your environment is like a container. We won't be able to detect the BTF configuration. HOT 5
- Gotls Mode fails for stripped go binaries HOT 7
- Running ecapture with the --hex flag does not produce a hex output as expected from the video tutorial on Ubuntu 22.04. HOT 1
- Can eCapture save decrypted HTTP to pcapng instead of saving the master key to DSB? HOT 3
- [Proposal] Let TShark Do All the Dirty Work HOT 4
- eCapture consuming lot of memory HOT 9
- 请问模拟器如何 Enable BTF BPF Type Format (BTF) (Optional, 2022-04-17) HOT 7
- detectOpenssl consumes huge amount of memory HOT 1
- 是否能够支持Docker中https流量解密 HOT 2
- 怎么抓经过手机热点的流量 HOT 1
- gotls 捕获golang程序,不能写pcapfile文件,不能看到响应的内容 HOT 4
- Not working with redroid HOT 13
- windows也有ebpf,是否兼容适配? HOT 1
- 鸿蒙4.0支持分析https内容不 HOT 3
- 关于在pcap模式中tc层skb_data payload数据传输的问题 HOT 3
- eCapture run failed, error log: invalid memory address or nil pointer dereference HOT 3
- Build 2 Android Arm64 HOT 1
- ssh加解密教程 HOT 4
- gotls 访问百度,https 包无法获取、只能截取 http 包 HOT 2
- 加解密模式对性能的影响是多少 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ecapture.