-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathtt2.cpp
More file actions
63 lines (46 loc) · 1.11 KB
/
tt2.cpp
File metadata and controls
63 lines (46 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#include <iostream>
#include <bcc/BPF.h>
#include <string>
using namespace std;
struct data_t {
pid_t pid;
char comm[256];
};
std::string bpf_source = R"(
BPF_PERF_OUTPUT(event);
struct data_t {
pid_t pid;
char comm[256];
};
int mmap_fn(void* ctx)
{
struct data_t data = {};
data.pid = (pid_t)(bpf_get_current_pid_tgid() >> 32);
bpf_get_current_comm(data.comm, 256);
bpf_trace_printk("Hello world!\n");
event.perf_submit(ctx, &data, sizeof(data));
return 0;
}
)";
void handler(void* cookie, void* data, int sz) {
auto d = static_cast<data_t*>(data);
cout << "Pid: " << d->pid << " Comm: " << d->comm <<endl;
}
int main(void) {
ebpf::BPF bpf;
bpf.init(bpf_source);
auto syscall = bpf.get_syscall_fnname("mmap");
cout << "the syscall we are looking for is called " <<syscall<< endl;
auto rc = bpf.attach_kprobe(syscall, "mmap_fn");
if (rc.code() != 0) {
cerr << rc.msg() << endl;
return 1;
}
auto res_open_perf = bpf.open_perf_buffer("event", handler);
if (res_open_perf.code() != 0) {
cerr << res_open_perf.msg() << endl;
}
while ( 0 <= bpf.poll_perf_buffer("event")) {
}
return 0;
}