-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kprobe attach __x64_sys_open get empty file from arg 0 #587
Comments
How can i get current stack and user space symbol like bcc? //bcc function This walks the stack found via the struct pt_regs in ctx, saves it in the stack trace map, and returns a unique ID for the stack trace. //bcc function Translate a memory address into a function name for a pid, which is returned. A pid of less than zero will access the kernel symbol cache. The show_module and show_offset parameters control whether the module in which the symbol lies should be displayed, and whether the instruction offset from the beginning of the symbol should be displayed. These extra parameters default to False. |
I'm having trouble understanding the issue. What are you trying to do? |
The original implementation of the trait is unable to correctly retrieve the arguments of a function, necessitating a rewrite. This includes two interfaces: and . To access a function's argument, it is necessary to accurately identify the register address where the argument is stored. Subsequently, we can use the function to read the contents at this register address. This allows us to correctly retrieve the argument of the function. Fixes: aya-rs#587
//env
aya = { version = ">=0.11", features=["async_tokio"] }
ubuntu 22.04
//user space code
//ebpf code
//result
I get the result like this:
"LOG: proc_name:xxxx, filename:,flag:0"
"LOG: proc_name:xxxx, filename:�,flag:0"
get file name from ProbeContext with arg 0 is empty string
The text was updated successfully, but these errors were encountered: