Skip to content

Instantly share code, notes, and snippets.

@mmitou

mmitou/Makefile

Created August 23, 2012 06:21
Show Gist options
  • Save mmitou/3433352 to your computer and use it in GitHub Desktop.
Save mmitou/3433352 to your computer and use it in GitHub Desktop.
Download ZIP
exeve観察用stp
Raw
exec.c
#include <unistd.h>
int main(int argc, char **argv)
{
execl("./test", "hello", NULL);
return 0;
}
Raw
Makefile
.PHONY: all
all: exec test
exec: exec.c
gcc exec.c -o exec
test: test.c
gcc test.c -o test
Raw
test.c
#include <stdio.h>
int main(int argc, char **argv)
{
printf("Hello!\n");
return 0;
}
Raw
watch_exec.stp
probe kernel.function("sys_execve") {
printf("%s -> %s\n", thread_indent(1), probefunc());
printf("%s name = %s\n", thread_indent(0), kernel_string($name));
printf("%s argv[0] = %s\n", thread_indent(0), kernel_string($argv[0]));
printf("%s envp[0] = %s\n", thread_indent(0), kernel_string($envp[0]));
printf("%s envp[1] = %s\n", thread_indent(0), kernel_string($envp[1]));
}
probe kernel.function("do_execve") {
printf("%s -> %s\n", thread_indent(1), probefunc());
printf("%s filename = %s\n", thread_indent(0), kernel_string($filename));
printf("%s __argv[0] = %s\n", thread_indent(0), kernel_string($__argv[0]));
printf("%s __envp[0] = %s\n", thread_indent(0), kernel_string($__envp[0]));
printf("%s __envp[1] = %s\n", thread_indent(0), kernel_string($__envp[1]));
}
probe kernel.function("do_execve_common") {
printf("%s -> %s\n", thread_indent(1), probefunc());
printf("%s filename = %s\n", thread_indent(0), kernel_string($filename));
}
probe kernel.function("open_exec") {
printf("%s -> %s\n", thread_indent(1), probefunc());
printf("%s filename = %s\n", thread_indent(0), kernel_string($name));
}
probe kernel.function("unshare_files"),
kernel.function("unshare_fd"),
kernel.function("dup_fd"),
kernel.function("sched_exec"),
kernel.function("stop_one_cpu"),
kernel.function("bprm_mm_init"),
kernel.function("count"),
kernel.function("prepare_binprm"),
kernel.function("copy_strings_kernel"),
kernel.function("copy_strings"),
kernel.function("search_binary_handler"),
kernel.function("acct_update_integrals")
{
printf("%s -> %s\n", thread_indent(1), probefunc());
printf("%s %s\n", thread_indent(0), $$vars);
}
probe kernel.function("sys_execve").return,
kernel.function("do_execve").return,
kernel.function("do_execve_common").return,
kernel.function("unshare_files").return,
kernel.function("unshare_fd").return,
kernel.function("dup_fd").return,
kernel.function("open_exec").return,
kernel.function("stop_one_cpu").return,
kernel.function("bprm_mm_init").return,
kernel.function("count").return,
kernel.function("prepare_binprm").return,
kernel.function("copy_strings_kernel").return,
kernel.function("copy_strings").return,
kernel.function("search_binary_handler").return
{
printf("%s <- %s ret= %d\n", thread_indent(-1), probefunc(), $return);
}
probe kernel.function("sched_exec").return,
kernel.function("acct_update_integrals").return
{
printf("%s <- %s \n", thread_indent(-1), probefunc());
}
@mmitou
Copy link
Author

mmitou commented Aug 23, 2012

Hello!
0 stapio(2284): -> sys_execve
3 stapio(2284): name = ./exec
6 stapio(2284): argv[0] = ./exec
7 stapio(2284): envp[0] = HOSTNAME=localhost.localdomain
10 stapio(2284): envp[1] = TERM=xterm
15 stapio(2284): -> do_execve
17 stapio(2284): filename = ./exec
18 stapio(2284): __argv[0] = ./exec
20 stapio(2284): __envp[0] = HOSTNAME=localhost.localdomain
23 stapio(2284): __envp[1] = TERM=xterm
26 stapio(2284): -> do_execve_common
27 stapio(2284): filename = ./exec
31 stapio(2284): -> unshare_files
32 stapio(2284): displaced=0xffff8800bf4f7ec8 task=? copy=0xffff8800a8064660 error=?
36 stapio(2284): -> unshare_fd
38 stapio(2284): unshare_flags=0x400 new_fdp=0xffff8800bf4f7e80 fd=? error=0xffffffffffffffff
42 stapio(2284): <- unshare_fd ret= 0
45 stapio(2284): <- unshare_files ret= 0
48 stapio(2284): -> open_exec
50 stapio(2284): filename = ./exec
59 stapio(2284): <- open_exec ret= -131938571054080
62 stapio(2284): -> sched_exec
64 stapio(2284): p=? flags=? dest_cpu=?
67 stapio(2284): -> stop_one_cpu
69 stapio(2284): cpu=0x0 fn=0xffffffff8108a730 arg=0xffff8800bf4f7e68 done={...} work={...}
84 stapio(2284): <- stop_one_cpu ret= 0
87 stapio(2284): <- sched_exec
91 stapio(2284): -> bprm_mm_init
92 stapio(2284): bprm=0xffff8800a80f5000 err=? mm=?
100 stapio(2284): <- bprm_mm_init ret= 0
103 stapio(2284): -> count
104 stapio(2284): i=? max=0x7fffffff
107 stapio(2284): <- count ret= 1
109 stapio(2284): -> count
111 stapio(2284): i=? max=0x7fffffff
113 stapio(2284): <- count ret= 20
116 stapio(2284): -> prepare_binprm
117 stapio(2284): bprm=0xffff8800a80f5000 mode=? inode=? retval=?
167 stapio(2284): <- prepare_binprm ret= 128
170 stapio(2284): -> copy_strings_kernel
171 stapio(2284): argc=0x1 __argv=0xffff8800a80f50c8 bprm=0xffff8800a80f5000 r=0x80 oldfs={...} argv={...}
175 stapio(2284): -> copy_strings
177 stapio(2284): argc=0x1 bprm=0xffff8800a80f5000 kmapped_page=? kaddr=? kpos=0x0 ret=?
191 stapio(2284): <- copy_strings ret= 0
193 stapio(2284): <- copy_strings_kernel ret= 0
195 stapio(2284): -> copy_strings
196 stapio(2284): argc=0x14 bprm=0xffff8800a80f5000 kmapped_page=? kaddr=? kpos=0xffff8800bf5a0000 ret=?
203 stapio(2284): <- copy_strings ret= 0
205 stapio(2284): -> copy_strings
207 stapio(2284): argc=0x1 bprm=0xffff8800a80f5000 kmapped_page=? kaddr=? kpos=0xffff8800bf5a0000 ret=?
210 stapio(2284): <- copy_strings ret= 0
212 stapio(2284): -> search_binary_handler
214 stapio(2284): bprm=0xffff8800a80f5000 regs=0xffff8800bf4f7f58 depth=? try=? retval=? fmt=? old_pid=? old_vpid=0xffffffffffff8800
221 stapio(2284): -> open_exec
222 stapio(2284): filename = /lib64/ld-linux-x86-64.so.2
233 stapio(2284): <- open_exec ret= -131938570268160
321 exec(2284): <- search_binary_handler ret= 0
324 exec(2284): -> acct_update_integrals
325 exec(2284): tsk=0xffff8800a8429710
328 exec(2284): <- acct_update_integrals
330 exec(2284): <- do_execve_common ret= 0
332 exec(2284): <- do_execve ret= 0
334 exec(2284): <- sys_execve ret= 0
0 exec(2284): -> sys_execve
1 exec(2284): name = ./test
3 exec(2284): argv[0] = hello
4 exec(2284): envp[0] = HOSTNAME=localhost.localdomain
7 exec(2284): envp[1] = TERM=xterm
10 exec(2284): -> do_execve
11 exec(2284): filename = ./test
12 exec(2284): __argv[0] = hello
14 exec(2284): __envp[0] = HOSTNAME=localhost.localdomain
16 exec(2284): __envp[1] = TERM=xterm
18 exec(2284): -> do_execve_common
20 exec(2284): filename = ./test
22 exec(2284): -> unshare_files
23 exec(2284): displaced=0xffff8800bf4f7ec8 task=? copy=0xffff8800a80cebb0 error=?
26 exec(2284): -> unshare_fd
28 exec(2284): unshare_flags=0x400 new_fdp=0xffff8800bf4f7e80 fd=? error=0xffffffffffffffff
31 exec(2284): <- unshare_fd ret= 0
33 exec(2284): <- unshare_files ret= 0
36 exec(2284): -> open_exec
38 exec(2284): filename = ./test
43 exec(2284): <- open_exec ret= -131938570267648
46 exec(2284): -> sched_exec
47 exec(2284): p=? flags=? dest_cpu=?
50 exec(2284): -> stop_one_cpu
51 exec(2284): cpu=0x1 fn=0xffffffff8108a730 arg=0xffff8800bf4f7e68 done={...} work={...}
78 exec(2284): <- stop_one_cpu ret= 0
80 exec(2284): <- sched_exec
83 exec(2284): -> bprm_mm_init
84 exec(2284): bprm=0xffff8800a8631d00 err=? mm=?
88 exec(2284): <- bprm_mm_init ret= 0
91 exec(2284): -> count
92 exec(2284): i=? max=0x7fffffff
94 exec(2284): <- count ret= 1
96 exec(2284): -> count
97 exec(2284): i=? max=0x7fffffff
99 exec(2284): <- count ret= 20
102 exec(2284): -> prepare_binprm
103 exec(2284): bprm=0xffff8800a8631d00 mode=? inode=? retval=?
135 exec(2284): <- prepare_binprm ret= 128
138 exec(2284): -> copy_strings_kernel
139 exec(2284): argc=0x1 __argv=0xffff8800a8631dc8 bprm=0xffff8800a8631d00 r=0x80 oldfs={...} argv={...}
142 exec(2284): -> copy_strings
144 exec(2284): argc=0x1 bprm=0xffff8800a8631d00 kmapped_page=? kaddr=? kpos=0x0 ret=?
153 exec(2284): <- copy_strings ret= 0
154 exec(2284): <- copy_strings_kernel ret= 0
157 exec(2284): -> copy_strings
158 exec(2284): argc=0x14 bprm=0xffff8800a8631d00 kmapped_page=? kaddr=? kpos=0xffff880111f2a000 ret=?
164 exec(2284): <- copy_strings ret= 0
166 exec(2284): -> copy_strings
167 exec(2284): argc=0x1 bprm=0xffff8800a8631d00 kmapped_page=? kaddr=? kpos=0xffff880111f2a000 ret=?
170 exec(2284): <- copy_strings ret= 0
172 exec(2284): -> search_binary_handler
174 exec(2284): bprm=0xffff8800a8631d00 regs=0xffff8800bf4f7f58 depth=? try=? retval=? fmt=? old_pid=? old_vpid=0xffffffffffff8800
179 exec(2284): -> open_exec
180 exec(2284): filename = /lib64/ld-linux-x86-64.so.2
187 exec(2284): <- open_exec ret= -131938571146752
255 test(2284): <- search_binary_handler ret= 0
258 test(2284): -> acct_update_integrals
259 test(2284): tsk=0xffff8800a8429710
262 test(2284): <- acct_update_integrals
264 test(2284): <- do_execve_common ret= 0
265 test(2284): <- do_execve ret= 0
267 test(2284): <- sys_execve ret= 0
0 test(2284): -> acct_update_integrals
1 test(2284): tsk=0xffff8800a8429710
4 test(2284): <- acct_update_integrals
0 test(2284): -> acct_update_integrals
1 test(2284): tsk=0xffff8800a8429710
4 test(2284): <- acct_update_integrals

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment