Created
March 21, 2024 17:52
-
-
Save aserper/94ce1b762259b6c5cacedb4dd666e2a7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from bcc import BPF | |
# BPF program that instruments setenv function | |
prog = """ | |
#include <uapi/linux/ptrace.h> | |
int trace_setenv(struct pt_regs *ctx) { | |
// Assuming the first argument to setenv is a pointer to the environment variable name | |
char env_var_name[256]; | |
bpf_probe_read_user(&env_var_name, sizeof(env_var_name), (void *)PT_REGS_PARM1(ctx)); | |
bpf_trace_printk("setenv called with %s\\n", env_var_name); | |
return 0; | |
} | |
""" | |
b = BPF(text=prog) | |
b.attach_uprobe(name="c", sym="setenv", fn_name="trace_setenv") | |
print("Tracing setenv calls... Hit Ctrl-C to end.") | |
while True: | |
try: | |
(task, pid, cpu, flags, ts, msg) = b.trace_fields() | |
if msg: | |
print("%-18.9f %-6d %s" % (ts, pid, msg)) | |
except KeyboardInterrupt: | |
exit() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment