aserper/gist:d495b119395bf8352558d4b824f46f93

## gistfile1.txt
from bcc import BPF

# eBPF program
prog = """
#include <uapi/linux/ptrace.h>

// Instrument the chdir syscall entry
TRACEPOINT_PROBE(syscalls, sys_enter_chdir) {
    // args is a built-in structure provided by the tracepoint
    // It contains all the arguments of the syscall being traced
    const char *pathname = (const char *)args->filename;

    // Log the pathname
    bpf_trace_printk("chdir called with pathname %s\\n", pathname);
    return 0;
}
"""

# Load eBPF program
b = BPF(text=prog)

# Print the output of bpf_trace_printk
print("Tracing chdir syscalls... Hit Ctrl-C to end.")
while True:
    try:
        (task, pid, cpu, flags, ts, msg) = b.trace_fields()
        print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
    except KeyboardInterrupt:
        exit()
	from bcc import BPF

	# eBPF program
	prog = """
	#include <uapi/linux/ptrace.h>

	// Instrument the chdir syscall entry
	TRACEPOINT_PROBE(syscalls, sys_enter_chdir) {
	// args is a built-in structure provided by the tracepoint
	// It contains all the arguments of the syscall being traced
	const char pathname = (const char )args->filename;

	// Log the pathname
	bpf_trace_printk("chdir called with pathname %s\\n", pathname);
	return 0;
	}
	"""

	# Load eBPF program
	b = BPF(text=prog)

	# Print the output of bpf_trace_printk
	print("Tracing chdir syscalls... Hit Ctrl-C to end.")
	while True:
	try:
	(task, pid, cpu, flags, ts, msg) = b.trace_fields()
	print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
	except KeyboardInterrupt:
	exit()