-
-
Save slankdev/cac2dab85f8e7227d0ce6a30ec338248 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <uapi/linux/ptrace.h> | |
| #define OK 0 | |
| #define NG 1 | |
| BPF_ARRAY(count, u64, 2); | |
| void trace_good(struct pt_regs *ctx) | |
| { | |
| bpf_trace_printk("good\n"); | |
| count.increment(OK); | |
| } | |
| void trace_bad(struct pt_regs *ctx) | |
| { | |
| bpf_trace_printk("bad\n"); | |
| count.increment(NG); | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Only Compile | |
| test: | |
| sudo ./test.py | |
| # Compile and Tracing | |
| trace: | |
| sudo ./trace.py | |
| # Build Target Program | |
| target: | |
| gcc -static target.c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <stdbool.h> | |
| void slankdev_good_practice() { printf("BPF Dekiruuuuuu\n"); } | |
| void slankdev_bad_practice() { printf("BPF Dekineeeeee, KUSO, KUSO\n"); } | |
| int main() | |
| { | |
| for (size_t i=0; ; i++) { | |
| bool cond = rand()%4 == 0 ? true : false; | |
| if (cond) slankdev_good_practice(); | |
| else slankdev_bad_practice(); | |
| sleep(1); | |
| } | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from bcc import BPF | |
| b = BPF(src_file="main.c") | |
| print('Compile Done') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from bcc import BPF | |
| import time | |
| b = BPF(src_file="main.c") | |
| b.attach_uprobe( | |
| name = "./a.out", | |
| sym = "slankdev_good_practice", | |
| fn_name = "trace_good") | |
| b.attach_uprobe( | |
| name = "./a.out", | |
| sym = "slankdev_bad_practice", | |
| fn_name = "trace_bad") | |
| while True: | |
| # print(b.trace_print()) | |
| good = b["count"][0].value | |
| bad = b["count"][1].value | |
| print("understand bpf? good:{},bad:{}".format(good, bad)) | |
| time.sleep(1) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment