This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
if [ $1 -eq 0 ]; then | |
exit 0; | |
fi | |
msg=`cc -E -dM /usr/include/errno.h | egrep "^#define E\w+ $1$" | cut -d" " -f 2,3` | |
echo "$msg " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sys_read { | |
hit[pid] += 1 | |
} | |
-- | |
sys_read { | |
hit[pid] += 1; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kprobe:test { | |
a = 1; | |
return 2 * (a - 1) + 7 | |
} | |
-- | |
mov r9, 0x1 | |
mov r8, r9 | |
sub r8, 0x1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TroglOS Linux 1.0-beta5 chaos /dev/ttyAMA0 | |
chaos login: root | |
(@- | |
//\ TroglOS Linux :: Troglobit Software | |
V_/_ Chaos Release :: http://troglobit.com | |
~ # echo 'kprobe:do_sys_open { trace("hello, world!\n") }' | /dtl | |
syslogd-37 [000] d... 6.067101: : hello, world! | |
sh-63 [000] d... 6.074971: : hello, world! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
open.fs: | |
-- | |
kprobe:SyS_open { | |
opens[comm()] += 1; | |
} | |
-- | |
~ # dtl -f open.fs & | |
<DO RANDOM STUFF> | |
~ # fg |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/ply -f | |
kprobe:SyS_* { | |
syscall[reg("pc")] += 1 | |
} | |
-- | |
000: mov r9, r1 | |
001: mov r0, #0x0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wkz@wkz-box:~$ cat test.ply | |
kprobe:SyS_read { | |
/* on x86_64, di contains first argument to read, the fd */ | |
fds[pid(), execname(), reg("di")] += 1 | |
} | |
wkz@wkz-box:~$ sudo ply test.ply | |
[sudo] password for wkz: | |
^C | |
fds: | |
[ 2315, xmobar , 11 ] 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
flip: | |
@echo '\\/' | sed -e 's:\\/://\\:' | |
flip-adv: | |
@echo '\\/' | sed -e 's/\\\//\/\/\\/' | |
flip-evil: | |
@echo "\\\\\/" | sed -e "s/\\\\\\\\\//\/\/\\\/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wkz@wkz-box:~$ time cat /proc/kallsyms | awk '{ print $NF; exit 0 }' | |
irq_stack_union | |
real 0m0.003s | |
user 0m0.000s | |
sys 0m0.000s | |
wkz@wkz-box:~$ time cat /proc/kallsyms | awk 'END{ print $NF }' | |
[wmi] | |
real 0m0.064s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ply | |
/* -*- mode: c -*- */ | |
kprobe:SyS_read | |
{ | |
sizes[arg(2)].count(); | |
dist.quantize(arg(2)); | |
sum.count(); | |
} |
OlderNewer