kprobe
来源:互联网 发布:广发期货模拟软件 编辑:程序博客网 时间:2024/04/30 13:24
kprobe 则可以分别在被探测函数的前后分别执行毁掉函数,kprobe->pre_handle->被探测函数->post_handler.当执行到被探测函数发生fault(例如怕个fault)会调用fault_handler,当陷入breakopint是会调用break_handler
例如下例会在执行_do_fork前执行handler_pre,执行完成后调用handler_post,当执行_do_fork 发生fault时调用handler_fault
#define MAX_SYMBOL_LEN 64
static char symbol[MAX_SYMBOL_LEN] = "_do_fork";
module_param_string(symbol, symbol, sizeof(symbol), 0644);
/* For each probe you need to allocate a kprobe structure */
static struct kprobe kp = {
.symbol_name = symbol,
};
/* kprobe pre_handler: called just before the probed instruction is executed */
static int handler_pre(struct kprobe *p, struct pt_regs *regs)
{
pr_info("<%s> pre_handler: p->addr = 0x%p, pc = 0x%lx,"
" pstate = 0x%lx\n",
p->symbol_name, p->addr, (long)regs->pc, (long)regs->pstate);
/* A dump_stack() here will give a stack backtrace */
return 0;
}
/* kprobe post_handler: called after the probed instruction is executed */
static void handler_post(struct kprobe *p, struct pt_regs *regs,
unsigned long flags)
{
pr_info("<%s> post_handler: p->addr = 0x%p, pstate = 0x%lx\n",
p->symbol_name, p->addr, (long)regs->pstate);
}
/*
* fault_handler: this is called if an exception is generated for any
* instruction within the pre- or post-handler, or when Kprobes
* single-steps the probed instruction.
*/
static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
{
pr_info("fault_handler: p->addr = 0x%p, trap #%dn", p->addr, trapnr);
/* Return 0 because we don't handle the fault. */
return 0;
}
static int __init kprobe_init(void)
{
int ret;
//定义在探测点需要调用的函数
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
//注册kprobe
ret = register_kprobe(&kp);
if (ret < 0) {
pr_err("register_kprobe failed, returned %d\n", ret);
return ret;
}
pr_info("Planted kprobe at %p\n", kp.addr);
return 0;
}
module_init(kprobe_init)
MODULE_LICENSE("GPL");
例如下例会在执行_do_fork前执行handler_pre,执行完成后调用handler_post,当执行_do_fork 发生fault时调用handler_fault
#define MAX_SYMBOL_LEN 64
static char symbol[MAX_SYMBOL_LEN] = "_do_fork";
module_param_string(symbol, symbol, sizeof(symbol), 0644);
/* For each probe you need to allocate a kprobe structure */
static struct kprobe kp = {
.symbol_name = symbol,
};
/* kprobe pre_handler: called just before the probed instruction is executed */
static int handler_pre(struct kprobe *p, struct pt_regs *regs)
{
pr_info("<%s> pre_handler: p->addr = 0x%p, pc = 0x%lx,"
" pstate = 0x%lx\n",
p->symbol_name, p->addr, (long)regs->pc, (long)regs->pstate);
/* A dump_stack() here will give a stack backtrace */
return 0;
}
/* kprobe post_handler: called after the probed instruction is executed */
static void handler_post(struct kprobe *p, struct pt_regs *regs,
unsigned long flags)
{
pr_info("<%s> post_handler: p->addr = 0x%p, pstate = 0x%lx\n",
p->symbol_name, p->addr, (long)regs->pstate);
}
/*
* fault_handler: this is called if an exception is generated for any
* instruction within the pre- or post-handler, or when Kprobes
* single-steps the probed instruction.
*/
static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
{
pr_info("fault_handler: p->addr = 0x%p, trap #%dn", p->addr, trapnr);
/* Return 0 because we don't handle the fault. */
return 0;
}
static int __init kprobe_init(void)
{
int ret;
//定义在探测点需要调用的函数
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
//注册kprobe
ret = register_kprobe(&kp);
if (ret < 0) {
pr_err("register_kprobe failed, returned %d\n", ret);
return ret;
}
pr_info("Planted kprobe at %p\n", kp.addr);
return 0;
}
module_init(kprobe_init)
MODULE_LICENSE("GPL");
阅读全文
0 0
- kprobe
- kprobe
- kprobe
- kprobe
- kprobe
- Kprobe和debugfs
- kprobe和systemtap
- Linux内核kprobe机制
- kprobe module code
- kprobe内核探测介绍
- kprobe钩子详细介绍
- ftrace kprobe调试
- kprobe工作原理
- linux内核kprobe分析
- kprobe实现轻量级内核热补丁机制
- Linux 下的调式诊断工具 kprobe
- 关于kprobe的几种使用
- kprobe探测中使用offset存在兼容性问题
- Qt
- Qt——QtSerialPort/QSerialPort(一)
- swift学习--闭包
- activity转fragment
- C语言 const static 静态变量 全局变量 局部变量
- kprobe
- Ubuntu 安装Node.js、Express和MySQL
- PHP实现快速排序算法
- Cocoapods 2017最新安装图文教程及快速安装方法
- FTP服务端文件下载到本地
- QT
- 阿里云上部署的SQL Server服务器和SVN服务器不能远程访问
- Firefox兼容OCX控件的方法
- 盘点2017年上半年移动互联网安全事件