⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.144
Server IP:
157.245.143.252
Server:
Linux www 6.11.0-9-generic #9-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 14 13:19:59 UTC 2024 x86_64
Server Software:
nginx/1.26.0
PHP Version:
8.3.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
sbin
/
View File Name :
dcsnoop.bt
#!/usr/bin/env bpftrace /* * dcsnoop Trace directory entry cache (dcache) lookups. * For Linux, uses bpftrace and eBPF. * * This uses kernel dynamic tracing of kernel functions, lookup_fast() and * d_lookup(), which will need to be modified to match kernel changes. See * code comments. * * USAGE: dcsnoop.bt * * Copyright 2018 Netflix, Inc. * Licensed under the Apache License, Version 2.0 (the "License") * * 08-Sep-2018 Brendan Gregg Created this. */ #ifndef BPFTRACE_HAVE_BTF #include <linux/fs.h> #include <linux/sched.h> // from fs/namei.c: struct nameidata { struct path path; struct qstr last; // [...] }; #endif BEGIN { printf("Tracing dcache lookups... Hit Ctrl-C to end.\n"); printf("%-8s %-6s %-16s %1s %s\n", "TIME", "PID", "COMM", "T", "FILE"); } // comment out this block to avoid showing hits: kprobe:lookup_fast, kprobe:lookup_fast.constprop.* { $nd = (struct nameidata *)arg0; printf("%-8d %-6d %-16s R %s\n", elapsed / 1e6, pid, comm, str($nd->last.name)); } kprobe:d_lookup { $name = (struct qstr *)arg1; @fname[tid] = $name->name; } kretprobe:d_lookup /@fname[tid]/ { printf("%-8d %-6d %-16s M %s\n", elapsed / 1e6, pid, comm, str(@fname[tid])); delete(@fname[tid]); }