The code comes from the Linux kernel Sample/kprobe
Kprobe_example.c
/*
* Note:this example is works on x86 and PowerPC.
* Here's a sample kernel module showing the use of kprobes to dump a
* Stack trace and selected registers when Do_fork () is called.
*
* For more information on theory of operation of Kprobes, see
* Documentation/kprobes.txt
*
* You'll see the trace data in/var/log/messages and on the console
* Whenever Do_fork () is invoked to create a new process.
*/
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/kprobes.h>
/* For each probe-need to allocate a KPROBE structure */
static struct Kprobe KP = {
. symbol_name = "Do_fork",
};
/* Kprobe pre_handler:called just before the probed instruction is executed */
static int handler_pre (struct kprobe *p, struct pt_regs *regs)
{
#ifdef config_x86
PRINTK (kern_info "pre_handler:p->addr = 0x%p, IP =%LX,"
"Flags = 0x%lx\n",
P->addr, Regs->ip, regs->flags);
#endif
#ifdef CONFIG_PPC
PRINTK (kern_info "pre_handler:p->addr = 0x%p, Nip = 0x%lx,"
"MSR = 0x%lx\n",
P->addr, Regs->nip, REGS->MSR);
#endif
#ifdef config_mips
PRINTK (kern_info "pre_handler:p->addr = 0x%p, EPC = 0X%LX,"
"Status = 0x%lx\n",
P->addr, Regs->cp0_epc, regs->cp0_status);
#endif
/* a dump_stack () here'll give a stack backtrace */
return 0;
}
/* Kprobe post_handler:called after the probed instruction is executed */
static void Handler_post (struct kprobe *p, struct Pt_regs *regs,
unsigned long flags)
{
#ifdef config_x86
PRINTK (kern_info "post_handler:p->addr = 0x%p, flags = 0x%lx\n",
P->ADDR, Regs->flags);
#endif
#ifdef CONFIG_PPC
PRINTK (kern_info "post_handler:p->addr = 0x%p, msr = 0x%lx\n",
P->ADDR, REGS->MSR);
#endif
#ifdef config_mips
PRINTK (kern_info "post_handler:p->addr = 0x%p, status = 0x%lx\n",
P->ADDR, Regs->cp0_status);
#endif
}
/*
* Fault_handler:this is called if a exception is generated for any
* Instruction within the pre-or Post-handler, or when Kprobes
* Single-steps the probed instruction.
*/
static int Handler_fault (struct kprobe *p, struct pt_regs *regs, int trapnr)
{
PRINTK (kern_info "fault_handler:p->addr = 0x%p, Trap #%dn",
P->ADDR, TRAPNR);
/* Return 0 because we don ' t handle the fault. */
return 0;
}
static int __init kprobe_init (void)
{
int ret;
Kp.pre_handler = Handler_pre;
Kp.post_handler = Handler_post;
Kp.fault_handler = Handler_fault;
ret = Register_kprobe (&KP);
if (Ret < 0) {
PRINTK (kern_info "Register_kprobe failed, returned%d\n", ret);
return ret;
}
PRINTK (kern_info "planted kprobe at%p\n", kp.addr);
return 0;
}
static void __exit kprobe_exit (void)
{
Unregister_kprobe (&KP);
PRINTK (kern_info "Kprobe at%p unregistered\n", kp.addr);
}
Module_init (Kprobe_init)
Module_exit (Kprobe_exit)
Module_license ("GPL");
Makefile as follows:
Kdir: =/lib/modules/$ (Shell uname-r)/build
PWD: = $ (shell pwd)
Default
$ (make)-C $ (Kdir) subdirs=$ (PWD) modules
Clean
Rm-f *.MOD.C *.ko *.O
Su Root
Insmod Kprobe-example.ko
Cat/var/log/messages viewing messages
Lsmod | grep krpobe
RM Kprobe-example.ko
Kprobe kernel Modules
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
