问题描述
使用BPFtrace跟踪raw_syscall跟踪点时,在enter节中,每个args都是相同的值。
ex)
#!/snap/bin/bpftrace
tracepoint:raw_syscalls:sys_enter
{
@start[tid] = nsecs;
@arg0[tid] = args->args[0];
@arg1[tid] = args->args[1];
@arg2[tid] = args->args[2];
@arg3[tid] = args->args[3];
@arg4[tid] = args->args[4];
@arg5[tid] = args->args[5];
}
tracepoint:raw_syscalls:sys_exit
/@start[tid]/
{
printf("%d ",args->id);
printf("%lx %lx %lx %lx %lx %lx\n",@arg0[tid],@arg1[tid],@arg2[tid],@arg3[tid],@arg4[tid],@arg5[tid]);
delete(@start[tid]);
delete(@arg0[tid]);
delete(@arg1[tid]);
delete(@arg2[tid]);
delete(@arg3[tid]);
delete(@arg4[tid]);
delete(@arg5[tid]);
}
END{
clear(@start);
clear(@arg0);
clear(@arg1);
clear(@arg2);
clear(@arg3);
clear(@arg4);
clear(@arg5);
}
打印结果示例在下面
9 0 0 0 0 0 0
157 f f f f f f
202 55d4f7edce08 55d4f7edce08 55d4f7edce08 55d4f7edce08 55d4f7edce08 55d4f7edce08
我的脚本有问题吗?或有关打印raw_syscalls参数的任何信息?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)