/*kprobe_example.c*/ #include #include #include #include #include #define PROBE_FILENAME "/root/test/uprobe" #define TEXT_START 0x8048150 #define TEXT_OFFSET 0x150 #define PROBE_POS 0x8048304 /*For each probe you need to allocate a kprobe structure*/ struct uprobe uprobe_ex; /*kprobe pre_handler: called just before the probed instruction is executed*/ int handler_pre(struct kprobe *p, struct pt_regs *regs) { printk("passed: prehandler executed \n"); return 0; } /*kprobe post_handler: called after the probed instruction is executed*/ void handler_post(struct kprobe *p, struct pt_regs *regs, unsigned long flags) { printk("passed: post handler executed \n"); } /* fault_handler: this is called if an exception is generated for any * instruction within the pre- or post-handler, or when Kprobes * single-steps the probed instruction. */ int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr) { printk("passed: page fault executed \n"); return 0; } int init_module(void) { int ret; char *pname = PROBE_FILENAME; uprobe_ex.kp.pre_handler = handler_pre; uprobe_ex.kp.post_handler = handler_post; uprobe_ex.kp.fault_handler = handler_fault; //uprobe_ex.kp.opcode = 0; uprobe_ex.kp.addr = (kprobe_opcode_t*)PROBE_POS; uprobe_ex.offset = (PROBE_POS - TEXT_START + TEXT_OFFSET); uprobe_ex.pathname = pname; if ((ret = register_uprobe(&uprobe_ex) < 0)) { printk("register_uprobe failed, returned %d\n", ret); return -1; } printk("uprobe registered\n"); return 0; } void cleanup_module(void) { unregister_uprobe(&uprobe_ex); printk("uprobe unregistered\n"); } MODULE_LICENSE("GPL");