int init_module(void)
{
mutex_init(&queue_lock);
log_queue = (queue*) kmalloc(sizeof(queue), GFP_KERNEL);
log_queue->head = NULL;
log_queue->tail = NULL;
proc_create("logger", 0, NULL, &my_proc_fops);
open_probe.symbol_name = "sys_mq_open";
open_probe.pre_handler = intercept;
send_probe.symbol_name = "sys_mq_timedsend";
send_probe.pre_handler = intercept;
receive_probe.symbol_name = "sys_mq_timedreceive";
receive_probe.pre_handler = intercept;
if (register_kprobe(&open_probe)) {
printk(KERN_ERR MODULE_NAME "register_kprobe failed\n");
return -EFAULT;
}
if (register_kprobe(&send_probe)) {
printk(KERN_ERR MODULE_NAME "register_kprobe failed\n");
return -EFAULT;
}
if (register_kprobe(&receive_probe)) {
printk(KERN_ERR MODULE_NAME "register_kprobe failed\n");
return -EFAULT;
}
printk(KERN_INFO MODULE_NAME "loaded\n");
return 0;
}
static int
stapkp_arch_register_kprobe(struct stap_kprobe_probe *skp)
{
int ret = 0;
struct kprobe *kp = &skp->kprobe->u.kp;
#ifndef __ia64__
ret = register_kprobe(kp);
if (ret == 0) {
if (skp->symbol_name)
dbug_stapkp("+kprobe %s+%u\n", kp->symbol_name, kp->offset);
else
dbug_stapkp("+kprobe %p\n", kp->addr);
}
#else // PR6028
ret = register_kprobe(&skp->kprobe->dummy);
if (ret == 0) {
ret = register_kprobe(kp);
if (ret != 0)
unregister_kprobe(&skp->kprobe->dummy);
}
dbug_stapkp_cond(ret == 0, "+kprobe %p\n", skp->kprobe->dummy.addr);
dbug_stapkp_cond(ret == 0, "+kprobe %p\n", kp->addr);
#endif
skp->registered_p = (ret ? 0 : 1);
return ret;
}
// The probed addr is given by the user script
// The user script scan /proc/kallsyms
int init_module(void)
{
int ret;
kp1.pre_handler = kp1_pre_handler;
// kp1.post_handler = kp1_post_handler;
kp1_ret.handler = kp1_ret_handler;
if (NULL == (long *) addr_1st) {
printk("must provide an instructmented addr\n");
return 1;
} else {
printk("addr_1st is %lx\n", addr_1st);
}
// need to export kallsyms_lookup_name first
kp1.addr = kp1_ret.kp.addr = (kprobe_opcode_t *)addr_1st;
if ((ret = register_kprobe(&kp1)) < 0) {
printk("register_kprobe failed, ret %d\n", ret);
return ret;
}
if ((ret = register_kretprobe(&kp1_ret)) < 0) {
printk("register_kretprobe failed, ret %d\n", ret);
unregister_kprobe(&kp1);
return ret;
}
printk("kprobe 1 registered\n");
if (NULL == (long *) addr_2nd) {
printk("2nd param is ignored\n");
} else {
printk("addr_2nd is %lx\n", addr_2nd);
// need to export kallsyms_lookup_name first
kp2.addr = kp2_ret.kp.addr = (kprobe_opcode_t *)addr_2nd;
if ((ret = register_kprobe(&kp1)) < 0) {
printk("register_kprobe failed, ret %d\n", ret);
return ret;
}
if ((ret = register_kretprobe(&kp1_ret)) < 0) {
printk("register_kretprobe failed, ret %d\n", ret);
unregister_kprobe(&kp1);
return ret;
}
is_kp2 = true;
printk("kprobe 2 registered\n");
}
return 0;
}
static int test_kprobe(void)
{
int ret;
ret = register_kprobe(&kp);
if (ret < 0) {
printk(KERN_ERR "Kprobe smoke test failed: "
"register_kprobe returned %d\n", ret);
return ret;
}
ret = target(rand1);
unregister_kprobe(&kp);
if (preh_val == 0) {
printk(KERN_ERR "Kprobe smoke test failed: "
"kprobe pre_handler not called\n");
handler_errors++;
}
if (posth_val == 0) {
printk(KERN_ERR "Kprobe smoke test failed: "
"kprobe post_handler not called\n");
handler_errors++;
}
return 0;
}
int my_init_module(void) {
int ret, i = 0;
for ( ; i < NUM_KPROBES; i++) {
kprobes[i].symbol_name = symbol_names[i];
kprobes[i].pre_handler = sysmon_intercept_before;
kprobes[i].post_handler = sysmon_intercept_after;
ret = register_kprobe(&kprobes[i]);
if (ret < 0) {
printk(KERN_INFO "register_kprobe failed, symbol_name = %s, "
"returned = %d\n", symbol_names[i], ret);
return ret;
}
}
printk(KERN_INFO "Sysmon log module successfully initialized.\n");
log = (char *) kmalloc(sizeof(char) * LOG_MAX_LENGTH, GFP_KERNEL);
log[0] = '\0';
add_entry_to_log(get_timestamp());
proc_create(SYSMON_TOGGLE, 0600, NULL, &sysmon_toggle_fops);
proc_create(SYSMON_UID, 0600, NULL, &sysmon_uid_fops);
proc_create(SYSMON_LOG, 0400, NULL, &sysmon_log_fops);
return 0;
}
static __init int init_kprobe_sample(void)
{
/*kp.addr = (kprobe_opcode_t *)0x00;*/
kp.symbol_name = "do_execve";
kp.pre_handler = handle_pre;
register_kprobe(&kp);
return 0;
}
int register_jprobe(struct jprobe *jp)
{
/* Todo: Verify probepoint is a function entry point */
jp->kp.pre_handler = setjmp_pre_handler;
jp->kp.break_handler = longjmp_break_handler;
return register_kprobe(&jp->kp);
}
static int __init kprobes_register(void)
{
kp.symbol_name = "enfs_lock";
kp.pre_handler = handler_pre;
register_kprobe(&kp);
return 0;
}
int myinit(void)
{
printk("module inserted\n ");
kp.pre_handler = Pre_Handler;
kp.post_handler = Post_Handler;
kp.addr = (kprobe_opcode_t *)0xffffffff811885d0;
register_kprobe(&kp);
return 0;
}
static int hello_init(void) {
printk(KERN_ALERT "Hello, world\n");
//print_current();
//printk(KERN_ALERT "current is %s pid %i\n", current->comm, current->pid);
memset(&my_kprobe, 0, sizeof(my_kprobe));
my_kprobe.pre_handler = &my_kprobe_handler;
my_kprobe.addr = ((void *) 0xffffffff8121d3e0);
register_kprobe(&my_kprobe);
return 0;
}
static int __init init_kprobe_samples(void)
{
// cat /proc/kallsyms | grep do_execve
kp.addr = (kprobe_opcode_t *) 0xffffffff81166f20;
kp.pre_handler = handler_pre;
register_kprobe(&kp);
return 0;
}
static int __init mykprobe_init(void)
{
printk(KERN_INFO "mykprobe: %s\n", __FUNCTION__);
kp.pre_handler = Pre_handler;
kp.post_handler = Post_handler;
kp.addr = (kprobe_opcode_t *)0xffffffff81445ce0; /* from /proc/kallsyms */
register_kprobe(&kp);
return 0;
}
static int __init kprobe_init(void)
{
int ret;
kp.pre_handler = handler_pre;
ret = register_kprobe(&kp);
if (ret < 0) {
printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
return ret;
}
printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
return 0;
}
static int __init profiler_init(void)
{
int i, ret;
printk(KERN_INFO "%s\n",__func__);
alloc_chrdev_region(&dev, 0, 1, DEVICE_NAME);
pclass = class_create(THIS_MODULE, CLASS_NAME);
pdevice = device_create(pclass, NULL, dev, NULL, DEVICE_NAME);
cdev_init(&cdev, NULL);
cdev_add(&cdev, dev, 1);
if ((ret = device_create_file(pdevice, &dev_attr_stats)) < 0)
printk(KERN_INFO "Failed to create read sysfs endpoint /stats\n");
if ((ret = device_create_file(pdevice, &dev_attr_memleaks)) < 0)
printk(KERN_INFO "Failed to create read sysfs endpoint /memleaks\n");
if ((ret = device_create_file(pdevice, &dev_attr_scan_start_addr)) < 0)
printk(KERN_INFO "Failed to create write sysfs endpoint /scan_start_addr\n");
if ((ret = device_create_file(pdevice, &dev_attr_scan_end_addr)) < 0)
printk(KERN_INFO "Failed to create write sysfs endpoint /scan_end_addr\n");
/* KRP - profiling system calls */
argc = (argc > NUM_ARGS) ? NUM_ARGS : argc;
for(i=0; i<argc; i++) {
memset(&krp_stats[i], 0, sizeof(krp_stats_t));
kp[i].pre_handler = handler_pre;
kp[i].post_handler = handler_post;
kp[i].fault_handler = handler_fault;
kp[i].addr = (kprobe_opcode_t *)kallsyms_lookup_name(funcs[i]);
/* register the kprobe now */
if (!kp[i].addr) {
printk(KERN_ERR "Couldn't find %s to plant kprobe\n", funcs[i]);
continue;
}
if ((ret = register_kprobe(&kp[i]) < 0)) {
printk(KERN_ERR "register_kprobe failed for %s, returned %d\n",funcs[i],ret);
continue;
}
printk(KERN_INFO "kprobe for %s registered\n",funcs[i]);
/* init krp stats structure */
printk(KERN_INFO "funcs[%d]=%s\n",i,funcs[i]);
krp_stats[i].addr = (void *)kp[i].addr;
strcpy(krp_stats[i].func, funcs[i]);
}
return 0;
}
static int __init setup_probe (struct kprobe *kp, const char *name,
int (*h_pre) (struct kprobe * kp,
struct pt_regs * regs))
{
kp->pre_handler = h_pre;
kp->symbol_name = (char *)name;
printk (KERN_INFO "handler for %s at loaded\n", name);
if (register_kprobe (kp)) {
printk (KERN_INFO "Failed to register kprobe, quitting\n");
return -1;
}
return 0;
}
int init_module(void){
int ret;
kp.addr = (kprobe_opcode_t*)kallsyms_lookup_name("schedule");
kp.pre_handler = my_pre_handler;
kp.post_handler = my_post_handler;
kp.fault_handler = my_fault_handler;
if((ret = register_kprobe(&kp) < 0)){
printk("register_kprobe failed,returned %d\n",ret);
return -1;
}
do_gettimeofday(&start);
printk("kprobe registere\n");
return 0;
}
static int
stapkp_arch_register_kprobe(struct stap_dwarf_probe *sdp)
{
int ret = 0;
struct kprobe *kp = &sdp->kprobe->u.kp;
#ifndef __ia64__
ret = register_kprobe(kp);
dbug_stapkp_cond(ret == 0, "+kprobe %p\n", kp->addr);
#else // PR6028
ret = register_kprobe(&sdp->kprobe->dummy);
if (ret == 0) {
ret = register_kprobe(kp);
if (ret != 0)
unregister_kprobe(&sdp->kprobe->dummy);
}
dbug_stapkp_cond(ret == 0, "+kprobe %p\n", sdp->kprobe->dummy.addr);
dbug_stapkp_cond(ret == 0, "+kprobe %p\n", kp->addr);
#endif
sdp->registered_p = (ret ? 0 : 1);
return ret;
}
static int __init kprobe_init(void)
{
int ret;
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
ret = register_kprobe(&kp);
if (ret < 0) {
pr_err("register_kprobe failed, returned %d\n", ret);
return ret;
}
pr_info("Planted kprobe at %px\n", kp.addr);
return 0;
}
static int __init kprobe_init(void)
{
int ret;
printk(KERN_DEBUG "kprobe_init\n");
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
ret = register_kprobe(&kp);
if (ret < 0) {
printk(KERN_ERR "register_kprobe failed, returned %d\n", ret);
return ret;
}
printk(KERN_DEBUG "Set kprobe at %p\n", kp.addr);
return 0;
}
static int __init kprobe_init(void)
{
int ret;
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
ret = register_kprobe(&kp);
if (ret < 0) {
printk(KERN_DEBUG "register_kprobe failed, returned %d\n", ret);
return ret;
}
printk(KERN_DEBUG "trace file name is %s\n", file);
printk(KERN_DEBUG "Planted kprobe at %p\n", kp.addr);
return 0;
}
static int __init my_init(void)
{
/* set the handler functions */
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
kp.symbol_name = "mycdrv_generic_open";
if (register_kprobe(&kp)) {
pr_info("Failed to register kprobe, quitting\n");
return -1;
}
register_jprobe(&jp);
pr_info("plant jprobe at %p, handler addr %p\n", jp.kp.addr, jp.entry);
return 0;
}
static int __init my_init (void)
{
/* set the handler functions */
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
kp.symbol_name = name;
if (register_kprobe (&kp)) {
printk (KERN_INFO "Failed to register kprobe, quitting\n");
return -1;
}
printk (KERN_INFO "Hello: module loaded at 0x%p\n", my_init);
return 0;
}
int init_module(void)
{
int ret;
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
kp.addr = (kprobe_opcode_t *) kallsyms_lookup_name("do_fork");
/* register the kprobe now */
if (!kp.addr) {
printk("Couldn't find %s to plant kprobe\n", "do_fork");
return -3;
}
if ((ret = register_kprobe(&kp) < 0)) {
printk("register_kprobe failed, returned %d\n", ret);
return -2;
}
printk("kprobe registered\n");
return 0;
}
/* Register a trace_probe and probe_event */
static int register_trace_probe(struct trace_probe *tp)
{
struct trace_probe *old_tp;
int ret;
mutex_lock(&probe_lock);
/* register as an event */
old_tp = find_probe_event(tp->call.name, tp->call.system);
if (old_tp) {
/* delete old event */
unregister_trace_probe(old_tp);
free_trace_probe(old_tp);
}
ret = register_probe_event(tp);
if (ret) {
pr_warning("Faild to register probe event(%d)\n", ret);
goto end;
}
tp->rp.kp.flags |= KPROBE_FLAG_DISABLED;
if (probe_is_return(tp))
ret = register_kretprobe(&tp->rp);
else
ret = register_kprobe(&tp->rp.kp);
if (ret) {
pr_warning("Could not insert probe(%d)\n", ret);
if (ret == -EILSEQ) {
pr_warning("Probing address(0x%p) is not an "
"instruction boundary.\n",
tp->rp.kp.addr);
ret = -EINVAL;
}
unregister_probe_event(tp);
} else
list_add_tail(&tp->list, &probe_list);
end:
mutex_unlock(&probe_lock);
return ret;
}
int __init kprobe_init_module(void)
{
int ret;
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
kp.addr = (kprobe_opcode_t*)kallsyms_lookup_name(probesym);
if(!kp.addr){
printk("Could not find %s to plant kprobe \n", probesym);
return -1;
}
if((ret = register_kprobe(&kp))<0){
printk("register_kprobe failed, returned %d\n", ret);
return -1;
}
printk("kprobe registered O.K.\n");
return 0;
}
int process_notify_init(void)
{
int err;
if ((err = register_kprobe(&exit_kprobe))) {
printk(KERN_ERR "%s: exit register_kprobe() failed with error %d\n",
THIS_MODULE->name, err);
goto exit_failed;
}
if ((err = register_kretprobe(&fork_kretprobe))) {
printk(KERN_ERR "%s: fork register_kretprobe() failed with error %d\n",
THIS_MODULE->name, err);
goto fork_failed;
}
if ((err = register_kretprobe(&exec_kretprobe))) {
printk(KERN_ERR "%s: exec register_kretprobe() failed with error %d\n",
THIS_MODULE->name, err);
goto exec_failed;
}
#ifdef CONFIG_COMPAT
if ((err = register_kretprobe(&compat_exec_kretprobe))) {
printk(KERN_ERR "%s: compat_exec register_kretprobe() failed with error %d\n",
THIS_MODULE->name, err);
if (err != -EINVAL)
goto compat_exec_failed;
}
#endif
return 0;
#ifdef CONFIG_COMPAT
compat_exec_failed:
unregister_kretprobe(&exec_kretprobe);
#endif
exec_failed:
unregister_kretprobe(&fork_kretprobe);
fork_failed:
unregister_kprobe(&exit_kprobe);
exit_failed:
return err;
}
static int __init myinit(void)
{
int ret;
printk("module inserted\n ");
//my_probe.kp.addr = (kprobe_opcode_t *)0xffffffff81570830; //cat /proc/kallsyms | grep ip_rcv gets you ffffffff8156b770 T ip_rcv
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
ret = register_kprobe(&kp);
if (ret < 0) {
printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
return ret;
}
printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
return 0;
}
static int __init kprobe_init(void)
{
int ret;
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
ret = register_kprobe(&kp);
if (ret < 0) {
#ifdef CONFIG_DEBUG_PRINTK
printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
#else
;
#endif
return ret;
}
#ifdef CONFIG_DEBUG_PRINTK
printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
#else
;
#endif
return 0;
}
static int mvmhyper_init(void)
{
printk("mvmhyper init.\n");
//printk("%x\n", IOCTL_PRIVCMD_HYPERCALL);
for(i=0;i<hypernum;++i)
{
kphyper[i].pre_handler=handler_pre;
kphyper[i].post_handler=handler_post;
kphyper[i].fault_handler=handler_fault;
//kphyper[i].addr=(kprobe_opcode_t *) (kallsyms_lookup_name("sys_ioctl"));
kphyper[i].addr=(kprobe_opcode_t *) (kallsyms_lookup_name("do_execve")+(i+1)*1);
//kphyper[i].addr=(kprobe_opcode_t *) (0x00080000+i*0x20);
//kphyper.symbol_name="hypercall_page"; kallsyms_lookup_name can't done
//kphyper.addr=0;
register_kprobe(&kphyper[i]);
if(kphyper[i].addr == NULL)
{
printk("Fortune: Error, can't find hyper address.\n");
return 1;
}
printk("Fortune: Kprobe at %p\n",kphyper[i].addr);
//printk("Fortune: code is 0x%lx\n",*((long *)kphyper[i].addr));
}
rphyper.handler=handler_ret;
rphyper.entry_handler=handler_entry;
rphyper.maxactive=20;
rphyper.kp.addr=(kprobe_opcode_t *) (kallsyms_lookup_name("do_execve"));
res=register_kretprobe(&rphyper);
if(res < 0)
{
printk("Fortune: Error, can't find rphyper address.\n");
return 1;
}
printk("Fortune: Kretprobe at %p\n",rphyper.kp.addr);
return 0;
}
static __init int init_mykp(void)
{
int idx;
int ret;
for (idx = 0; idx < NUM_SYMS; idx++) {
struct kprobe *kp = &kp_array[idx];
printk("%s: sym_name: %s\n", __func__, symbols[idx]);
kp->pre_handler = pre_handler;
kp->symbol_name = symbols[idx];
if ((ret = register_kprobe(kp)) < 0) {
printk("register_kprobe failed, returned %d\n", ret);
goto error;
}
printk(" => Addr: %p\n", kp->addr);
}
return 0;
error:
for (idx--; idx >= 0; idx--) {
struct kprobe *kp = &kp_array[idx];
unregister_kprobe(kp);
}
return 0;
}
