On Thu, Apr 12, 2012 at 10:38 AM, V.Ravikumar
wrote:
> Hi all,
> I'm probing sys_write system call using system tap to get modified file
> name along with UID.
> Here is code snippet.
>
> probe kernel.function ("vfs_write")
> {
>
> filename = user_string($file->f_dentry->d_name->name) //
Hi all,
I'm probing sys_write system call using system tap to get modified file
name along with UID.
Here is code snippet.
probe kernel.function ("vfs_write")
{
filename = user_string($file->f_dentry->d_name->name) // for
2.6.18 kernel.
printf ("%d %s\n",uid,filename)
}
I got sam
