22 lines
578 B
Python
22 lines
578 B
Python
|
"""基础验证:eBPF kprobe Hello World 程序(实验大纲 基础验证部分)"""
|
|||
|
|
|
|||
|
|
from bcc import BPF
|
|||
|
|
|
|||
|
|
prog = """
|
|||
|
|
int hello(void *ctx) {
|
|||
|
|
bpf_trace_printk("Hello, World!\\n");
|
|||
|
|
return 0;
|
|||
|
|
}
|
|||
|
|
"""
|
|||
|
|
|
|||
|
|
b = BPF(text=prog)
|
|||
|
|
execve_function = b.get_syscall_fnname("execve")
|
|||
|
|
b.attach_kprobe(event=execve_function, fn_name="hello")
|
|||
|
|
|
|||
|
|
print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "MESSAGE"))
|
|||
|
|
while True:
|
|||
|
|
try:
|
|||
|
|
task, pid, cpu, flags, ts, msg = b.trace_fields()
|
|||
|
|
except ValueError:
|
|||
|
|
continue
|
|||
|
|
print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
|