sysraccoon · April 3, 2021 16:43
diff --git a/bpf_hello.py b/bpf_hello.py
 #!/bin/env python3

 from bcc import BPF

 bpf_text = '''
  int syscall__execve(void *ctx) 
  { 
    bpf_trace_printk("execve detected");
    return 0; 
  }
 '''

 bpf = BPF(text=bpf_text)
 execve_fname = bpf.get_syscall_fnname("execve")
 bpf.attach_kprobe(event=execve_fname, fn_name="syscall__execve").trace_print()
	#!/bin/env python3

	from bcc import BPF

	bpf_text = '''
	int syscall__execve(void *ctx)
	{
	bpf_trace_printk("execve detected");
	return 0;
	}
	'''

	bpf = BPF(text=bpf_text)
	execve_fname = bpf.get_syscall_fnname("execve")
	bpf.attach_kprobe(event=execve_fname, fn_name="syscall__execve").trace_print()
No results found