Search results

It's a bit different: that one is asking whether the tracepoint can get read system call's contents, as from what I have tried, it seems not to be able to, so just want to confirm. This one I know kProbe and uProbe are very likely able to get the content from the read, but want to know how to...

I want to find a way to use bpftrace to get read system call's return contents to verify if a software can prevent it so to protect the security of the critical info.

I'm new to BPF, and just tried to understand what info can BPF get from kernel or process, whether it can steal password/key entered by users, to know if it can then what's the possible way to avoid it.