I want to find a way to use bpftrace to get read system call's return contents to verify if a software can prevent it so to protect the security of the critical info.
I'm new to BPF, and just tried to understand what info can BPF get from kernel or process, whether it can steal password/key entered by users, to know if it can then what's the possible way to avoid it.