how to use bpftrace to check an app's read system calls' contents?

wzis

New Member
Credits
31
I want to find a way to use bpftrace to get read system call's return contents to verify if a software can prevent it so to protect the security of the critical info.
 


wzis

New Member
Credits
31
It's a bit different: that one is asking whether the tracepoint can get read system call's contents, as from what I have tried, it seems not to be able to, so just want to confirm.
This one I know kProbe and uProbe are very likely able to get the content from the read, but want to know how to achieve that to test the software whether it can effectively prevent it.
 

f33dm3bits

Gold Member
Gold Supporter
Credits
25,562
I would either look in the reference guide for that information or ask it on the project's discussion page since this is very specific software so the creators of the software will be able to best answer your question if you can't find the answer in the reference guide.
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Staff online

Members online


Top