how to use bpftrace to check an app's read system calls' contents?

wzis

New Member
Joined
Mar 10, 2021
Messages
3
Reaction score
0
Credits
31
I want to find a way to use bpftrace to get read system call's return contents to verify if a software can prevent it so to protect the security of the critical info.
 


It's a bit different: that one is asking whether the tracepoint can get read system call's contents, as from what I have tried, it seems not to be able to, so just want to confirm.
This one I know kProbe and uProbe are very likely able to get the content from the read, but want to know how to achieve that to test the software whether it can effectively prevent it.
 
I would either look in the reference guide for that information or ask it on the project's discussion page since this is very specific software so the creators of the software will be able to best answer your question if you can't find the answer in the reference guide.
 

Members online


Top