2

The following kprobe_based event example works well:

$ echo 'p:myprobe do_sys_open' > /sys/kernel/debug/tracing/kprobe_events

But, adding fetching arguments doesn't work:

$ echo 'p:myprobe do_sys_open dfd=%ax filename=%dx flags=%cx mode=+4($stack)' > /sys/kernel/debug/tracing/kprobe_events 
Invalid argument

I think that the problem is %ax, %dx... What is their meaning? And how can I make this code work?

pchaigno
  • 11,313
  • 2
  • 29
  • 54
bestn
  • 35
  • 8

1 Answers1

1

%ax, %dx, etc. refer to the registers of your system. As hinted in the documentation, you'll need to change these if your architecture is not x86:

Note, which register/stack entry is assigned to each function argument depends on arch-specific ABI.

Since it looks like you're on arm (raspberry-pi tag), you can use the following:

$ echo 'p:myprobe do_sys_open dfd=%r0 filename=%r1 flags=%r2 mode=%r3' > /sys/kernel/debug/tracing/kprobe_events
pchaigno
  • 11,313
  • 2
  • 29
  • 54
  • Thank you!!, I know the documentation!. But, I didn't know %r1, %r2 like parameters for funtion arguemnts. How do you know that?? What kind of document I can see that – bestn May 15 '18 at 02:49
  • Those are the names of the registers in ARM: http://www.davespace.co.uk/arm/introduction-to-arm/registers.html and https://stackoverflow.com/questions/33245751/android-cpu-register-names. – pchaigno May 15 '18 at 09:12
  • The processor ABI determines several items of importance to the compiler authors including which cpu registers are used for what purpose (like passing arguments, return value, etc). Pl ref https://kaiwantech.wordpress.com/2018/05/07/application-binary-interface-abi-docs-and-their-meaning/ – kaiwan Oct 11 '21 at 03:48