1*387f9dfdSAndroid Build Coastguard Worker#!/usr/bin/env bcc-lua 2*387f9dfdSAndroid Build Coastguard Worker--[[ 3*387f9dfdSAndroid Build Coastguard WorkerCopyright 2016 Marek Vavrusa <[email protected]> 4*387f9dfdSAndroid Build Coastguard Worker 5*387f9dfdSAndroid Build Coastguard WorkerLicensed under the Apache License, Version 2.0 (the "License"); 6*387f9dfdSAndroid Build Coastguard Workeryou may not use this file except in compliance with the License. 7*387f9dfdSAndroid Build Coastguard WorkerYou may obtain a copy of the License at 8*387f9dfdSAndroid Build Coastguard Worker 9*387f9dfdSAndroid Build Coastguard Workerhttp://www.apache.org/licenses/LICENSE-2.0 10*387f9dfdSAndroid Build Coastguard Worker 11*387f9dfdSAndroid Build Coastguard WorkerUnless required by applicable law or agreed to in writing, software 12*387f9dfdSAndroid Build Coastguard Workerdistributed under the License is distributed on an "AS IS" BASIS, 13*387f9dfdSAndroid Build Coastguard WorkerWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*387f9dfdSAndroid Build Coastguard WorkerSee the License for the specific language governing permissions and 15*387f9dfdSAndroid Build Coastguard Workerlimitations under the License. 16*387f9dfdSAndroid Build Coastguard Worker]] 17*387f9dfdSAndroid Build Coastguard Worker-- Trace readline() call from all bash instances (print bash commands from all running shells). 18*387f9dfdSAndroid Build Coastguard Worker-- This is rough equivallent to `bashreadline` 19*387f9dfdSAndroid Build Coastguard Worker-- Source: http://www.brendangregg.com/blog/2016-02-08/linux-ebpf-bcc-uprobes.html 20*387f9dfdSAndroid Build Coastguard Workerlocal ffi = require('ffi') 21*387f9dfdSAndroid Build Coastguard Workerlocal bpf = require('bpf') 22*387f9dfdSAndroid Build Coastguard Workerlocal S = require('syscall') 23*387f9dfdSAndroid Build Coastguard Worker-- Kernel-space part of the program 24*387f9dfdSAndroid Build Coastguard Workerlocal probe = bpf.uprobe('/bin/bash:readline', function (ptregs) 25*387f9dfdSAndroid Build Coastguard Worker local line = ffi.new('char [40]') -- Create a 40 byte buffer on stack 26*387f9dfdSAndroid Build Coastguard Worker ffi.copy(line, ffi.cast('char *', ptregs.ax)) -- Cast `ax` to string pointer and copy to buffer 27*387f9dfdSAndroid Build Coastguard Worker print('%s\n', line) -- Print to trace_pipe 28*387f9dfdSAndroid Build Coastguard Workerend, true, -1, 0) 29*387f9dfdSAndroid Build Coastguard Worker-- User-space part of the program 30*387f9dfdSAndroid Build Coastguard Workerlocal ok, err = pcall(function() 31*387f9dfdSAndroid Build Coastguard Worker local log = bpf.tracelog() 32*387f9dfdSAndroid Build Coastguard Worker print(' TASK-PID CPU# TIMESTAMP FUNCTION') 33*387f9dfdSAndroid Build Coastguard Worker print(' | | | | |') 34*387f9dfdSAndroid Build Coastguard Worker while true do 35*387f9dfdSAndroid Build Coastguard Worker print(log:read()) 36*387f9dfdSAndroid Build Coastguard Worker end 37*387f9dfdSAndroid Build Coastguard Workerend) 38