diff --git a/doc/dev_journal.md b/doc/dev_journal.md index 5c19c56..cf96a4c 100644 --- a/doc/dev_journal.md +++ b/doc/dev_journal.md @@ -177,4 +177,6 @@ All in all, the main functionality works as intended. Basically now would be the ## Wednesday, 7, June 2023 ### Michel -I have written 2 systemtap scripts, that can detect, whenever a module registers at the Keyboard-notifier. The Script can currently detect whenever a module registers. However, neither of them can detect which kernel module registered. Here comes Sebastians idea of writing a python script, that can unload all un-known modules and loads them back in, whilst the stap-script is running. Whenever a module is loaded in, and it triggers the stap-script, we know it is tracking key-strokes. Those modules will be shown to the user and the user then has to decide whether to unload and remove them, or keep them. + +I have written 1 systemtap scripts, that can detect, whenever a module registers at the Keyboard-notifier. The Script can currently detect whenever a module registers. My script cant detect which kernel module registered. Here comes Sebastians idea of writing a python script, that can unload all un-known modules and loads them back in, whilst the stap-script is running. Whenever a module is loaded in, and it triggers the stap-script, we know it is tracking key-strokes. Those modules will be shown to the user and the user then has to decide whether to unload and remove them, or keep them. My script is based on a redhat-script. The redhat-script is called funcall_tracer2.stp . The idea behind both scripts is the same. My script is simplyfied for the use with python. + diff --git a/src/funcall_trace1.stp b/src/funcall_trace1.stp new file mode 100644 index 0000000..d83e059 --- /dev/null +++ b/src/funcall_trace1.stp @@ -0,0 +1,8 @@ + +probe kernel.function("register_keyboard_notifier").call + { + printf("%s (%d)\n", execname(),tid()) + } +probe end{ + printf("end\n") +} diff --git a/src/funcall_trace2.stp b/src/funcall_trace2.stp new file mode 100644 index 0000000..4f38637 --- /dev/null +++ b/src/funcall_trace2.stp @@ -0,0 +1,58 @@ +#! /usr/bin/env stap +# +# Copyright (C) 2010-2015 Red Hat, Inc. +# Written by William Cohen +# +# The linetimes.stp script takes two arguments: where to find the function +# and the function name. linetimes.stp will instrument each line in the +# function. It will print out the number of times that the function is +# called, a table with the average and maximum time each line takes, +# and control flow information when the script exits. +# +# For example all the lines of the do_unlinkat function: +# +# stap linetimes.stp kernel do_unlinkat + +global calls, times, last_pp, region, cfg + +probe $1.function(@2).call { calls <<< 1 } +probe $1.function(@2).return { + t = gettimeofday_us() + s = times[tid()] + if (s) { + e = t - s + region[last_pp[tid()]] <<< e + cfg[last_pp[tid()], pp()] <<< 1 + } + delete times[tid()] + delete last_pp[tid()] +} + +probe $1.statement(@2 "@*:*") { + t = gettimeofday_us() + s = times[tid()] + if (s) { + e = t - s + region[last_pp[tid()]] <<< e + cfg[last_pp[tid()], pp()] <<< 1 + } + times[tid()] = t + last_pp[tid()] = pp() +} + +probe end { + printf("\n%s %s call count: %d\n", @1, @2, @count(calls)); + printf("\n%-58s %10s %10s\n", "region", "avg(us)", "max(us)"); + foreach (p+ in region) { + printf("%-58s %10d %10d\n", p, @avg(region[p]), @max(region[p])); + } + + printf("\n\ncontrol flow graph information\n") + printf("from\n\tto\n=======================\n") + foreach ([src+] in region) { + printf("%-s\n", src) + foreach ([s,dest+] in cfg[src,*]) { # slice for all dest's + printf("\t%-s %d\n", dest, @count(cfg[src,dest])); + } + } +}