From c0893c31e6ec8048103e84e10b368c9381d64dc2 Mon Sep 17 00:00:00 2001 From: SoulKindred <91552157+SoulKindred@users.noreply.github.com> Date: Wed, 7 Jun 2023 22:05:15 +0200 Subject: [PATCH 1/3] Add files via upload Uploading funcall_trace scripts. Both scripts do essentially the same. Script 1 is simplified for the use with python. Script 2 gives more information, but is more difficult for use with python. The script 2 might be useful for further tracing. --- src/funcall_trace1.stp | 8 ++++++ src/funcall_trace2.stp | 58 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 src/funcall_trace1.stp create mode 100644 src/funcall_trace2.stp diff --git a/src/funcall_trace1.stp b/src/funcall_trace1.stp new file mode 100644 index 0000000..d83e059 --- /dev/null +++ b/src/funcall_trace1.stp @@ -0,0 +1,8 @@ + +probe kernel.function("register_keyboard_notifier").call + { + printf("%s (%d)\n", execname(),tid()) + } +probe end{ + printf("end\n") +} diff --git a/src/funcall_trace2.stp b/src/funcall_trace2.stp new file mode 100644 index 0000000..4f38637 --- /dev/null +++ b/src/funcall_trace2.stp @@ -0,0 +1,58 @@ +#! /usr/bin/env stap +# +# Copyright (C) 2010-2015 Red Hat, Inc. +# Written by William Cohen +# +# The linetimes.stp script takes two arguments: where to find the function +# and the function name. linetimes.stp will instrument each line in the +# function. It will print out the number of times that the function is +# called, a table with the average and maximum time each line takes, +# and control flow information when the script exits. +# +# For example all the lines of the do_unlinkat function: +# +# stap linetimes.stp kernel do_unlinkat + +global calls, times, last_pp, region, cfg + +probe $1.function(@2).call { calls <<< 1 } +probe $1.function(@2).return { + t = gettimeofday_us() + s = times[tid()] + if (s) { + e = t - s + region[last_pp[tid()]] <<< e + cfg[last_pp[tid()], pp()] <<< 1 + } + delete times[tid()] + delete last_pp[tid()] +} + +probe $1.statement(@2 "@*:*") { + t = gettimeofday_us() + s = times[tid()] + if (s) { + e = t - s + region[last_pp[tid()]] <<< e + cfg[last_pp[tid()], pp()] <<< 1 + } + times[tid()] = t + last_pp[tid()] = pp() +} + +probe end { + printf("\n%s %s call count: %d\n", @1, @2, @count(calls)); + printf("\n%-58s %10s %10s\n", "region", "avg(us)", "max(us)"); + foreach (p+ in region) { + printf("%-58s %10d %10d\n", p, @avg(region[p]), @max(region[p])); + } + + printf("\n\ncontrol flow graph information\n") + printf("from\n\tto\n=======================\n") + foreach ([src+] in region) { + printf("%-s\n", src) + foreach ([s,dest+] in cfg[src,*]) { # slice for all dest's + printf("\t%-s %d\n", dest, @count(cfg[src,dest])); + } + } +} From 00c2b25a272ce2a34158a73104433a5d2750a537 Mon Sep 17 00:00:00 2001 From: SoulKindred <91552157+SoulKindred@users.noreply.github.com> Date: Thu, 8 Jun 2023 00:10:25 +0200 Subject: [PATCH 2/3] Update dev_journal.md avoided copyright infringement --- doc/dev_journal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/dev_journal.md b/doc/dev_journal.md index 5c19c56..90868ea 100644 --- a/doc/dev_journal.md +++ b/doc/dev_journal.md @@ -177,4 +177,4 @@ All in all, the main functionality works as intended. Basically now would be the ## Wednesday, 7, June 2023 ### Michel -I have written 2 systemtap scripts, that can detect, whenever a module registers at the Keyboard-notifier. The Script can currently detect whenever a module registers. However, neither of them can detect which kernel module registered. Here comes Sebastians idea of writing a python script, that can unload all un-known modules and loads them back in, whilst the stap-script is running. Whenever a module is loaded in, and it triggers the stap-script, we know it is tracking key-strokes. Those modules will be shown to the user and the user then has to decide whether to unload and remove them, or keep them. +I have written 1 systemtap scripts, that can detect, whenever a module registers at the Keyboard-notifier. The Script can currently detect whenever a module registers. However, it can not detect which kernel module registered. Here comes Sebastians idea of writing a python script, that can unload all un-known modules and loads them back in, whilst the stap-script is running. Whenever a module is loaded in, and it triggers the stap-script, we know it is tracking key-strokes. Those modules will be shown to the user and the user then has to decide whether to unload and remove them, or keep them. I got the idea for the short-script from redheat. The readhat-script is called funcall-tracer2.stp . My script is symplified for the work with python. From 0bc37048460174447b68950bbae7bc0aaff77242 Mon Sep 17 00:00:00 2001 From: SoulKindred <91552157+SoulKindred@users.noreply.github.com> Date: Thu, 8 Jun 2023 00:14:31 +0200 Subject: [PATCH 3/3] Update dev_journal.md updated journal and dodged copyright infringement --- doc/dev_journal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/dev_journal.md b/doc/dev_journal.md index 5c19c56..2365eac 100644 --- a/doc/dev_journal.md +++ b/doc/dev_journal.md @@ -177,4 +177,4 @@ All in all, the main functionality works as intended. Basically now would be the ## Wednesday, 7, June 2023 ### Michel -I have written 2 systemtap scripts, that can detect, whenever a module registers at the Keyboard-notifier. The Script can currently detect whenever a module registers. However, neither of them can detect which kernel module registered. Here comes Sebastians idea of writing a python script, that can unload all un-known modules and loads them back in, whilst the stap-script is running. Whenever a module is loaded in, and it triggers the stap-script, we know it is tracking key-strokes. Those modules will be shown to the user and the user then has to decide whether to unload and remove them, or keep them. +I have written 1 systemtap scripts, that can detect, whenever a module registers at the Keyboard-notifier. The Script can currently detect whenever a module registers. My script cant detect which kernel module registered. Here comes Sebastians idea of writing a python script, that can unload all un-known modules and loads them back in, whilst the stap-script is running. Whenever a module is loaded in, and it triggers the stap-script, we know it is tracking key-strokes. Those modules will be shown to the user and the user then has to decide whether to unload and remove them, or keep them. My script is based on a redhat-script. The redhat-script is called funcall_tracer2.stp . The idea behind both scripts is the same. My script is simplyfied for the use with python.