⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.96
Server IP:
147.93.97.220
Server:
Linux srv843233 6.8.0-71-generic #71-Ubuntu SMP PREEMPT_DYNAMIC Tue Jul 22 16:52:38 UTC 2025 x86_64
Server Software:
nginx/1.28.0
PHP Version:
8.2.29
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
sbin
/
View File Name :
dcsnoop.bt
#!/usr/bin/env bpftrace /* * dcsnoop Trace directory entry cache (dcache) lookups. * For Linux, uses bpftrace and eBPF. * * This uses kernel dynamic tracing of kernel functions, lookup_fast() and * d_lookup(), which will need to be modified to match kernel changes. See * code comments. * * USAGE: dcsnoop.bt * * Copyright 2018 Netflix, Inc. * Licensed under the Apache License, Version 2.0 (the "License") * * 08-Sep-2018 Brendan Gregg Created this. */ #ifndef BPFTRACE_HAVE_BTF #include <linux/fs.h> #include <linux/sched.h> // from fs/namei.c: struct nameidata { struct path path; struct qstr last; // [...] }; #endif BEGIN { printf("Tracing dcache lookups... Hit Ctrl-C to end.\n"); printf("%-8s %-6s %-16s %1s %s\n", "TIME", "PID", "COMM", "T", "FILE"); } // comment out this block to avoid showing hits: kprobe:lookup_fast, kprobe:lookup_fast.constprop.* { $nd = (struct nameidata *)arg0; printf("%-8d %-6d %-16s R %s\n", elapsed / 1e6, pid, comm, str($nd->last.name)); } kprobe:d_lookup { $name = (struct qstr *)arg1; @fname[tid] = $name->name; } kretprobe:d_lookup /@fname[tid]/ { printf("%-8d %-6d %-16s M %s\n", elapsed / 1e6, pid, comm, str(@fname[tid])); delete(@fname[tid]); }