1*387f9dfdSAndroid Build Coastguard Worker#!/usr/bin/python 2*387f9dfdSAndroid Build Coastguard Worker# 3*387f9dfdSAndroid Build Coastguard Worker# strlen_snoop Trace strlen() library function for a given PID. 4*387f9dfdSAndroid Build Coastguard Worker# For Linux, uses BCC, eBPF. Embedded C. 5*387f9dfdSAndroid Build Coastguard Worker# 6*387f9dfdSAndroid Build Coastguard Worker# USAGE: strlensnoop PID 7*387f9dfdSAndroid Build Coastguard Worker# 8*387f9dfdSAndroid Build Coastguard Worker# Try running this on a separate bash shell. 9*387f9dfdSAndroid Build Coastguard Worker# 10*387f9dfdSAndroid Build Coastguard Worker# Written as a basic example of BCC and uprobes. 11*387f9dfdSAndroid Build Coastguard Worker# 12*387f9dfdSAndroid Build Coastguard Worker# Copyright 2016 Netflix, Inc. 13*387f9dfdSAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License") 14*387f9dfdSAndroid Build Coastguard Worker 15*387f9dfdSAndroid Build Coastguard Workerfrom __future__ import print_function 16*387f9dfdSAndroid Build Coastguard Workerfrom bcc import BPF 17*387f9dfdSAndroid Build Coastguard Workerfrom os import getpid 18*387f9dfdSAndroid Build Coastguard Workerimport sys 19*387f9dfdSAndroid Build Coastguard Worker 20*387f9dfdSAndroid Build Coastguard Workerif len(sys.argv) < 2: 21*387f9dfdSAndroid Build Coastguard Worker print("USAGE: strlensnoop PID") 22*387f9dfdSAndroid Build Coastguard Worker exit() 23*387f9dfdSAndroid Build Coastguard Workerpid = sys.argv[1] 24*387f9dfdSAndroid Build Coastguard Worker 25*387f9dfdSAndroid Build Coastguard Worker# load BPF program 26*387f9dfdSAndroid Build Coastguard Workerbpf_text = """ 27*387f9dfdSAndroid Build Coastguard Worker#include <uapi/linux/ptrace.h> 28*387f9dfdSAndroid Build Coastguard Workerint printarg(struct pt_regs *ctx) { 29*387f9dfdSAndroid Build Coastguard Worker if (!PT_REGS_PARM1(ctx)) 30*387f9dfdSAndroid Build Coastguard Worker return 0; 31*387f9dfdSAndroid Build Coastguard Worker 32*387f9dfdSAndroid Build Coastguard Worker u32 pid = bpf_get_current_pid_tgid(); 33*387f9dfdSAndroid Build Coastguard Worker if (pid != PID) 34*387f9dfdSAndroid Build Coastguard Worker return 0; 35*387f9dfdSAndroid Build Coastguard Worker 36*387f9dfdSAndroid Build Coastguard Worker char str[80] = {}; 37*387f9dfdSAndroid Build Coastguard Worker bpf_probe_read_user(&str, sizeof(str), (void *)PT_REGS_PARM1(ctx)); 38*387f9dfdSAndroid Build Coastguard Worker bpf_trace_printk("%s\\n", &str); 39*387f9dfdSAndroid Build Coastguard Worker 40*387f9dfdSAndroid Build Coastguard Worker return 0; 41*387f9dfdSAndroid Build Coastguard Worker}; 42*387f9dfdSAndroid Build Coastguard Worker""" 43*387f9dfdSAndroid Build Coastguard Workerbpf_text = bpf_text.replace('PID', pid) 44*387f9dfdSAndroid Build Coastguard Workerb = BPF(text=bpf_text) 45*387f9dfdSAndroid Build Coastguard Workerb.attach_uprobe(name="c", sym="strlen", fn_name="printarg") 46*387f9dfdSAndroid Build Coastguard Worker 47*387f9dfdSAndroid Build Coastguard Worker# header 48*387f9dfdSAndroid Build Coastguard Workerprint("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "STRLEN")) 49*387f9dfdSAndroid Build Coastguard Worker 50*387f9dfdSAndroid Build Coastguard Worker# format output 51*387f9dfdSAndroid Build Coastguard Workerme = getpid() 52*387f9dfdSAndroid Build Coastguard Workerwhile 1: 53*387f9dfdSAndroid Build Coastguard Worker try: 54*387f9dfdSAndroid Build Coastguard Worker (task, pid, cpu, flags, ts, msg) = b.trace_fields() 55*387f9dfdSAndroid Build Coastguard Worker except ValueError: 56*387f9dfdSAndroid Build Coastguard Worker continue 57*387f9dfdSAndroid Build Coastguard Worker if pid == me or msg == "": 58*387f9dfdSAndroid Build Coastguard Worker continue 59*387f9dfdSAndroid Build Coastguard Worker print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) 60