使用bpftrace uprobe查看变量值

root@VM-20-5-ubuntu:~/bpftrace-developing# bpftrace -e 'uprobe:/bin/bash:readline { printf("PS1: %s\n", str(*uaddr("ps1_prompt"))); }'
Attaching 1 probe...
PS1: 

root@VM-20-5-ubuntu:~/bpftrace-developing# bpftrace  --include linux/sched.h -e 'uprobe:/bin/bash:readline { printf("PS1: %s\n", str(*(curtask->mm->mmap->vm_start + uaddr("ps1_prompt")))); }'
Attaching 1 probe...
PS1: \[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\

参考资料

uaddr(), usym(), ustack to support PIE ASLR · Issue #75 · iovisor/bpftrace · GitHub

上一篇:ebpf: 如果kprobe_probe_read函数恶意读取更多的size会发生什么


下一篇:MEASURING THE RELIABILITY OF REINFORCEMENT LEARNING ALGORITHMS