![[KDLP] logo](/assets/kdlp_logo.png){kind=logo}
We will assign you a syscall and give you our specially designed program.
bpftraceRun strace on the provided program
Answer question 0 in assignment.md
Find the syscall definition within the kernel source
Answer question 1 in the assignment.md file
Write a bpftrace snippet to insert a probe that will print the syscall args and kernel stack in real time as the syscall is invoked
Ensure that the bpf probe is only triggered when our specific command is run
Suggested: bpftrace/reference_guide.md at master
Hint: A script file must be marked as executable to be run
Hint: The first line of an executable bpftrace file must be “#!/usr/bin/env bpftrace”
Re-run the program with the bpf probe inserted via your bpftrace code
Document your process in the cover letter as always
strace
man
cscope
git-blame
git-grep [ -n ]
bpftrace and other BPF tooling
A cover letter following the assignment submission guidelines (as always)
A patch which adds a directory named firstname_lastname to the A4 folder of the class repo with a copy of assignment.md.
A patch that includes your changes to assignment.md
A patch that includes the new entries in log.txt from all the times you ran the program
A patch that includes two full logs from strace from running the program. Once as your regular user and once as running as root using sudo. Make sure you label which is which
A patch that adds your *.bp bpftrace program