File Manager

X7ROOT File Manager

Current Path: /usr/share/systemtap/tapset/linux

usr / share / systemtap / tapset / linux /

📁 ..
📁 arm
📁 arm64
📄 atomic.stp(1.53 KB)
📄 aux_syscalls.stp(143.78 KB)
📄 context-caller.stp(3.07 KB)
📄 context-envvar.stp(1.72 KB)
📄 context-symbols.stp(11.99 KB)
📄 context-unwind.stp(2.81 KB)
📄 context.stp(18.57 KB)
📄 context.stpm(125 B)
📄 conversions-guru.stp(5.74 KB)
📄 conversions.stp(15.34 KB)
📄 ctime.stp(5.54 KB)
📄 dentry.stp(10.11 KB)
📄 dev.stp(1.9 KB)
📄 endian.stp(602 B)
📄 guru-delay.stp(1.2 KB)
📄 guru-signal.stp(1.07 KB)
📁 i386
📁 ia64
📄 inet.stp(1.42 KB)
📄 inet.stpm(383 B)
📄 inet_sock.stp(1.25 KB)
📄 ioblock.stp(15.04 KB)
📄 ioscheduler.stp(11.89 KB)
📄 ip.stp(5.35 KB)
📄 ipmib-filter-default.stp(965 B)
📄 ipmib.stp(12.68 KB)
📄 irq.stp(5 KB)
📄 json.stp(8.98 KB)
📄 json.stpm(6.11 KB)
📄 kprocess.stp(4.4 KB)
📄 kretprobe.stp(2.1 KB)
📄 linuxmib-filter-default.stp(876 B)
📄 linuxmib.stp(3.63 KB)
📄 loadavg.stp(1.95 KB)
📄 logging.stp(2.12 KB)
📄 memory.stp(18.74 KB)
📁 mips
📄 netfilter.stp(35.49 KB)
📄 networking.stp(9.37 KB)
📄 nfs.stp(38.06 KB)
📄 nfs_proc.stp(55.46 KB)
📄 nfs_proc.stpm(1.18 KB)
📄 nfsd.stp(46.27 KB)
📄 nfsderrno.stp(11.7 KB)
📄 panic.stp(1.07 KB)
📄 perf.stp(5.16 KB)
📁 powerpc
📄 proc_mem.stp(12.05 KB)
📄 pstrace.stp(773 B)
📄 rcu.stp(928 B)
📄 rlimit.stp(1.35 KB)
📄 rpc.stp(37.67 KB)
📁 s390
📄 scheduler.stp(11.36 KB)
📄 scsi.stp(9.47 KB)
📄 signal.stp(28.69 KB)
📄 socket.stp(34.2 KB)
📄 sysc_accept.stp(7.32 KB)
📄 sysc_accept4.stp(7.24 KB)
📄 sysc_access.stp(2.45 KB)
📄 sysc_acct.stp(2.18 KB)
📄 sysc_add_key.stp(2.91 KB)
📄 sysc_adjtimex.stp(5.28 KB)
📄 sysc_alarm.stp(2.52 KB)
📄 sysc_bdflush.stp(2.75 KB)
📄 sysc_bind.stp(6.43 KB)
📄 sysc_bpf.stp(2.33 KB)
📄 sysc_brk.stp(2.33 KB)
📄 sysc_capget.stp(2.71 KB)
📄 sysc_capset.stp(2.71 KB)
📄 sysc_chdir.stp(2.23 KB)
📄 sysc_chmod.stp(2.51 KB)
📄 sysc_chown.stp(3.27 KB)
📄 sysc_chown16.stp(2.61 KB)
📄 sysc_chroot.stp(2.29 KB)
📄 sysc_clock_adjtime.stp(4.72 KB)
📄 sysc_clock_getres.stp(3.82 KB)
📄 sysc_clock_gettime.stp(3.62 KB)
📄 sysc_clock_nanosleep.stp(7.25 KB)
📄 sysc_clock_settime.stp(5.02 KB)
📄 sysc_clone.stp(6.19 KB)
📄 sysc_close.stp(2.47 KB)
📄 sysc_connect.stp(6.82 KB)
📄 sysc_copy_file_range.stp(3.15 KB)
📄 sysc_creat.stp(2.28 KB)
📄 sysc_delete_module.stp(2.87 KB)
📄 sysc_dup.stp(2.09 KB)
📄 sysc_dup2.stp(2.63 KB)
📄 sysc_dup3.stp(2.66 KB)
📄 sysc_epoll_create.stp(5.29 KB)
📄 sysc_epoll_ctl.stp(3.5 KB)
📄 sysc_epoll_pwait.stp(3.49 KB)
📄 sysc_epoll_wait.stp(4.33 KB)
📄 sysc_eventfd.stp(4.86 KB)
📄 sysc_execve.stp(6.11 KB)
📄 sysc_execveat.stp(6.78 KB)
📄 sysc_exit.stp(1.54 KB)
📄 sysc_exit_group.stp(1.66 KB)
📄 sysc_faccessat.stp(3.2 KB)
📄 sysc_fadvise64.stp(7.43 KB)
📄 sysc_fallocate.stp(3.29 KB)
📄 sysc_fanotify_init.stp(3.02 KB)
📄 sysc_fanotify_mark.stp(5.75 KB)
📄 sysc_fchdir.stp(2.23 KB)
📄 sysc_fchmod.stp(2.52 KB)
📄 sysc_fchmodat.stp(3.2 KB)
📄 sysc_fchown.stp(3.28 KB)
📄 sysc_fchown16.stp(2.59 KB)
📄 sysc_fchownat.stp(3.24 KB)
📄 sysc_fcntl.stp(4.37 KB)
📄 sysc_fdatasync.stp(2.39 KB)
📄 sysc_fgetxattr.stp(2.94 KB)
📄 sysc_finit_module.stp(2.86 KB)
📄 sysc_flistxattr.stp(2.61 KB)
📄 sysc_flock.stp(2.28 KB)
📄 sysc_fork.stp(2.53 KB)
📄 sysc_fremovexattr.stp(2.73 KB)
📄 sysc_fsetxattr.stp(3.34 KB)
📄 sysc_fstat.stp(5.76 KB)
📄 sysc_fstatat.stp(5.21 KB)
📄 sysc_fstatfs.stp(2.94 KB)
📄 sysc_fstatfs64.stp(2.86 KB)
📄 sysc_fsync.stp(2.18 KB)
📄 sysc_ftruncate.stp(5.54 KB)
📄 sysc_futex.stp(5.11 KB)
📄 sysc_futimesat.stp(5.91 KB)
📄 sysc_get_mempolicy.stp(4.1 KB)
📄 sysc_get_robust_list.stp(4.12 KB)
📄 sysc_getcpu.stp(2.63 KB)
📄 sysc_getcwd.stp(2.43 KB)
📄 sysc_getdents.stp(5.18 KB)
📄 sysc_getegid.stp(3.46 KB)
📄 sysc_geteuid.stp(3.4 KB)
📄 sysc_getgid.stp(3.32 KB)
📄 sysc_getgroups.stp(3.91 KB)
📄 sysc_gethostname.stp(1.22 KB)
📄 sysc_getitimer.stp(4.87 KB)
📄 sysc_getpeername.stp(7.01 KB)
📄 sysc_getpgid.stp(2.6 KB)
📄 sysc_getpgrp.stp(2.04 KB)
📄 sysc_getpid.stp(1.98 KB)
📄 sysc_getppid.stp(2.06 KB)
📄 sysc_getpriority.stp(2.62 KB)
📄 sysc_getrandom.stp(2.72 KB)
📄 sysc_getresgid.stp(3.73 KB)
📄 sysc_getresuid.stp(3.54 KB)
📄 sysc_getrlimit.stp(4.08 KB)
📄 sysc_getrusage.stp(3.45 KB)
📄 sysc_getsid.stp(2.26 KB)
📄 sysc_getsockname.stp(7.03 KB)
📄 sysc_getsockopt.stp(7.88 KB)
📄 sysc_gettid.stp(2.01 KB)
📄 sysc_gettimeofday.stp(3.7 KB)
📄 sysc_getuid.stp(3.35 KB)
📄 sysc_getxattr.stp(3 KB)
📄 sysc_init_module.stp(2.76 KB)
📄 sysc_inotify_add_watch.stp(3.25 KB)
📄 sysc_inotify_init.stp(5.26 KB)
📄 sysc_inotify_rm_watch.stp(2.89 KB)
📄 sysc_io_cancel.stp(2.85 KB)
📄 sysc_io_destroy.stp(2.5 KB)
📄 sysc_io_getevents.stp(4.25 KB)
📄 sysc_io_setup.stp(3.43 KB)
📄 sysc_io_submit.stp(3.46 KB)
📄 sysc_ioctl.stp(3.12 KB)
📄 sysc_ioperm.stp(2.41 KB)
📄 sysc_ioprio_get.stp(2.65 KB)
📄 sysc_ioprio_set.stp(2.82 KB)
📄 sysc_kcmp.stp(2.51 KB)
📄 sysc_kexec_file_load.stp(3.35 KB)
📄 sysc_kexec_load.stp(3.96 KB)
📄 sysc_keyctl.stp(3.16 KB)
📄 sysc_kill.stp(2.25 KB)
📄 sysc_lchown.stp(3.34 KB)
📄 sysc_lchown16.stp(2.66 KB)
📄 sysc_lgetxattr.stp(3.05 KB)
📄 sysc_link.stp(2.34 KB)
📄 sysc_linkat.stp(3.26 KB)
📄 sysc_listen.stp(6.17 KB)
📄 sysc_listxattr.stp(2.72 KB)
📄 sysc_llistxattr.stp(2.78 KB)
📄 sysc_llseek.stp(2.81 KB)
📄 sysc_lookup_dcookie.stp(3.39 KB)
📄 sysc_lremovexattr.stp(3.11 KB)
📄 sysc_lseek.stp(3.98 KB)
📄 sysc_lsetxattr.stp(3.22 KB)
📄 sysc_lstat.stp(5.91 KB)
📄 sysc_madvise.stp(2.55 KB)
📄 sysc_mbind.stp(3.69 KB)
📄 sysc_membarrier.stp(2.65 KB)
📄 sysc_memfd_create.stp(2.77 KB)
📄 sysc_migrate_pages.stp(3.83 KB)
📄 sysc_mincore.stp(2.47 KB)
📄 sysc_mkdir.stp(2.38 KB)
📄 sysc_mkdirat.stp(2.92 KB)
📄 sysc_mknod.stp(2.45 KB)
📄 sysc_mknodat.stp(3.07 KB)
📄 sysc_mlock.stp(2.27 KB)
📄 sysc_mlock2.stp(2.47 KB)
📄 sysc_mlockall.stp(2.46 KB)
📄 sysc_mmap2.stp(5.45 KB)
📄 sysc_modify_ldt.stp(2.67 KB)
📄 sysc_mount.stp(3.53 KB)
📄 sysc_move_pages.stp(4.09 KB)
📄 sysc_mprotect.stp(2.55 KB)
📄 sysc_mq_getsetattr.stp(3.95 KB)
📄 sysc_mq_notify.stp(3.51 KB)
📄 sysc_mq_open.stp(4.54 KB)
📄 sysc_mq_timedreceive.stp(5.18 KB)
📄 sysc_mq_timedsend.stp(4.96 KB)
📄 sysc_mq_unlink.stp(2.53 KB)
📄 sysc_mremap.stp(3.01 KB)
📄 sysc_msgctl.stp(7.35 KB)
📄 sysc_msgget.stp(3.73 KB)
📄 sysc_msgrcv.stp(9.48 KB)
📄 sysc_msgsnd.stp(7.81 KB)
📄 sysc_msync.stp(2.44 KB)
📄 sysc_munlock.stp(2.39 KB)
📄 sysc_munlockall.stp(2.29 KB)
📄 sysc_munmap.stp(2.35 KB)
📄 sysc_name_to_handle_at.stp(3.46 KB)
📄 sysc_nanosleep.stp(5.22 KB)
📄 sysc_nfsservctl.stp(2.23 KB)
📄 sysc_ni_syscall.stp(1.4 KB)
📄 sysc_nice.stp(2.15 KB)
📄 sysc_open.stp(3.79 KB)
📄 sysc_open_by_handle_at.stp(3.8 KB)
📄 sysc_openat.stp(3.34 KB)
📄 sysc_pause.stp(2.5 KB)
📄 sysc_perf_event_open.stp(3.24 KB)
📄 sysc_personality.stp(2.74 KB)
📄 sysc_pipe.stp(9.86 KB)
📄 sysc_pivot_root.stp(2.71 KB)
📄 sysc_poll.stp(2.35 KB)
📄 sysc_ppoll.stp(5.38 KB)
📄 sysc_prctl.stp(2.48 KB)
📄 sysc_pread.stp(4.51 KB)
📄 sysc_preadv.stp(4.12 KB)
📄 sysc_preadv2.stp(4.48 KB)
📄 sysc_prlimit64.stp(2.97 KB)
📄 sysc_process_vm_readv.stp(4.08 KB)
📄 sysc_process_vm_writev.stp(4.13 KB)
📄 sysc_pselect6.stp(5.62 KB)
📄 sysc_pselect7.stp(3.58 KB)
📄 sysc_ptrace.stp(3.18 KB)
📄 sysc_pwrite.stp(6.27 KB)
📄 sysc_pwritev.stp(4.23 KB)
📄 sysc_pwritev2.stp(4.58 KB)
📄 sysc_quotactl.stp(4 KB)
📄 sysc_read.stp(3.29 KB)
📄 sysc_readahead.stp(3.02 KB)
📄 sysc_readdir.stp(3.6 KB)
📄 sysc_readlink.stp(2.59 KB)
📄 sysc_readlinkat.stp(3.24 KB)
📄 sysc_readv.stp(3.07 KB)
📄 sysc_reboot.stp(2.77 KB)
📄 sysc_recv.stp(6.7 KB)
📄 sysc_recvfrom.stp(7.82 KB)
📄 sysc_recvmmsg.stp(5.84 KB)
📄 sysc_recvmsg.stp(10.35 KB)
📄 sysc_remap_file_pages.stp(3.37 KB)
📄 sysc_removexattr.stp(2.75 KB)
📄 sysc_rename.stp(2.48 KB)
📄 sysc_renameat.stp(3.3 KB)
📄 sysc_renameat2.stp(3.61 KB)
📄 sysc_request_key.stp(3.23 KB)
📄 sysc_restart_syscall.stp(2.5 KB)
📄 sysc_rmdir.stp(2.25 KB)
📄 sysc_rt_sigaction.stp(6.2 KB)
📄 sysc_rt_sigpending.stp(4.35 KB)
📄 sysc_rt_sigprocmask.stp(7.87 KB)
📄 sysc_rt_sigqueueinfo.stp(4.26 KB)
📄 sysc_rt_sigreturn.stp(1.6 KB)
📄 sysc_rt_sigsuspend.stp(3.45 KB)
📄 sysc_rt_sigtimedwait.stp(5.08 KB)
📄 sysc_rt_tgsigqueueinfo.stp(3.92 KB)
📄 sysc_sched_get_priority_max.stp(3.26 KB)
📄 sysc_sched_get_priority_min.stp(3.26 KB)
📄 sysc_sched_getaffinity.stp(3.62 KB)
📄 sysc_sched_getattr.stp(3.05 KB)
📄 sysc_sched_getparam.stp(2.84 KB)
📄 sysc_sched_getscheduler.stp(2.94 KB)
📄 sysc_sched_rr_get_interval.stp(4.41 KB)
📄 sysc_sched_setaffinity.stp(3.49 KB)
📄 sysc_sched_setattr.stp(2.98 KB)
📄 sysc_sched_setparam.stp(2.83 KB)
📄 sysc_sched_setscheduler.stp(3.2 KB)
📄 sysc_sched_yield.stp(2.26 KB)
📄 sysc_seccomp.stp(2.76 KB)
📄 sysc_select.stp(5.55 KB)
📄 sysc_semctl.stp(7.22 KB)
📄 sysc_semget.stp(3.79 KB)
📄 sysc_semop.stp(4.73 KB)
📄 sysc_semtimedop.stp(8.8 KB)
📄 sysc_send.stp(6.81 KB)
📄 sysc_sendfile.stp(4.38 KB)
📄 sysc_sendmmsg.stp(8.61 KB)
📄 sysc_sendmsg.stp(11.48 KB)
📄 sysc_sendto.stp(7.66 KB)
📄 sysc_set_mempolicy.stp(3.69 KB)
📄 sysc_set_robust_list.stp(3.92 KB)
📄 sysc_set_tid_address.stp(2.83 KB)
📄 sysc_setdomainname.stp(3.04 KB)
📄 sysc_setfsgid.stp(4.43 KB)
📄 sysc_setfsuid.stp(4.48 KB)
📄 sysc_setgid.stp(4.23 KB)
📄 sysc_setgroups.stp(4.1 KB)
📄 sysc_sethostname.stp(2.72 KB)
📄 sysc_setitimer.stp(5.61 KB)
📄 sysc_setns.stp(2.34 KB)
📄 sysc_setpgid.stp(2.41 KB)
📄 sysc_setpriority.stp(2.79 KB)
📄 sysc_setregid.stp(5.84 KB)
📄 sysc_setresgid.stp(6.12 KB)
📄 sysc_setresuid.stp(6.13 KB)
📄 sysc_setreuid.stp(5.84 KB)
📄 sysc_setrlimit.stp(3.61 KB)
📄 sysc_setsid.stp(2.05 KB)
📄 sysc_setsockopt.stp(7.77 KB)
📄 sysc_settimeofday.stp(6.01 KB)
📄 sysc_setuid.stp(4.23 KB)
📄 sysc_setxattr.stp(3.12 KB)
📄 sysc_sgetmask.stp(2.12 KB)
📄 sysc_shmat.stp(5.88 KB)
📄 sysc_shmctl.stp(7.23 KB)
📄 sysc_shmdt.stp(3.36 KB)
📄 sysc_shmget.stp(3.7 KB)
📄 sysc_shutdown.stp(6.46 KB)
📄 sysc_sigaction.stp(5.2 KB)
📄 sysc_sigaltstack.stp(3.83 KB)
📄 sysc_signal.stp(2.5 KB)
📄 sysc_signalfd.stp(11.53 KB)
📄 sysc_sigpending.stp(3.19 KB)
📄 sysc_sigprocmask.stp(3.69 KB)
📄 sysc_sigreturn.stp(1.43 KB)
📄 sysc_sigsuspend.stp(4.22 KB)
📄 sysc_socket.stp(6.92 KB)
📄 sysc_socketpair.stp(7.68 KB)
📄 sysc_splice.stp(2.78 KB)
📄 sysc_ssetmask.stp(2.49 KB)
📄 sysc_stat.stp(5.91 KB)
📄 sysc_statfs.stp(3.02 KB)
📄 sysc_statfs64.stp(2.93 KB)
📄 sysc_statx.stp(3.4 KB)
📄 sysc_stime.stp(2.76 KB)
📄 sysc_swapoff.stp(2.41 KB)
📄 sysc_swapon.stp(2.6 KB)
📄 sysc_symlink.stp(2.52 KB)
📄 sysc_symlinkat.stp(3.28 KB)
📄 sysc_sync.stp(1.88 KB)
📄 sysc_sync_file_range.stp(4.76 KB)
📄 sysc_syncfs.stp(2.27 KB)
📄 sysc_sysctl.stp(2.78 KB)
📄 sysc_sysfs.stp(3.22 KB)
📄 sysc_sysinfo.stp(2.95 KB)
📄 sysc_syslog.stp(2.41 KB)
📄 sysc_tee.stp(2.3 KB)
📄 sysc_tgkill.stp(2.48 KB)
📄 sysc_time.stp(3.18 KB)
📄 sysc_timer_create.stp(4.39 KB)
📄 sysc_timer_delete.stp(2.61 KB)
📄 sysc_timer_getoverrun.stp(2.86 KB)
📄 sysc_timer_gettime.stp(4.15 KB)
📄 sysc_timer_settime.stp(5.33 KB)
📄 sysc_timerfd.stp(1.79 KB)
📄 sysc_timerfd_create.stp(2.99 KB)
📄 sysc_timerfd_gettime.stp(3.79 KB)
📄 sysc_timerfd_settime.stp(4.71 KB)
📄 sysc_times.stp(2.84 KB)
📄 sysc_tkill.stp(2.35 KB)
📄 sysc_truncate.stp(5.25 KB)
📄 sysc_tux.stp(1.04 KB)
📄 sysc_umask.stp(2.22 KB)
📄 sysc_umount.stp(4.5 KB)
📄 sysc_uname.stp(4.77 KB)
📄 sysc_unlink.stp(2.38 KB)
📄 sysc_unlinkat.stp(2.79 KB)
📄 sysc_unshare.stp(2.48 KB)
📄 sysc_uselib.stp(2.39 KB)
📄 sysc_userfaultfd.stp(2.68 KB)
📄 sysc_ustat.stp(4.77 KB)
📄 sysc_utime.stp(5.37 KB)
📄 sysc_utimensat.stp(6.16 KB)
📄 sysc_utimes.stp(5.29 KB)
📄 sysc_vfork.stp(1.98 KB)
📄 sysc_vhangup.stp(2.08 KB)
📄 sysc_vmsplice.stp(5.56 KB)
📄 sysc_wait4.stp(4.55 KB)
📄 sysc_waitid.stp(3.68 KB)
📄 sysc_waitpid.stp(3.02 KB)
📄 sysc_write.stp(3.5 KB)
📄 sysc_writev.stp(3.22 KB)
📄 syscall_any.stp(1.52 KB)
📄 syscall_table.stp(1.44 KB)
📄 syscalls.stpm(13.78 KB)
📄 syscalls_cfg_trunc.stp(111 B)
📄 target_set.stp(1.73 KB)
📄 task.stp(22.21 KB)
📄 task.stpm(253 B)
📄 task_ancestry.stp(1.58 KB)
📄 task_time.stp(7.68 KB)
📄 tcp.stp(22.11 KB)
📄 tcpmib-filter-default.stp(885 B)
📄 tcpmib.stp(10.57 KB)
📄 timestamp.stp(1.72 KB)
📄 timestamp_gtod.stp(1.59 KB)
📄 timestamp_monotonic.stp(5.46 KB)
📄 tty.stp(7.18 KB)
📄 tzinfo.stp(803 B)
📄 ucontext-symbols.stp(8.63 KB)
📄 ucontext-unwind.stp(3.64 KB)
📄 ucontext.stp(2.18 KB)
📄 udp.stp(5.95 KB)
📄 utrace.stp(1.33 KB)
📄 vfs.stp(32.43 KB)
📁 x86_64

Editing: sysc_setresgid.stp

# setresgid __________________________________________________
# long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
#

@define _SYSCALL_SETRESGID_NAME
%(
	name = "setresgid"
%)

@define _SYSCALL_SETRESGID_ARGSTR
%(
	argstr = sprintf("%d, %d, %d", rgid, egid, sgid)
%)

@define _SYSCALL_GATE
%(
    %( arch == "x86_64" %?
	// There are actually 3 x86_64 setresgid syscalls numbers (which
	// get mapped to 2 syscall functions:
	//   - __NR_setresgid which gets mapped to sys_setresgid()
	//   - __NR_ia32_setresgid32 which also gets mapped to
	//     sys_setresgid() 
	//   - __NR_ia32_setresgid which gets mapped to sys_setresgid16()
	//     (which is a wrapper around sys_setresgid())
	// So, we need to avoid sys_setresgid() calls that come from
	// sys_setresgid16().
	@__syscall_compat_gate(@const("__NR_setresgid"),
			       @const("__NR_ia32_setresgid32"))
    %:
	%( arch == "i386" %?
	    // On i386, there are 2 setresgid syscall numbers:
	    //   - __NR_setresgid which gets mapped to sys_setresgid16
	    //   - __NR_setresgid32 which gets mapped to sys_setresgid
	    // Since this gets called from a probe on sys_setresgid, we'll
	    // make sure this is really __NR_setresgid32.
	    @__syscall_nr_gate(@const("__NR_setresgid32"))
	%)
    %)
%)

@define _SYSCALL_SETRESGID_REGARGS
%(
	rgid = __int32(uint_arg(1))
	egid = __int32(uint_arg(2))
	sgid = __int32(uint_arg(3))
%)

@define _SYSCALL_SETRESGID16_REGARGS
%(
	rgid = __short(uint_arg(1))
	egid = __short(uint_arg(2))
	sgid = __short(uint_arg(3))
%)

probe syscall.setresgid = dw_syscall.setresgid !, nd_syscall.setresgid ? {}
probe syscall.setresgid.return = dw_syscall.setresgid.return !,
                                 nd_syscall.setresgid.return ? {}

# dw_setresgid _____________________________________________________

probe dw_syscall.setresgid = kernel.function("sys_setresgid").call
{
	@_SYSCALL_GATE
	@_SYSCALL_SETRESGID_NAME
	rgid = __int32($rgid)
	egid = __int32($egid)
	sgid = __int32($sgid)
	@_SYSCALL_SETRESGID_ARGSTR
}
probe dw_syscall.setresgid.return = kernel.function("sys_setresgid").return
{
	@_SYSCALL_GATE
	@_SYSCALL_SETRESGID_NAME
	@SYSC_RETVALSTR($return)
}

# nd_setresgid _____________________________________________________

probe nd_syscall.setresgid = nd1_syscall.setresgid!, nd2_syscall.setresgid!, tp_syscall.setresgid
  { }

probe nd1_syscall.setresgid = kprobe.function("sys_setresgid") ?
{
	@_SYSCALL_GATE
	@_SYSCALL_SETRESGID_NAME
	asmlinkage()
	@_SYSCALL_SETRESGID_REGARGS
	@_SYSCALL_SETRESGID_ARGSTR
}

/* kernel 4.17+ */
probe nd2_syscall.setresgid = kprobe.function(@arch_syscall_prefix "sys_setresgid") ?
{
	__set_syscall_pt_regs(pointer_arg(1))
	@_SYSCALL_SETRESGID_NAME
	@_SYSCALL_SETRESGID_REGARGS
	@_SYSCALL_SETRESGID_ARGSTR
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.setresgid = kernel.trace("sys_enter")
{
	__set_syscall_pt_regs($regs)
	@__syscall_compat_gate(@const("__NR_setresgid"), @const("__NR_compat_setresgid32"))
	@_SYSCALL_SETRESGID_NAME
	@_SYSCALL_SETRESGID_REGARGS
	@_SYSCALL_SETRESGID_ARGSTR
}

probe nd_syscall.setresgid.return = nd1_syscall.setresgid.return!, nd2_syscall.setresgid.return!, tp_syscall.setresgid.return
  { }

probe nd1_syscall.setresgid.return = kprobe.function("sys_setresgid").return ?
{
	@_SYSCALL_GATE
	@_SYSCALL_SETRESGID_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 4.17+ */
probe nd2_syscall.setresgid.return = kprobe.function(@arch_syscall_prefix "sys_setresgid").return ?
{
	@_SYSCALL_SETRESGID_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.setresgid.return = kernel.trace("sys_exit")
{
	__set_syscall_pt_regs($regs)
	@__syscall_compat_gate(@const("__NR_setresgid"), @const("__NR_compat_setresgid32"))
	@_SYSCALL_SETRESGID_NAME
	@SYSC_RETVALSTR($ret)
}

# setresgid16 ________________________________________________
#
# long sys_setresgid16(old_gid_t rgid,
#		     old_gid_t egid,
#		     old_gid_t sgid)
#

probe syscall.setresgid16 = dw_syscall.setresgid16 !, nd_syscall.setresgid16 ? {}
probe syscall.setresgid16.return = dw_syscall.setresgid16.return !,
                                   nd_syscall.setresgid16.return ? {}

# dw_setresgid16 _____________________________________________________

probe dw_syscall.setresgid16 = kernel.function("sys_setresgid16").call ?
{
	@_SYSCALL_SETRESGID_NAME
	rgid = __short($rgid)
	egid = __short($egid)
	sgid = __short($sgid)
	@_SYSCALL_SETRESGID_ARGSTR
}
probe dw_syscall.setresgid16.return = kernel.function("sys_setresgid16").return ?
{
	@_SYSCALL_SETRESGID_NAME
	@SYSC_RETVALSTR($return)
}

# nd_setresgid16 _____________________________________________________

probe nd_syscall.setresgid16 = nd1_syscall.setresgid16!, nd2_syscall.setresgid16!, tp_syscall.setresgid16
  { }

probe nd1_syscall.setresgid16 = kprobe.function("sys_setresgid16") ?
{
	@_SYSCALL_SETRESGID_NAME
	asmlinkage()
	@_SYSCALL_SETRESGID_REGARGS
	@_SYSCALL_SETRESGID_ARGSTR
}

/* kernel 4.17+ */
probe nd2_syscall.setresgid16 = kprobe.function(@arch_syscall_prefix "sys_setresgid16") ?
{
	__set_syscall_pt_regs(pointer_arg(1))
	@_SYSCALL_SETRESGID_NAME
	@_SYSCALL_SETRESGID16_REGARGS
	@_SYSCALL_SETRESGID_ARGSTR
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.setresgid16 = kernel.trace("sys_enter")
{
	__set_syscall_pt_regs($regs)
	@__compat_syscall_gate(@const("__NR_compat_setresgid"))
	@_SYSCALL_SETRESGID_NAME
	@_SYSCALL_SETRESGID16_REGARGS
	@_SYSCALL_SETRESGID_ARGSTR
}

probe nd_syscall.setresgid16.return = nd1_syscall.setresgid16.return!, nd2_syscall.setresgid16.return!, tp_syscall.setresgid16.return
  { }

probe nd1_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return ?
{
	@_SYSCALL_SETRESGID_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 4.17+ */
probe nd2_syscall.setresgid16.return =
	kprobe.function(@arch_syscall_prefix "sys_setresgid16").return ?
{
	@_SYSCALL_SETRESGID_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.setresgid16.return = kernel.trace("sys_exit")
{
	__set_syscall_pt_regs($regs)
	@__compat_syscall_gate(@const("__NR_compat_setresgid"))
	@_SYSCALL_SETRESGID_NAME
	@SYSC_RETVALSTR($ret)
}

X7ROOT File Manager

Editing: sysc_setresgid.stp

Upload File

Create Folder