0

我正在尝试在密件抄送程序中通过 pid 获取 task_struct,我使用find_task_by_vpid但它得到一个错误:

bpf: Failed to load program: Invalid argument
jump out of range from insn 17 to 19
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

Traceback (most recent call last):
  File "./fork.py", line 39, in <module>
    b.attach_uretprobe(name="c", sym="fork", fn_name="do_trace")
  File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 1186, in attach_uretprobe
    fn = self.load_func(fn_name, BPF.KPROBE)
  File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 412, in load_func
    raise Exception("Failed to load BPF program %s: %s" %

这是我的代码:

bpf_text = """
    # include <linux/sched.h>
    # include <linux/pid.h>

    struct data_t{
        u32 pid;
        u32 tgid;
        u32 ret ;
        u32 task_pid;
        char comm[TASK_COMM_LEN] ;
    };

    BPF_PERF_OUTPUT(events) ;
    int do_trace(struct pt_regs *ctx) {
        struct data_t data={} ;
        struct task_struct *task ;
        pid_t nr;
        nr  = PT_REGS_RC(ctx) ;
        data.ret = nr; 
        if(nr!=0){
            task = find_task_by_vpid(nr);
            //data.task_pid = task->pid;  
        }
        bpf_get_current_comm(&data.comm,sizeof(data.comm));
        events.perf_submit(ctx,&data,sizeof(data));
    };

"""

谁能告诉我如何解决问题或找到另一种获取 task_struct 的方法?

4

0 回答 0