b1tg
commented
2 years ago 
Open b1tg opened 2 years ago
b1tg
commented
2 years ago
b1tg
commented
2 years ago https://feisky.xyz/posts/2021-01-27-ebpf-hello/ 介绍
https://github.com/iovisor/bpftrace/blob/master/docs/tutorial_one_liners.md 官方教程
尝试这个技术的目的是 /tmp 目录下有一堆未知文件,想找到是谁创建的,用 bpftrace 一行就可搞定。
sudo bpftrace -e 'tracepoint:syscalls:sys_enter_mkdir { printf("name: %s, pid: %d, pathname: %s\n", comm, pid, str(args->pathname)); }'