'how to read all parameters from a function - ebpf

So I have these macros

#define PT_REGS_PARM1(x) ((x)->di)
#define PT_REGS_PARM2(x) ((x)->si)
#define PT_REGS_PARM3(x) ((x)->dx)
#define PT_REGS_PARM4(x) ((x)->cx)
#define PT_REGS_PARM5(x) ((x)->r8)
#define PT_REGS_RET(x) ((x)->sp)
#define PT_REGS_FP(x) ((x)->bp)
#define PT_REGS_RC(x) ((x)->ax)
#define PT_REGS_SP(x) ((x)->sp)
#define PT_REGS_IP(x) ((x)->ip)

But the above does not say how to get specific parameter from function say `__sys_write

consider sys_write as

 long sys_write(unsigned int fd, const char __user *buf,
              size_t count);

so I need buffer, I have been trying different macros but not really sure which one giving me what?

So can anyone please clearify it

If will also read buffer if I am reading buffer then count needed too so my ebpf program get loaded and not give out of bounds access error. can anyone tell

cebpf


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

hex code implementation for spawning a shell

hex code implementation for spawning a shell

hex code implementation for spawning a shell

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

How to hide helper functions from public API in c

VS Code C Error - Invalid Active Developer Path

In C is it faster to use the standard library or write your own function?

Finding consecutive bit string of 1 or 0

What is the simplest way of implementing bigint in C?