more bpftrace prOGROMs

author: grothedev <grothedev@gmail.com> 2025-03-20 22:24:06 -0500
committer: grothedev <grothedev@gmail.com> 2025-03-20 22:24:06 -0500
commit: 63ee981b6b6f81cdd7bbad31a938b52e401c1548 (patch)
tree: c4a83217f3fb322b9361d7fcdddd969a29fa20b6
parent: 221e6f10eb345caa079014c48340d713ad05d9d7 (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/bpftrace-execve b/bpftrace-execve
new file mode 100644
index 0000000..983aa76
--- /dev/null
+++ b/bpftrace-execve
@@ -0,0 +1 @@
+sudo bpftrace -e 'tracepoint:syscalls:sys_enter_execve { printf("PID: %d, UID: %d, CMD: %s, TIME: %u, FILE: %s\n", pid,  uid, comm, nsecs, str(args->filename)); }'
diff --git a/bpftrace-execve-2args b/bpftrace-execve-2args
new file mode 100644
index 0000000..aa6d3b8
--- /dev/null
+++ b/bpftrace-execve-2args
@@ -0,0 +1 @@
+sudo bpftrace -e 'tracepoint:syscalls:sys_enter_execve { printf("PID: %d, UID: %d, CMD: %s, TIME: %u, FILE: %s, ARGS: %s %s\n", pid,  uid, comm, nsecs, str(args->filename), str(args->argv[1]), str(args->argv[2]) ); }'
author	grothedev <grothedev@gmail.com>	2025-03-20 22:24:06 -0500
committer	grothedev <grothedev@gmail.com>	2025-03-20 22:24:06 -0500
commit	63ee981b6b6f81cdd7bbad31a938b52e401c1548 (patch)
tree	c4a83217f3fb322b9361d7fcdddd969a29fa20b6
parent	221e6f10eb345caa079014c48340d713ad05d9d7 (diff)