GIF89a; EcchiShell v1.0
//proc/self/root/usr/share/systemtap/sighand->action[(int)STAP_ARG_sig]; %} function get_task_info:string (task:long) %{ char pid[10]; /* just to realign the header properly */ struct task_struct *p = (struct task_struct *)((long)STAP_ARG_task); if (!p) strlcpy(STAP_RETVALUE, "NULL", MAXSTRINGLEN); else { sprintf(pid, "%d:", p->pid); snprintf(STAP_RETVALUE, MAXSTRINGLEN, "%-8s %s", pid, p->comm); } %} function translate_mask:string (mask:string) { str = signal_str(strtol(tokenize(mask, ","), 10)) while (1) { sig = signal_str(strtol(tokenize("", ","), 10)) if (strlen(sig) == 0) break; str = str . "," . sig } return str; } /* * if sa_flags is 0, then return 0. If not, return the interpreted sa_flags. */ function sa_flags_str2:string (sa_flags:string) %{ if (strlen(STAP_ARG_sa_flags) == 0) strcpy(STAP_ARG_sa_flags, "0"); strlcpy (STAP_RETVALUE, STAP_ARG_sa_flags, MAXSTRINGLEN); %} probe begin { %( $# < 1 %? pid = target() %: pid = $1 %) # if (pid == 0) error ("Please provide valid target process-id as $1 or -x PID"); task = pid2task(pid) assert(task, "pid2task: process not found. exiting.\n") task_info = get_task_info(task) assert(!isinstr(task_info, "NULL"), "get_task_info: invalid task_struct. exiting.\n") printf("%s\n", task_info) for (i = 0; i < _NSIG; ++i) { handler_status = "" act = get_k_sigaction(task, i) assert(act, "get_k_sigaction: invalid k_sigaction pointer. exiting.\n") sig = signal_str(i+1) handler = sa_handler_str(get_sa_handler(act)) # XXX: convert hex pointer via usymdata() to useful function if (! (isinstr(handler, "default") || isinstr(handler, "ignored"))) { blocked = is_sig_blocked(task, i+1) if (blocked) handler_status = "blocked," handler_status = handler_status . "caught" } else handler_status = handler flags = sa_flags_str2(sa_flags_str(get_sa_flags(act))) mask = sigset_mask_str(get_sigaction_mask(act)) printf("%-8s %-8s ", sig, handler_status); if (isinstr(handler_status, "caught")) printf("%s %s %s\n", handler, flags, translate_mask(mask)) else printf("\n") } exit() }