#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/kprobes.h>
MODULE_LICENSE("GPL");
static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs) {
long retval = regs->ax; // On 32-bit, 'ax' is correct
printk(KERN_INFO "getdents64 returned: %ld", retval);
// You can extend logic here—filter, redirect, whatever
return 0;
}
static struct kretprobe rp = {
.kp.symbol_name = "sys_getdents64", // or SyS_getdents64 if preferred
.handler = ret_handler,
.maxactive = 20,
};
static int __init kret_init(void) {
int ret = register_kretprobe(&rp);
if (ret < 0) {
printk(KERN_ERR "Failed to register kretprobe: %d\n", ret);
return ret;
}
printk(KERN_INFO "kretprobe registered for sys_getdents64\n");
return 0;
}
static void __exit kret_exit(void) {
unregister_kretprobe(&rp);
printk(KERN_INFO "kretprobe unregistered\n");
}
module_init(kret_init);
module_exit(kret_exit);
{"html5":"htmlmixed","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"text\/x-lua","bash":"text\/x-sh","go":"text\/x-go","c":"text\/x-csrc","cpp":"text\/x-c++src","diff":"diff","latex":"stex","sql":"mysql","xml":"xml","c_loadrunner":"text\/x-csrc","c_mac":"text\/x-csrc","coffeescript":"text\/x-coffeescript","csharp":"text\/x-csharp","ecmascript":"javascript","groovy":"text\/x-groovy","haskell":"text\/x-haskell","html4strict":"htmlmixed","java":"text\/x-java","java5":"text\/x-java","jquery":"javascript","mysql":"mysql","pascal":"text\/x-pascal","perl":"perl","perl6":"perl","plsql":"plsql","properties":"text\/x-properties","scheme":"text\/x-scheme","vb":"text\/vbscript","vbnet":"text\/vbscript","verilog":"text\/x-verilog","yaml":"text\/x-yaml"}