#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/kprobes.h>

MODULE_LICENSE("GPL");

static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs) {
    long retval = regs->ax;  // On 32-bit, 'ax' is correct
    printk(KERN_INFO "getdents64 returned: %ld", retval);

    // You can extend logic here—filter, redirect, whatever
    return 0;
}

static struct kretprobe rp = {
    .kp.symbol_name = "sys_getdents64",  // or SyS_getdents64 if preferred
    .handler = ret_handler,
    .maxactive = 20,
};

static int __init kret_init(void) {
    int ret = register_kretprobe(&rp);
    if (ret < 0) {
        printk(KERN_ERR "Failed to register kretprobe: %d\n", ret);
        return ret;
    }
    printk(KERN_INFO "kretprobe registered for sys_getdents64\n");
    return 0;
}

static void __exit kret_exit(void) {
    unregister_kretprobe(&rp);
    printk(KERN_INFO "kretprobe unregistered\n");
}

module_init(kret_init);
module_exit(kret_exit);