varun-r-mallya/python-bpf
1
0
Fork 0
mirror of https://github.com/varun-r-mallya/Python-BPF.git synced 2025-12-31 21:06:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add execve3.py example

Browse Source
This commit is contained in:
Pragyansh Chaturvedi
2025-09-09 02:59:01 +05:30
parent ff7663803d
commit 8428516f13
1 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
examples/execve3.py Normal file
View File

@ -0,0 +1,40 @@
from pythonbpf.decorators import bpf, map, section, bpfglobal
from ctypes import c_void_p, c_int64, c_int32, c_uint64
from pythonbpf.helpers import bpf_ktime_get_ns
from pythonbpf.maps import HashMap
@bpf
@map
def last() -> HashMap:
return HashMap(key_type=c_uint64, value_type=c_uint64, max_entries=1)
@bpf
@section("tracepoint/syscalls/sys_enter_execve")
def hello(ctx: c_void_p) -> c_int32:
print("entered")
print("multi constant support")
return c_int32(0)
@bpf
@section("tracepoint/syscalls/sys_exit_execve")
def hello_again(ctx: c_void_p) -> c_int64:
print("exited")
key = 0
tsp = last().lookup(key)
if tsp:
delta = (bpf_ktime_get_ns() - tsp.value)
if delta < 1000000000:
print("execve called within last second")
last().delete(key)
ts = bpf_ktime_get_ns()
last().update(key, ts)
return c_int64(0)
@bpf
@bpfglobal
def LICENSE() -> str:
return "GPL"