add example and support unsigned i64

2025-12-31 21:06:25 +00:00 · 2025-11-01 08:13:22 +05:30
parent c3fc790c71
commit 85a62d6cd8
4 changed files with 118 additions and 7 deletions
--- a/tests/passing_tests/vmlinux/register_state_dump.py
+++ b/tests/passing_tests/vmlinux/register_state_dump.py
@ -0,0 +1,53 @@
+from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe
+from pythonbpf import compile  # noqa: F401
+from vmlinux import struct_pt_regs
+from ctypes import c_int64, c_int32, c_void_p  # noqa: F401
+
+
+@bpf
+@section("kprobe/do_unlinkat")
+def kprobe_execve(ctx: struct_pt_regs) -> c_int64:
+    r15 = ctx.r15
+    r14 = ctx.r14
+    r13 = ctx.r13
+    r12 = ctx.r12
+    bp = ctx.bp
+    bx = ctx.bx
+    r11 = ctx.r11
+    r10 = ctx.r10
+    r9 = ctx.r9
+    r8 = ctx.r8
+    ax = ctx.ax
+    cx = ctx.cx
+    dx = ctx.dx
+    si = ctx.si
+    di = ctx.di
+    orig_ax = ctx.orig_ax
+    ip = ctx.ip
+    cs = ctx.cs
+    flags = ctx.flags
+    sp = ctx.sp
+    ss = ctx.ss
+
+    print(f"r15={r15} r14={r14} r13={r13}")
+    print(f"r12={r12} rbp={bp} rbx={bx}")
+    print(f"r11={r11} r10={r10} r9={r9}")
+    print(f"r8={r8} rax={ax} rcx={cx}")
+    print(f"rdx={dx} rsi={si} rdi={di}")
+    print(f"orig_rax={orig_ax} rip={ip} cs={cs}")
+    print(f"eflags={flags} rsp={sp} ss={ss}")
+
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+b = BPF()
+b.load()
+b.attach_all()
+
+trace_pipe()
--- a/tests/passing_tests/vmlinux/struct_field_access.py
+++ b/tests/passing_tests/vmlinux/struct_field_access.py
@ -0,0 +1,29 @@
+import logging
+
+from pythonbpf import bpf, section, bpfglobal, compile_to_ir
+from pythonbpf import compile  # noqa: F401
+from vmlinux import TASK_COMM_LEN  # noqa: F401
+from vmlinux import struct_trace_event_raw_sys_enter  # noqa: F401
+from ctypes import c_int64, c_int32, c_void_p  # noqa: F401
+
+
+# from vmlinux import struct_uinput_device
+# from vmlinux import struct_blk_integrity_iter
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: struct_trace_event_raw_sys_enter) -> c_int64:
+    b = ctx.id
+    print(f"This is context field {b}")
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("struct_field_access.py", "struct_field_access.ll", loglevel=logging.INFO)
+compile()