/**************************************************************************
*                                                                         *
* Copyright (c) International Business Machines Corp., 2005               *
*                                                                         *
* This program is free software; you can redistribute it and/or modify    *
* it under the terms of the GNU General Public License as published by    *
* the Free Software Foundation; either version 2 of the License, or       *
* (at your option) any later version.                                     *
*                                                                         *
* This program is distributed in the hope that it will be useful, but     *
* WITHOUT ANY WARRANTY;  without even the implied warranty of             *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           *
* GNU General Public License for more details.                            *
*                                                                         *
* You should have received a copy of the GNU General Public License       *
* along with this program; if not, write to the Free Software             *
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
*                                                                         *
* Author:  Guanglei Li (guanglei@cn.ibm.com)                              *
**************************************************************************/

/* record the newly created process name */
function log_execve_extra(var:long)
%{
	long long tmp = THIS->var;	
	long tmp1=(long)tmp;
	_stp_printf("%s|", (char *)tmp1); 
%}


/* record the newly forked process id */
function log_fork_extra(var:long)
%{
	long pid = (long)THIS->var;	
	_stp_printf("%ld|", pid); 
%}


/************************************************************
* This function could be used to take a snapshot of all the *
* processes. It's not a probe, so the data format doesn't   *
* follow the format used by probe handlers                  *
************************************************************/
function process_snapshot()
%{
	struct task_struct *tsk;
	struct list_head *cur, *head;
	head = &(current->tasks);

	/* iterate all the processes, and record the pid and process
	name for each entry */
	list_for_each(cur, head) {
		tsk = (struct task_struct *)(list_entry(cur, struct task_struct, tasks));
		_stp_printf("PID:%ld|PNAME: %s\n", tsk->pid, tsk->comm);
	}
%}


probe addevent.process
	=  addevent.process.fork, addevent.process.execve
{
}

/* 
  we should capture both do_execve for 64-bit app
  and compat_do_execve for 32-bit app           
*/
probe addevent.process.execve
	=  kernel.function("*do_execve")
{
	if(filter_by_pid() == 1 ) {
		log_tracedata_common(HOOKID_PROCESS_EXECVE)
		log_execve_extra($filename)
	}
}

probe addevent.process.fork
	= kernel.function("copy_process")
{
	if(filter_by_pid() == 1 ) {
		log_tracedata_common(HOOKID_PROCESS_FORK)
		log_fork_extra($pid)
	}
}