make execsnoop optional as module

2026-02-09 21:14:57 +08:00 · 2020-05-25 13:49:40 +08:00
parent 1c72a204a1
commit 076651b984
9 changed files with 63 additions and 51 deletions
--- a/src/execsnoop.cpp
+++ b/src/execsnoop.cpp
@@ -6,9 +6,10 @@
 #include <iostream>
 #include <string>
 #include <unistd.h>
+#include "execsnoop.h"
 using namespace std;

-namespace CGPROXY::EXESNOOP {
+namespace CGPROXY::EXECSNOOP {

 const string BPF_PROGRAM = R"(
 #include <linux/fs.h>
@@ -89,4 +90,16 @@ int execsnoop() {
  return 0;
 }

-} // namespace CGPROXY::EXESNOOP
+void *startThread(void *arg) {
+  thread_arg *p = (thread_arg *)arg;
+  callback = p->handle_pid;
+  execsnoop();
+  return (void *)0;
+}
+
+
+} // namespace CGPROXY::EXESNOOP
+
+extern "C" void *_startThread(void *arg) {
+  return CGPROXY::EXECSNOOP::startThread(arg);
+}