kernel/bpf-developer-tutorial
1
0
Fork 0
mirror of https://github.com/eunomia-bpf/bpf-developer-tutorial.git synced 2026-02-08 04:44:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

Translate

Browse Source
This commit is contained in:
yunwei37
2025-10-03 16:12:56 -07:00
parent 445722e8a3
commit 91120e612e
2 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/7-execsnoop/README.md
View File

@@ -76,7 +76,7 @@ This code defines an eBPF program for capturing the entry of the `execve` system
In the entry program, we first obtain the process ID and user ID of the current process, then use the `bpf_get_current_task` function to obtain the `task_struct` structure of the current process, and use the `bpf_probe_read_str` function to read the process name. Finally, we use the `bpf_perf_event_output` function to output the process execution event to the perf buffer.
With this code, we can capture process execution events in the Linux kernel and analyze the process execution conditions.Instructions: Translate the following Chinese text to English while maintaining the original formatting:
With this code, we can capture process execution events in the Linux kernel and analyze the process execution conditions.
We use eunomia-bpf to compile and execute this example. You can refer to the following link to download and install the ecc compilation toolchain and ecli runtime: [https://github.com/eunomia-bpf/eunomia-bpf](https://github.com/eunomia-bpf/eunomia-bpf).