1 #include <linux/ptrace.h> 2 #include <linux/version.h> 3 #include <uapi/linux/bpf.h> 4 #include "bpf_helpers.h" 5 6 struct bpf_map_def SEC("maps") my_map = { 7 .type = BPF_MAP_TYPE_PERF_EVENT_ARRAY, 8 .key_size = sizeof(int), 9 .value_size = sizeof(u32), 10 .max_entries = 2, 11 }; 12 13 SEC("kprobe/sys_write") bpf_prog1(struct pt_regs * ctx)14int bpf_prog1(struct pt_regs *ctx) 15 { 16 struct S { 17 u64 pid; 18 u64 cookie; 19 } data; 20 21 data.pid = bpf_get_current_pid_tgid(); 22 data.cookie = 0x12345678; 23 24 bpf_perf_event_output(ctx, &my_map, 0, &data, sizeof(data)); 25 26 return 0; 27 } 28 29 char _license[] SEC("license") = "GPL"; 30 u32 _version SEC("version") = LINUX_VERSION_CODE; 31