One Hat Cyber Team

Your IP : 216.73.216.115

Server IP : 194.44.31.54

Server : Linux zen.imath.kiev.ua 4.18.0-553.77.1.el8_10.x86_64 #1 SMP Fri Oct 3 14:30:23 UTC 2025 x86_64

Server Software : Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k

PHP Version : 5.6.40

Buat File | Buat Folder

Dir : ~/usr/share/systemtap/tapset/linux/

Edit File: sysc_reboot.stp

# reboot _____________________________________________________
#
# long sys_reboot(int magic1,
#		int magic2,
#		unsigned int cmd,
#		void __user * arg)
#

@define _SYSCALL_REBOOT_NAME
%(
	name = "reboot"
%)

@define _SYSCALL_REBOOT_ARGSTR
%(
	argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, flag_str, arg_uaddr)
%)

@define _SYSCALL_REBOOT_REGARGS
%(
	magic = int_arg(1)
	magic_str = _reboot_magic_str(magic)
	magic2 = int_arg(2)
	magic2_str =_reboot_magic_str(magic2)
	flag = uint_arg(3)
	flag_str =  _reboot_flag_str(flag)
	arg_uaddr = pointer_arg(4)
%)

@define _SYSCALL_REBOOT_REGARGS_STORE
%(
        if (@probewrite(magic))
          set_int_arg(1, magic)

if (@probewrite(magic2))
	  set_int_arg(2, magic2)

if (@probewrite(flag))
	  set_uint_arg(3, flag)

if (@probewrite(arg_uaddr))
	  set_pointer_arg(4, arg_uaddr)
%)

probe syscall.reboot = dw_syscall.reboot !, nd_syscall.reboot ? {}
probe syscall.reboot.return = dw_syscall.reboot.return !,
                              nd_syscall.reboot.return ? {}

# dw_reboot _____________________________________________________

probe dw_syscall.reboot = kernel.function("sys_reboot").call
{
	@_SYSCALL_REBOOT_NAME
	magic = __int32($magic1)
	magic_str = _reboot_magic_str(__int32($magic1))
	magic2 = __int32($magic2)
	magic2_str =_reboot_magic_str(__int32($magic2))
	flag = __uint32($cmd)
	flag_str =  _reboot_flag_str(__uint32($cmd))
	arg_uaddr = $arg
	@_SYSCALL_REBOOT_ARGSTR
}
probe dw_syscall.reboot.return = kernel.function("sys_reboot").return
{
	@_SYSCALL_REBOOT_NAME
	@SYSC_RETVALSTR($return)
}

# nd_reboot _____________________________________________________

probe nd_syscall.reboot = nd1_syscall.reboot!, nd2_syscall.reboot!, tp_syscall.reboot
  { }

probe nd1_syscall.reboot = kprobe.function("sys_reboot") ?
{
	@_SYSCALL_REBOOT_NAME
	asmlinkage()
	@_SYSCALL_REBOOT_REGARGS
	@_SYSCALL_REBOOT_ARGSTR
}

/* kernel 4.17+ */
probe nd2_syscall.reboot = kprobe.function(@arch_syscall_prefix "sys_reboot") ?
{
	__set_syscall_pt_regs(pointer_arg(1))
	@_SYSCALL_REBOOT_NAME
	@_SYSCALL_REBOOT_REGARGS
	@_SYSCALL_REBOOT_ARGSTR
},
{
        %( @_IS_SREG_KERNEL %? @_SYSCALL_REBOOT_REGARGS_STORE %)
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.reboot = kernel.trace("sys_enter")
{
	__set_syscall_pt_regs($regs)
	@__syscall_compat_gate(@const("__NR_reboot"), @const("__NR_compat_reboot"))
	@_SYSCALL_REBOOT_NAME
	@_SYSCALL_REBOOT_REGARGS
	@_SYSCALL_REBOOT_ARGSTR
},
{
        %( @_IS_SREG_KERNEL %? @_SYSCALL_REBOOT_REGARGS_STORE %)
}

probe nd_syscall.reboot.return = nd1_syscall.reboot.return!, nd2_syscall.reboot.return!, tp_syscall.reboot.return
  { }
  
probe nd1_syscall.reboot.return = kprobe.function("sys_reboot").return ?
{
	@_SYSCALL_REBOOT_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 4.17+ */
probe nd2_syscall.reboot.return = kprobe.function(@arch_syscall_prefix "sys_reboot").return ?
{
	@_SYSCALL_REBOOT_NAME
	@SYSC_RETVALSTR(returnval())
}
 
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.reboot.return = kernel.trace("sys_exit")
{
	__set_syscall_pt_regs($regs)
	@__syscall_compat_gate(@const("__NR_reboot"), @const("__NR_compat_reboot"))
	@_SYSCALL_REBOOT_NAME
	@SYSC_RETVALSTR($ret)
}