在这个例子中
Using the trace multi-tool to watch login requests, by instrumenting the pam library:
# trace 'pam:pam_start "%s: %s", arg1, arg2'
TIME PID COMM FUNC -
17:49:45 5558 sshd pam_start sshd: root
17:49:47 5662 sudo pam_start sudo: root
17:49:49 5727 login pam_start login: bgregg
Many tools have usage messages (-h), and all should have man pages and text files of example output in the bcc project.
因为trace可以探测用户级和内核级的函数活动(如下图),但是教程非常有限!!!
任何人都可以提供黑客用户级程序代码的分步教程,就像这篇文章中的问题一样?
目标:我想探测功能minor_collection_begin