copy registers to trace

Signed-off-by: Afek Berger <afekb@armosec.io>
kubescape · Jan 6, 2025 · 5a9f361 · 5a9f361
1 parent c0a99eb
commit 5a9f361
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 4 deletions.
diff --git a/support/ebpf/interpreter_dispatcher.ebpf.c b/support/ebpf/interpreter_dispatcher.ebpf.c
@@ -128,7 +128,6 @@ bpf_map_def SEC("maps") apm_int_procs = {
 static inline void copy_pt_regs(struct pt_regs *dest, const struct pt_regs *src) {
 #if defined(__x86_64__)
     __builtin_memcpy(dest, src, sizeof(struct pt_regs));
-    DEBUG_PRINT("Copied pt_regs amd");
 #elif defined(__aarch64__)
     #pragma unroll
     for (int i = 0; i < 31; i++) {
@@ -137,9 +136,7 @@ static inline void copy_pt_regs(struct pt_regs *dest, const struct pt_regs *src)
     dest->sp = src->sp;       // Stack pointer
     dest->pc = src->pc;       // Program counter
     dest->pstate = src->pstate; // Processor state
-    DEBUG_PRINT("Copied pt_regs arch");
 #endif
-DEBUG_PRINT("pppppppppppppppppppppppppppppp nothing");
 }
 
 static inline __attribute__((__always_inline__))
@@ -254,8 +251,9 @@ int unwind_stop(struct pt_regs *ctx) {
 
   struct pt_regs regs = {0}; 
   copy_pt_regs(&regs, ctx);
+  trace->registers = regs;
   send_trace(ctx, trace);
-
+  
   return 0;
 }
 MULTI_USE_FUNC(unwind_stop)

diff --git a/support/ebpf/tracer.ebpf.release.amd64 b/support/ebpf/tracer.ebpf.release.amd64
diff --git a/support/ebpf/tracer.ebpf.release.arm64 b/support/ebpf/tracer.ebpf.release.arm64