How to get function param in kretprobe bpf program?

Home Messages Hashtags Subgroups

Forrest Chen #1884 When using kprobe in bcc, I can get param directly like `*int kprobe__tcp_set_state(struct pt_regs ctx, struct sock sk, int state)` But it seems not to work in kretprobe, I've found that I can get first param by using `struct sock sk = (void*)ctx->bx` but I can't get the second param through `ctx->cx`. Am I get the wrong register? I'm in x86-64
More All Messages By This Member

Join iovisor-dev@lists.iovisor.org to automatically receive all group messages.