From 8ca287a13f71bf31bc5922f8b81c671cffba9e82 Mon Sep 17 00:00:00 2001
From: Baitinq <manuelpalenzuelamerino@gmail.com>
Date: Sat, 20 Jul 2024 21:52:05 +0200
Subject: Syscalls: Write: Fix struct packing

---
 fs-tracer-ebpf/src/syscalls/open.rs  |  2 +-
 fs-tracer-ebpf/src/syscalls/write.rs | 12 +++++++++++-
 fs-tracer/src/syscall_handler.rs     |  5 ++++-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/fs-tracer-ebpf/src/syscalls/open.rs b/fs-tracer-ebpf/src/syscalls/open.rs
index 9d5280d..6e90b1a 100644
--- a/fs-tracer-ebpf/src/syscalls/open.rs
+++ b/fs-tracer-ebpf/src/syscalls/open.rs
@@ -41,7 +41,7 @@ pub fn handle_sys_open(
 unsafe fn handle_sys_open_enter(ctx: TracePointContext) -> Result<c_long, c_long> {
     //info!(&ctx, "handle_sys_open_enter start");
 
-    #[repr(C)]
+    #[repr(C)] //NOTE: This is super important
     #[derive(Clone, Copy)]
     struct OpenAtSyscallArgs {
         dfd: c_int,
diff --git a/fs-tracer-ebpf/src/syscalls/write.rs b/fs-tracer-ebpf/src/syscalls/write.rs
index b236887..951b297 100644
--- a/fs-tracer-ebpf/src/syscalls/write.rs
+++ b/fs-tracer-ebpf/src/syscalls/write.rs
@@ -20,6 +20,7 @@ pub fn handle_sys_write(
 
 unsafe fn handle_sys_write_enter(ctx: TracePointContext) -> Result<c_long, c_long> {
     // info!(&ctx, "handle_sys_write start");
+    #[repr(C)]
     #[derive(Clone, Copy)]
     struct WriteSyscallArgs {
         fd: c_int,
@@ -39,7 +40,16 @@ unsafe fn handle_sys_write_enter(ctx: TracePointContext) -> Result<c_long, c_lon
 
     let mut anotherbuf = [0u8; 96];
     let _ = bpf_probe_read_kernel_str_bytes(buf_ref.as_ptr(), &mut anotherbuf);
-    // info!(&ctx, "handle_sys_write fd: {} pid: {}", args.fd, ctx.pid());
+    info!(
+        &ctx,
+        "handle_sys_write fd: {} pid: {} count: {}",
+        args.fd,
+        ctx.pid(),
+        args.count
+    );
+    info!(&ctx, "buf: {}", unsafe {
+        str::from_utf8_unchecked(buf_ref)
+    });
 
     let tgid: u32 = ctx.tgid();
     let _ = SYSCALL_ENTERS.insert(
diff --git a/fs-tracer/src/syscall_handler.rs b/fs-tracer/src/syscall_handler.rs
index a6ca102..ef1d42f 100644
--- a/fs-tracer/src/syscall_handler.rs
+++ b/fs-tracer/src/syscall_handler.rs
@@ -29,7 +29,10 @@ impl SyscallHandler {
     fn handle_write(&self, write_syscall: WriteSyscallBPF) -> Result<(), ()> {
         let filename = match self.open_files.get(&write_syscall.fd) {
             None => {
-                println!("DIDNT FIND AN OPEN FILE FOR THE WRITE SYSCALL");
+                println!(
+                    "DIDNT FIND AN OPEN FILE FOR THE WRITE SYSCALL (fd: {}, ret: {})",
+                    write_syscall.fd, write_syscall.ret
+                );
                 return Ok(());
             }
             Some(str) => str,
-- 
cgit 1.4.1