diff options
| -rw-r--r-- | elymas/ptracePerf/perf.ey | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/elymas/ptracePerf/perf.ey b/elymas/ptracePerf/perf.ey new file mode 100644 index 0000000..a1c6078 --- /dev/null +++ b/elymas/ptracePerf/perf.ey @@ -0,0 +1,13 @@ +22948 ==:pid + +{ 1 } { + pid sys .linux .ptrace .attach -- + pid 0 sys .linux .waitpid -- + pid sys .linux .ptrace .peekUser .rip -- ==rip + # pid rip sys .linux .ptrace .peek -- ==instr + pid sys .linux .ptrace .detach -- + + rip dump +} loop + +# vim: syn=elymas |