Hi all,<br>I'm probing sys_write system call using system tap to get modified file name along with UID.<br>Here is code snippet.<br><br>probe kernel.function ("vfs_write")<br>{<br> <br> filename = user_string($file->f_dentry->d_name->name) // for 2.6.18 kernel.<br>
printf ("%d %s\n",uid,filename)<br>}<br>I got sample program to get inode number as below<br>inode_nr = $file->f_path->dentry->d_inode->i_ino . This I changed to get file name, I'm getting file name as empty.<br>
<br>With above program i'm getting file name as unknown.<br>My question is does above code snippet is correct to get file name ? If not could somebody please let me know the correct implementation.<br><br>