使用bpftrace uprobe查看变量值

root@VM-20-5-ubuntu:~/bpftrace-developing# bpftrace -e 'uprobe:/bin/bash:readline { printf("PS1: %s\n", str(*uaddr("ps1_prompt"))); }'
Attaching 1 probe...
PS1: 

root@VM-20-5-ubuntu:~/bpftrace-developing# bpftrace  --include linux/sched.h -e 'uprobe:/bin/bash:readline { printf("PS1: %s\n", str(*(curtask->mm->mmap->vm_start + uaddr("ps1_prompt")))); }'
Attaching 1 probe...
PS1: \[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\

参考资料

uaddr(), usym(), ustack to support PIE ASLR · Issue #75 · iovisor/bpftrace · GitHub

标签：prompt,bpftrace,变量值,probe,uaddr,PS1,uprobe
来源： https://blog.csdn.net/thesre/article/details/122810116