SysinternalsEBPF

SysinternalsEBPF copied to clipboard

Unconditional printing to stderr

1

https://github.com/Sysinternals/SysinternalsEBPF/blob/b9035cf7780c9c733f4be06ff29f7b4fc447b395/telemetryLoader.c#L1426 The library unconditionally prints to `stderr`, which can be problematic for consumption. If you have a TUI for instance, this can corrupt the TUI output if the user doesn't...

josalem

telemetryStart should have a stop mechanism other than signals

1

Currently, `teletryStart` is a fully blocking call. There appears to be no way to stop tracing without sending a signal that would cause `perf_buffer__poll` to return `Start->Stop->Fini pattern would be...

josalem

Build errors concerning discoverOffsets.c

3

Trying to build SysinternalseBPF I get the following errors: ``` [ 21%] Building C object CMakeFiles/sysinternalsEBPF.dir/discoverOffsets.c.o /path/to/SysinternalsEBPF/discoverOffsets.c: In function ‘memDumpEventCb’: /path/to/SysinternalsEBPF/discoverOffsets.c:141:29: error: cast from pointer to integer of different size...

helix-loop

Modify the eBPF programlet compilation to add `-fno-stack-protector` similar to https://github.com/Sysinternals/SysmonForLinux/pull/42 Additionally, the compiler warnings identified two calls to `labs(...)` that would always evaluate to `true` due to them operating...

ckane

Create Github Action to build on pull request

1

Create Github Action to build on pull request

moshekaplan

Is RHEL7 supported?

7

While RHEL7 rpm is posted, has anyone installed it successfully? RHEL7 bundles glibc 2.17 therefore dependencies check will fail. ``` $ rpm -Uvh sysinternalsebpf-1.0.0-1.x86_64.rpm error: Failed dependencies: libc.so.6(GLIBC_2.22)(64bit) is needed...

aka0

MarioHewardt

I cannot build getOffsets, I'm running the 6.7.2-hardened1-1-hardened kernel on Archlinux. Steps to reproduce; - `cd getOffsets` - `sudo make` I'm getting the following error: ``` make CFLAGS_MODULE="-DKERN_MAJ=6 -DKERN_MIN=7" -C...

jordischoots

Hi! I noticed EBPF doesn't correctly check the permission whether the user has root privilege or not. Instead, it relies on other functions' errors. (E.g. In `libsysinternalsEBPFinstaller.c` at line 279,...

rilysh

"sysinternalsebpg.prerm: 4: [: remove: unexpected operator" error when uninstalling sysinternalsebpf

1

Apt is throwing an error when uninstalling ebpf on Ubuntu 22.04 and does not seem to be running libsysinternalsEBPFinstaller -u or ldconfig ```Reading package lists... Done Building dependency tree... Done...

adriankaylor