From be6d4e8ffc722bf0d36c5b01ff46f817539a1525 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Wed, 20 May 2026 23:42:12 +0300
Subject: task-47: add KindExec for execve paths

---
 internal/generate/bpfhandler.go | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'internal/generate/bpfhandler.go')

diff --git a/internal/generate/bpfhandler.go b/internal/generate/bpfhandler.go
index b166725..5489d88 100644
--- a/internal/generate/bpfhandler.go
+++ b/internal/generate/bpfhandler.go
@@ -111,6 +111,8 @@ func generateExtra(tp GeneratedTracepoint, isEnter bool) string {
 		return generateExtraOpen(f)
 	case KindMqOpen:
 		return generateExtraMqOpen(f)
+	case KindExec:
+		return generateExtraExec(f)
 	case KindPathname:
 		return generateExtraPathname(tp, f)
 	case KindName:
@@ -146,6 +148,30 @@ func generateExtraMqOpen(f *Format) string {
 	return generateExtraOpenWithFields(f, "u_name", "oflag")
 }
 
+func generateExtraExec(f *Format) string {
+	filenameIdx := f.FieldNumber("filename")
+	dirfdIdx := f.FieldNumber("dfd")
+	flagsIdx := f.FieldNumber("flags")
+	if filenameIdx < 0 {
+		filenameIdx = 0
+	}
+	var b strings.Builder
+	b.WriteString("    __builtin_memset(&(ev->filename), 0, sizeof(ev->filename) + sizeof(ev->comm));\n")
+	fmt.Fprintf(&b, "    bpf_probe_read_user_str(ev->filename, sizeof(ev->filename), (void *)ctx->args[%d]);\n", filenameIdx)
+	b.WriteString("    bpf_get_current_comm(&ev->comm, sizeof(ev->comm));\n")
+	if dirfdIdx > -1 {
+		fmt.Fprintf(&b, "    ev->dirfd = (__s32)ctx->args[%d];\n", dirfdIdx)
+	} else {
+		b.WriteString("    ev->dirfd = -1;\n")
+	}
+	if flagsIdx > -1 {
+		fmt.Fprintf(&b, "    ev->flags = (__s32)ctx->args[%d];\n", flagsIdx)
+	} else {
+		b.WriteString("    ev->flags = 0;\n")
+	}
+	return b.String()
+}
+
 func generateExtraOpenWithFields(f *Format, pathnameField, flagsField string) string {
 	filenameIdx := f.FieldNumber(pathnameField)
 	flagsIdx := f.FieldNumber(flagsField)
-- 
cgit v1.2.3