Skip to content

chdir

Intro

chdir - Change the current working directory

Description

The chdir syscall allows the user to set the current working directory and affects the behavior of subsequent path-related syscals. The argument provided is a const char pointer, which points to the directory to which the working directory should be set. If a path is specified that does not exist or is not accessible, a -1 error code is returned

Arguments

  • path:const char* - Pointer to a C-style string that holds the path of the directory to be set as the current working directory

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_chdir

Type

Kprobe

Purpose

To monitor and measure execution of the chdir syscall

Example Use Case

In some situation, it is useful to monitor chdir syscall invocations and to get various stats regarding their execution. One example of a situation that could benefit from this is separate attempts to change the working directory in a program. This data can be used to better understand the program's behavior or to detect any suspicious activity.

Issues

None.

  • execve - Execute program

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.