fix uprobe examples to read correct argument

diff --git a/examples/tracing/strlen_count.py b/examples/tracing/strlen_count.py
index dfc98d3..7d2db89 100755 (executable)
--- a/examples/tracing/strlen_count.py
+++ b/examples/tracing/strlen_count.py
@@ -24,13 +24,13 @@ struct key_t {
 BPF_HASH(counts, struct key_t);
 
 int count(struct pt_regs *ctx) {
-    if (!PT_REGS_PARM2(ctx))
+    if (!PT_REGS_PARM1(ctx))
         return 0;
 
     struct key_t key = {};
     u64 zero = 0, *val;
 
-    bpf_probe_read(&key.c, sizeof(key.c), (void *)PT_REGS_PARM2(ctx));
+    bpf_probe_read(&key.c, sizeof(key.c), (void *)PT_REGS_PARM1(ctx));
     val = counts.lookup_or_init(&key, &zero);
     (*val)++;
     return 0;

diff --git a/examples/tracing/strlen_snoop.py b/examples/tracing/strlen_snoop.py
index 9ee058a..c3c7199 100755 (executable)
--- a/examples/tracing/strlen_snoop.py
+++ b/examples/tracing/strlen_snoop.py
@@ -26,7 +26,7 @@ pid = sys.argv[1]
 bpf_text = """
 #include <uapi/linux/ptrace.h>
 int printarg(struct pt_regs *ctx) {
-    if (!PT_REGS_PARM2(ctx))
+    if (!PT_REGS_PARM1(ctx))
         return 0;
 
     u32 pid = bpf_get_current_pid_tgid();
@@ -34,7 +34,7 @@ int printarg(struct pt_regs *ctx) {
         return 0;
 
     char str[80] = {};
-    bpf_probe_read(&str, sizeof(str), (void *)PT_REGS_PARM2(ctx));
+    bpf_probe_read(&str, sizeof(str), (void *)PT_REGS_PARM1(ctx));
     bpf_trace_printk("%s\\n", &str);
 
     return 0;