Added new helper program to be used with the execve hijacking module

src/ebpf/include/bpf/exec.h

@@ -0,0 +1,36 @@
+#ifndef __EXEC_H
+#define __EXEC_H
+
+#include "headervmlinux.h"
+
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
+
+#include "../../../common/constants.h"
+#include "../../../common/map_common.h"
+#include "defs.h"
+#include "../utils/strings.h"
+
+
+/**
+ * >> cat /sys/kernel/debug/tracing/events/syscalls/sys_enter_open/format
+ */
+struct sys_execve_enter_ctx {
+    unsigned long long unused;
+    int __syscall_nr;
+    unsigned int padding;
+    const char* const *argv;
+    const char* filename;
+    const char* const *envp;
+};
+
+
+SEC("tp/syscalls/sys_enter_execve")
+int tp_sys_enter_execve(struct sys_execve_enter_ctx *ctx) {
+
+}
+
+
+
+#endif

src/helpers/execve_hijack.c

@@ -0,0 +1,9 @@
+#include <stdio.h>
+
+int main(int argc, char* argv[]){
+    printf("Hello world from execve hijacker\n");
+    for(int ii=0; ii<argc; ii++){
+        printf("Argument %i is %s\n", ii, argv[ii]);
+    }
+    return 0;
+}