function::probemod - Linux

Overview

function::probemod is a highly versatile kernel module probing tool that provides extensive information about loaded kernel modules in the Linux operating system. It enables system administrators, developers, and security researchers to gain insights into the modules’ properties, dependencies, and interrelationships.

Syntax

function::probemod [OPTIONS/FLAGS]

Options/Flags

  • -a, –all: Displays information for all loaded modules, including those that are not currently active.
  • -e, –epoch: Include epoch time in the module load time output.
  • -f, –file: Display the full path to the module file on the disk.
  • -i, –inverse: Print information about the modules that are not loaded.
  • -n, –name: Filter by module name.
  • -p, –parent: Display the parent module for the specified module.
  • -s, –sort: Sort the output by module name, load time, size, or dependency count.
  • -t, –tree: Display the module load tree in an indented format.
  • -v, –verbose: Print extended information about each module.
  • -P, –print-pretty: Output the results in a human-readable format.
  • -JSON: Output the results in JSON format.

Examples

Display information about all loaded modules:

function::probemod -a

Print the full path to the module file for a specific module:

function::probemod -f example_module

Show the load tree for a module:

function::probemod -t example_module

Export the results in JSON format:

function::probemod -JSON > module_info.json

Common Issues

  • The command may not find certain modules if they are not visible to the current user. Use sudo to gain elevated privileges.
  • The output can be overwhelming, especially for large systems. Use filtering options to narrow down the results.
  • JSON output may not be valid if the module has circular dependencies.

Integration

function::probemod can be used in conjunction with other commands and tools for advanced tasks:

  • Combine with grep to filter the output based on specific keywords:
function::probemod | grep "network"
  • Use with awk to extract specific information from the output:
function::probemod | awk '{print $1, $4}'
  • Integrate into scripts to automate module analysis and reporting.

Related Commands

  • lsmod: Lists loaded kernel modules.
  • modinfo: Displays detailed information about a specific module.
  • depmod: Generates module dependency information.
  • Kprobe: Allows monitoring and modifying kernel functions.
  • Ftrace: Provides advanced kernel tracing capabilities.