From cd3d8ea74a02f9b1a0b4ecd7cb24a4f2e1831a0f Mon Sep 17 00:00:00 2001
From: Nicholas Berlin <56366649+nicholasberlin@users.noreply.github.com>
Date: Wed, 23 Oct 2024 09:07:41 -0400
Subject: [PATCH] Use the proper struct for syscall tracepoint probes (#209)

Use the proper struct for tracepoint probes
---
 GPL/Events/Process/Probe.bpf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/GPL/Events/Process/Probe.bpf.c b/GPL/Events/Process/Probe.bpf.c
index 8970943f..ef509577 100644
--- a/GPL/Events/Process/Probe.bpf.c
+++ b/GPL/Events/Process/Probe.bpf.c
@@ -240,7 +240,7 @@ int BPF_KPROBE(kprobe__taskstats_exit, const struct task_struct *task, int group
 // tracepoint/syscalls/sys_[enter/exit]_[name] tracepoints are not available
 // with BTF type information, so we must use a non-BTF tracepoint
 SEC("tracepoint/syscalls/sys_exit_setsid")
-int tracepoint_syscalls_sys_exit_setsid(struct trace_event_raw_sys_exit *args)
+int tracepoint_syscalls_sys_exit_setsid(struct syscall_trace_exit *args)
 {
     const struct task_struct *task = (struct task_struct *)bpf_get_current_task();
 
@@ -365,7 +365,7 @@ int BPF_KPROBE(kprobe__ptrace_attach,
 }
 
 SEC("tracepoint/syscalls/sys_enter_shmget")
-int tracepoint_syscalls_sys_enter_shmget(struct trace_event_raw_sys_enter *ctx)
+int tracepoint_syscalls_sys_enter_shmget(struct syscall_trace_enter *ctx)
 {
     if (ebpf_events_is_trusted_pid())
         goto out;
@@ -404,7 +404,7 @@ int tracepoint_syscalls_sys_enter_shmget(struct trace_event_raw_sys_enter *ctx)
 }
 
 SEC("tracepoint/syscalls/sys_enter_memfd_create")
-int tracepoint_syscalls_sys_enter_memfd_create(struct trace_event_raw_sys_enter *ctx)
+int tracepoint_syscalls_sys_enter_memfd_create(struct syscall_trace_enter *ctx)
 {
     if (ebpf_events_is_trusted_pid())
         goto out;