Use kprobe capture common kernel event and can also use for hids agent(kernel module)
Primary LanguageC