This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH v4] Fix nd_syscalls.stp for architectures using SYSCALL_WRAPPERS.


Add kprobe.function("SyS_*") probe points to nd_syscall.* probe aliases.
Analogue of commit 132c337c with two exceptions:
- remove sufficiency of these new probe points (use '?' instead of '!'),
  because translator always considers them resolved,
- make non-SyS probe points optional in probe aliases affected by
  syscall wrappers, because otherwise they will fail on such
  architectures.
---
 tapset/nd_syscalls.stp |  873 +++++++++++++++++++++++++++++++-----------------
 1 files changed, 568 insertions(+), 305 deletions(-)

diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp
index af14539..221e680 100644
--- a/tapset/nd_syscalls.stp
+++ b/tapset/nd_syscalls.stp
@@ -34,7 +34,8 @@
 # accept _____________________________________________________
 # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
 #                 int __user *upeer_addrlen)
-probe nd_syscall.accept = kprobe.function("sys_accept") ?
+probe nd_syscall.accept = kprobe.function("SyS_accept") ?,
+                          kprobe.function("sys_accept") ?
 {
 	name = "accept"
 	// sockfd = $fd
@@ -47,7 +48,8 @@ probe nd_syscall.accept = kprobe.function("sys_accept") ?
 	addrlen_uaddr = pointer_arg(3)
 	argstr = sprintf("%d, %p, %p", sockfd, addr_uaddr, addrlen_uaddr)
 }
-probe nd_syscall.accept.return = kprobe.function("sys_accept").return ?
+probe nd_syscall.accept.return = kprobe.function("SyS_accept").return ?,
+                                 kprobe.function("sys_accept").return ?
 {
 	name = "accept"
 	retstr = returnstr(1)
@@ -55,7 +57,8 @@ probe nd_syscall.accept.return = kprobe.function("sys_accept").return ?
 
 # access _____________________________________________________
 # long sys_access(const char __user * filename, int mode)
-probe nd_syscall.access = kprobe.function("sys_access")
+probe nd_syscall.access = kprobe.function("SyS_access") ?,
+                          kprobe.function("sys_access") ?
 {
 	name = "access"
 	// pathname = user_string($filename)
@@ -68,7 +71,8 @@ probe nd_syscall.access = kprobe.function("sys_access")
 	mode_str = _access_mode_str(mode)
 	argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), mode_str)
 }
-probe nd_syscall.access.return = kprobe.function("sys_access").return
+probe nd_syscall.access.return = kprobe.function("SyS_access").return ?,
+                                 kprobe.function("sys_access").return ?
 {
 	name = "access"
 	retstr = returnstr(1)
@@ -98,7 +102,8 @@ probe nd_syscall.acct.return = kprobe.function("sys_acct").return ?
 #             size_t plen,
 #             key_serial_t ringid)
 #
-probe nd_syscall.add_key = kprobe.function("sys_add_key") ?
+probe nd_syscall.add_key = kprobe.function("SyS_add_key") ?,
+                           kprobe.function("sys_add_key") ?
 {
 	name = "add_key"
 	// type_uaddr = $_type
@@ -123,7 +128,8 @@ probe nd_syscall.add_key = kprobe.function("sys_add_key") ?
 		text_strn(user_string(payload_uaddr), syscall_string_trunc, 1),
 		plen, ringid)
 }
-probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ?
+probe nd_syscall.add_key.return = kprobe.function("SyS_add_key").return ?,
+                                  kprobe.function("sys_add_key").return ?
 {
 	name = "add_key"
 	retstr = returnstr(1)
@@ -131,7 +137,8 @@ probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ?
 
 # adjtimex ___________________________________________________
 # long sys_adjtimex(struct timex __user *txc_p)
-probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex")
+probe nd_syscall.adjtimex = kprobe.function("SyS_adjtimex") ?,
+                            kprobe.function("sys_adjtimex") ?
 {
 	name = "adjtimex"
 	
@@ -152,7 +159,8 @@ probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex")
 	asmlinkage()
 	argstr = sprintf("%p", pointer_arg(1))
 }
-probe nd_syscall.adjtimex.return = kprobe.function("sys_adjtimex").return
+probe nd_syscall.adjtimex.return = kprobe.function("SyS_adjtimex").return ?,
+                                   kprobe.function("sys_adjtimex").return ?
 {
 	name = "adjtimex"
 	// retstr = _adjtimex_return_str($return)
@@ -176,8 +184,9 @@ probe nd_syscall.compat_adjtimex.return = kprobe.function("compat_sys_adjtimex")
 # unsigned long sys_alarm (unsigned int seconds)
 # long sys32_alarm(unsigned int seconds)
 #
-probe nd_syscall.alarm = kprobe.function("sys_alarm") ?,
-                         kprobe.function("sys32_alarm") ?
+probe nd_syscall.alarm = kprobe.function("sys32_alarm") ?,
+                         kprobe.function("SyS_alarm") ?,
+                         kprobe.function("sys_alarm") ?
 {
 	name = "alarm"
 	// seconds = $seconds
@@ -186,8 +195,9 @@ probe nd_syscall.alarm = kprobe.function("sys_alarm") ?,
 	seconds = uint_arg(1)
 	argstr = sprint(seconds)
 }
-probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?,
-                                kprobe.function("sys32_alarm").return ?
+probe nd_syscall.alarm.return = kprobe.function("sys32_alarm").return ?,
+                                kprobe.function("SyS_alarm").return ?,
+                                kprobe.function("sys_alarm").return ?
 {
 	name = "alarm"
 	retstr = returnstr(1)
@@ -195,7 +205,8 @@ probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?,
 
 # bdflush ____________________________________________________
 # long sys_bdflush(int func, long data)
-probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ?
+probe nd_syscall.bdflush = kprobe.function("SyS_bdflush") ?,
+                           kprobe.function("sys_bdflush") ?
 {
 	name = "bdflush"
 	// func = $func
@@ -213,7 +224,8 @@ probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ?
 		data_str = sprintf("%d", data)
 	argstr = sprintf("%d, %s", func, data_str)
 }
-probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ?
+probe nd_syscall.bdflush.return = kprobe.function("SyS_bdflush").return ?,
+                                  kprobe.function("sys_bdflush").return ?
 {
 	name = "bdflush"
 	retstr = returnstr(1)
@@ -221,7 +233,8 @@ probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ?
 
 # bind _______________________________________________________
 # long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
-probe nd_syscall.bind = kprobe.function("sys_bind") ?
+probe nd_syscall.bind = kprobe.function("SyS_bind") ?,
+                        kprobe.function("sys_bind") ?
 {
 	name = "bind"
 	// sockfd = $fd
@@ -234,7 +247,8 @@ probe nd_syscall.bind = kprobe.function("sys_bind") ?
 	addrlen = int_arg(3)
 	argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(my_addr_uaddr, addrlen), addrlen)
 }
-probe nd_syscall.bind.return = kprobe.function("sys_bind").return ?
+probe nd_syscall.bind.return = kprobe.function("SyS_bind").return ?,
+                               kprobe.function("sys_bind").return ?
 {
 	name = "bind"
 	retstr = returnstr(1)
@@ -242,8 +256,9 @@ probe nd_syscall.bind.return = kprobe.function("sys_bind").return ?
 
 # brk ________________________________________________________
 # unsigned long sys_brk(unsigned long brk)
-probe nd_syscall.brk = kprobe.function("sys_brk"),
-                       kprobe.function("ia64_brk") ?
+probe nd_syscall.brk = kprobe.function("ia64_brk") ?,
+                       kprobe.function("SyS_brk") ?,
+                       kprobe.function("sys_brk") ?
 {
 	name = "brk"
 	// brk = $brk
@@ -251,8 +266,9 @@ probe nd_syscall.brk = kprobe.function("sys_brk"),
 	brk = ulong_arg(1)
 	argstr = sprintf("%p", brk)
 }
-probe nd_syscall.brk.return = kprobe.function("sys_brk").return,
-                              kprobe.function("ia64_brk").return ?
+probe nd_syscall.brk.return = kprobe.function("ia64_brk").return ?,
+                              kprobe.function("SyS_brk").return ?,
+                              kprobe.function("sys_brk").return ?
 {
 	name = "brk"
 	retstr = returnstr(1)
@@ -271,7 +287,8 @@ probe nd_syscall.brk.return = kprobe.function("sys_brk").return,
  *   functions to export.
  */
 # long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
-probe nd_syscall.capget = kprobe.function("sys_capget")
+probe nd_syscall.capget = kprobe.function("SyS_capget") ?,
+                          kprobe.function("sys_capget") ?
 {
 	name = "capget"
 	// header_uaddr = $header
@@ -282,7 +299,8 @@ probe nd_syscall.capget = kprobe.function("sys_capget")
 	data_uaddr = pointer_arg(2)
 	argstr = sprintf("%p, %p", header_uaddr, data_uaddr)
 }
-probe nd_syscall.capget.return = kprobe.function("sys_capget").return
+probe nd_syscall.capget.return = kprobe.function("SyS_capget").return ?,
+                                 kprobe.function("sys_capget").return ?
 {
 	name = "capget"
 	retstr = returnstr(1)
@@ -300,7 +318,8 @@ probe nd_syscall.capget.return = kprobe.function("sys_capget").return
  *   functions to export.
  */
 # long sys_capset(cap_user_header_t header, const cap_user_data_t data)
-probe nd_syscall.capset = kprobe.function("sys_capset")
+probe nd_syscall.capset = kprobe.function("SyS_capset") ?,
+                          kprobe.function("sys_capset") ?
 {
 	name = "capset"
 	// header_uaddr = $header
@@ -311,7 +330,8 @@ probe nd_syscall.capset = kprobe.function("sys_capset")
 	data_uaddr = pointer_arg(2)
 	argstr = sprintf("%p, %p", header_uaddr, data_uaddr)
 }
-probe nd_syscall.capset.return = kprobe.function("sys_capset").return
+probe nd_syscall.capset.return = kprobe.function("SyS_capset").return ?,
+                                 kprobe.function("sys_capset").return ?
 {
 	name = "capset"
 	retstr = returnstr(1)
@@ -319,7 +339,8 @@ probe nd_syscall.capset.return = kprobe.function("sys_capset").return
 
 # chdir ______________________________________________________
 # long sys_chdir(const char __user * filename)
-probe nd_syscall.chdir = kprobe.function("sys_chdir")
+probe nd_syscall.chdir = kprobe.function("SyS_chdir") ?,
+                         kprobe.function("sys_chdir") ?
 {
 	name = "chdir"
 	// path = user_string($filename)
@@ -328,7 +349,8 @@ probe nd_syscall.chdir = kprobe.function("sys_chdir")
 	path = user_string(pointer_arg(1))
 	argstr = user_string_quoted(pointer_arg(1))
 }
-probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return
+probe nd_syscall.chdir.return = kprobe.function("SyS_chdir").return ?,
+                                kprobe.function("sys_chdir").return ?
 {
 	name = "chdir"
 	retstr = returnstr(1)
@@ -336,7 +358,8 @@ probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return
 
 # chmod ______________________________________________________
 # long sys_chmod(const char __user * filename, mode_t mode)
-probe nd_syscall.chmod = kprobe.function("sys_chmod")
+probe nd_syscall.chmod = kprobe.function("SyS_chmod") ?,
+                         kprobe.function("sys_chmod") ?
 {
 	name = "chmod"
 	// path = user_string($filename)
@@ -347,7 +370,8 @@ probe nd_syscall.chmod = kprobe.function("sys_chmod")
 	mode = uint_arg(2)
 	argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode)
 }
-probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return
+probe nd_syscall.chmod.return = kprobe.function("SyS_chmod").return ?,
+                                kprobe.function("sys_chmod").return ?
 {
 	name = "chmod"
 	retstr = returnstr(1)
@@ -355,7 +379,8 @@ probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return
 
 # chown ______________________________________________________
 # long sys_chown(const char __user * filename, uid_t user, gid_t group)
-probe nd_syscall.chown = kprobe.function("sys_chown")
+probe nd_syscall.chown = kprobe.function("SyS_chown") ?,
+                         kprobe.function("sys_chown") ?
 {
 	name = "chown"
 	// path = user_string($filename)
@@ -368,7 +393,8 @@ probe nd_syscall.chown = kprobe.function("sys_chown")
 	group = __int32(uint_arg(3))
 	argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group)
 }
-probe nd_syscall.chown.return = kprobe.function("sys_chown").return
+probe nd_syscall.chown.return = kprobe.function("SyS_chown").return ?,
+                                kprobe.function("sys_chown").return ?
 {
 	name = "chown"
 	retstr = returnstr(1)
@@ -398,7 +424,8 @@ probe nd_syscall.chown16.return = kprobe.function("sys_chown16").return ?
 
 # chroot _____________________________________________________
 # long sys_chroot(const char __user * filename)
-probe nd_syscall.chroot = kprobe.function("sys_chroot")
+probe nd_syscall.chroot = kprobe.function("SyS_chroot") ?,
+                          kprobe.function("sys_chroot") ?
 {
 	name = "chroot"
 	// path = user_string($filename)
@@ -407,7 +434,8 @@ probe nd_syscall.chroot = kprobe.function("sys_chroot")
 	path = user_string(pointer_arg(1))
 	argstr = user_string_quoted(pointer_arg(1))
 }
-probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return
+probe nd_syscall.chroot.return = kprobe.function("SyS_chroot").return ?,
+                                 kprobe.function("sys_chroot").return ?
 {
 	name = "chroot"
 	retstr = returnstr(1)
@@ -417,8 +445,9 @@ probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return
 # long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp)
 # long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp)
 #
-probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"),
-                                kprobe.function("compat_clock_getres") ?
+probe nd_syscall.clock_getres = kprobe.function("compat_clock_getres") ?,
+                                kprobe.function("SyS_clock_getres") ?,
+                                kprobe.function("sys_clock_getres") ?
 {
 	name = "clock_getres"
 	// clk_id = $which_clock
@@ -431,8 +460,9 @@ probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"),
 	res_uaddr = pointer_arg(2)
 	argstr = sprintf("%s, %p", clk_id_str, res_uaddr)
 }
-probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").return,
-                                       kprobe.function("compat_clock_getres").return ?
+probe nd_syscall.clock_getres.return = kprobe.function("compat_clock_getres").return ?,
+                                       kprobe.function("SyS_clock_getres").return ?,
+                                       kprobe.function("sys_clock_getres").return ?
 {
 	name = "clock_getres"
 	retstr = returnstr(1)
@@ -441,7 +471,8 @@ probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").retur
 # clock_gettime ______________________________________________
 # long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp)
 #
-probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime")
+probe nd_syscall.clock_gettime = kprobe.function("SyS_clock_gettime") ?,
+                                 kprobe.function("sys_clock_gettime") ?
 {
 	name = "clock_gettime"
 	// clk_id = $which_clock
@@ -452,7 +483,8 @@ probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime")
 	clk_id_str = _get_wc_str(clk_id)
 	argstr = sprintf("%s, %p", clk_id_str, pointer_arg(2))
 }
-probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").return
+probe nd_syscall.clock_gettime.return = kprobe.function("SyS_clock_gettime").return ?,
+                                        kprobe.function("sys_clock_gettime").return ?
 {
 	name = "clock_gettime"
 	retstr = returnstr(1)
@@ -464,7 +496,8 @@ probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").ret
 #                     const struct timespec __user *rqtp,
 #                     struct timespec __user *rmtp)
 #
-probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep")
+probe nd_syscall.clock_nanosleep = kprobe.function("SyS_clock_nanosleep") ?,
+                                   kprobe.function("sys_clock_nanosleep") ?
 {
 	name = "clock_nanosleep"
 	// if ($flags == 1)
@@ -482,7 +515,8 @@ probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep")
 	argstr = sprintf("%s, %s, %s, %p", _get_wc_str(int_arg(1)), flag_str,
 		_struct_timespec_u(pointer_arg(3), 1), pointer_arg(4))
 }
-probe nd_syscall.clock_nanosleep.return = kprobe.function("sys_clock_nanosleep").return
+probe nd_syscall.clock_nanosleep.return = kprobe.function("SyS_clock_nanosleep").return ?,
+                                          kprobe.function("sys_clock_nanosleep").return ?
 {
 	name = "clock_nanosleep"
 	retstr = returnstr(1)
@@ -524,7 +558,8 @@ probe nd_syscall.compat_clock_nanosleep.return = kprobe.function("compat_clock_n
 # long sys_clock_settime(clockid_t which_clock,
 #                   const struct timespec __user *tp)
 #
-probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime")
+probe nd_syscall.clock_settime = kprobe.function("SyS_clock_settime") ?,
+                                 kprobe.function("sys_clock_settime") ?
 {
 	name = "clock_settime"
 	// clk_id = $which_clock
@@ -537,7 +572,8 @@ probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime")
 	tp_uaddr = pointer_arg(2)
 	argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u(tp_uaddr, 1))
 }
-probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").return
+probe nd_syscall.clock_settime.return = kprobe.function("SyS_clock_settime").return ?,
+                                        kprobe.function("sys_clock_settime").return ?
 {
 	name = "clock_settime"
 	retstr = returnstr(1)
@@ -545,7 +581,8 @@ probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").ret
 
 # close ______________________________________________________
 # long sys_close(unsigned int fd)
-probe nd_syscall.close = kprobe.function("sys_close")
+probe nd_syscall.close = kprobe.function("SyS_close") ?,
+                         kprobe.function("sys_close") ?
 {
 	name = "close"
 	// fd = $fd
@@ -553,14 +590,16 @@ probe nd_syscall.close = kprobe.function("sys_close")
 	fd = int_arg(1)
 	argstr = sprint(fd)
 }
-probe nd_syscall.close.return = kprobe.function("sys_close").return
+probe nd_syscall.close.return = kprobe.function("SyS_close").return ?,
+                                kprobe.function("sys_close").return ?
 {
 	name = "close"
 	retstr = returnstr(1)
 }
 # connect ____________________________________________________
 # long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
-probe nd_syscall.connect = kprobe.function("sys_connect") ?
+probe nd_syscall.connect = kprobe.function("SyS_connect") ?,
+                           kprobe.function("sys_connect") ?
 {
 	name = "connect"
 	// sockfd = $fd
@@ -573,7 +612,8 @@ probe nd_syscall.connect = kprobe.function("sys_connect") ?
 	addrlen = int_arg(3)
 	argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(serv_addr_uaddr, addrlen), addrlen)
 }
-probe nd_syscall.connect.return = kprobe.function("sys_connect").return ?
+probe nd_syscall.connect.return = kprobe.function("SyS_connect").return ?,
+                                  kprobe.function("sys_connect").return ?
 {
 	name = "connect"
 	retstr = returnstr(1)
@@ -581,7 +621,8 @@ probe nd_syscall.connect.return = kprobe.function("sys_connect").return ?
 
 # creat
 # long sys_creat(const char __user * pathname, int mode)
-probe nd_syscall.creat = kprobe.function("sys_creat") ?
+probe nd_syscall.creat = kprobe.function("SyS_creat") ?,
+                         kprobe.function("sys_creat") ?
 {
 	name = "creat"
 	// mode = $mode
@@ -592,7 +633,8 @@ probe nd_syscall.creat = kprobe.function("sys_creat") ?
 	pathname = user_string(pointer_arg(1))
 	argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode)
 }
-probe nd_syscall.creat.return = kprobe.function("sys_creat").return ?
+probe nd_syscall.creat.return = kprobe.function("SyS_creat").return ?,
+                                kprobe.function("sys_creat").return ?
 {
 	name = "creat"
 	retstr = returnstr(1)
@@ -600,7 +642,8 @@ probe nd_syscall.creat.return = kprobe.function("sys_creat").return ?
 
 # delete_module ______________________________________________
 # long sys_delete_module(const char __user *name_user, unsigned int flags)
-probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ?
+probe nd_syscall.delete_module = kprobe.function("SyS_delete_module") ?,
+                                 kprobe.function("sys_delete_module") ?
 {
 	name = "delete_module"
 	// name_user = user_string($name_user)
@@ -611,7 +654,8 @@ probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ?
 	flags = uint_arg(2)
 	argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _module_flags_str(uint_arg(2)))
 }
-probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").return ?
+probe nd_syscall.delete_module.return = kprobe.function("SyS_delete_module").return ?,
+                                        kprobe.function("sys_delete_module").return ?
 {
 	name = "delete_module"
 	retstr = returnstr(1)
@@ -619,7 +663,8 @@ probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").ret
 
 # dup ________________________________________________________
 # long sys_dup(unsigned int fildes)
-probe nd_syscall.dup = kprobe.function("sys_dup")
+probe nd_syscall.dup = kprobe.function("SyS_dup") ?,
+                       kprobe.function("sys_dup") ?
 {
 	name = "dup"
 	// oldfd = $fildes
@@ -628,7 +673,8 @@ probe nd_syscall.dup = kprobe.function("sys_dup")
 	old_fd = int_arg(1)
 	argstr = sprint(old_fd)
 }
-probe nd_syscall.dup.return = kprobe.function("sys_dup").return
+probe nd_syscall.dup.return = kprobe.function("SyS_dup").return ?,
+                              kprobe.function("sys_dup").return ?
 {
 	name = "dup"
 	retstr = returnstr(1)
@@ -636,7 +682,8 @@ probe nd_syscall.dup.return = kprobe.function("sys_dup").return
 
 # dup2 _______________________________________________________
 # long sys_dup2(unsigned int oldfd, unsigned int newfd)
-probe nd_syscall.dup2 = kprobe.function("sys_dup2")
+probe nd_syscall.dup2 = kprobe.function("SyS_dup2") ?,
+                        kprobe.function("sys_dup2") ?
 {
 	name = "dup2"
 	// oldfd = $oldfd
@@ -647,7 +694,8 @@ probe nd_syscall.dup2 = kprobe.function("sys_dup2")
 	newfd = int_arg(2)
 	argstr = sprintf("%d, %d", oldfd, newfd)
 }
-probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return
+probe nd_syscall.dup2.return = kprobe.function("SyS_dup2").return ?,
+                               kprobe.function("sys_dup2").return ?
 {
 	name = "dup2"
 	retstr = returnstr(1)
@@ -655,7 +703,8 @@ probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return
 
 # epoll_create _______________________________________________
 # long sys_epoll_create(int size)
-probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ?
+probe nd_syscall.epoll_create = kprobe.function("SyS_epoll_create") ?,
+                                kprobe.function("sys_epoll_create") ?
 {
 	name = "epoll_create"
 	// size = $size
@@ -664,7 +713,8 @@ probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ?
 	size = int_arg(1)
 	argstr = sprint(size)
 }
-probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").return ?
+probe nd_syscall.epoll_create.return = kprobe.function("SyS_epoll_create").return ?,
+                                       kprobe.function("sys_epoll_create").return ?
 {
 	name = "epoll_create"
 	retstr = returnstr(1)
@@ -676,8 +726,9 @@ probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").retur
 # long compat_sys_epoll_ctl(int epfd, int op, int fd,
 #			struct compat_epoll_event __user *event)
 #
-probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?,
-                             kprobe.function("compat_sys_epoll_ctl") ?
+probe nd_syscall.epoll_ctl = kprobe.function("compat_sys_epoll_ctl") ?,
+                             kprobe.function("SyS_epoll_ctl") ?,
+                             kprobe.function("sys_epoll_ctl") ?
 {
 	name = "epoll_ctl"
 	// epfd = $epfd
@@ -694,8 +745,9 @@ probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?,
 	event_uaddr = pointer_arg(4)
 	argstr = sprintf("%d, %s, %d, %p", epfd, op_str, fd, event_uaddr)
 }
-probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?,
-                                    kprobe.function("compat_sys_epoll_ctl").return ?
+probe nd_syscall.epoll_ctl.return = kprobe.function("compat_sys_epoll_ctl").return ?,
+                                    kprobe.function("SyS_epoll_ctl").return ?,
+                                    kprobe.function("sys_epoll_ctl").return ?
 {
 	name = "epoll_ctl"
 	retstr = returnstr(1)
@@ -712,8 +764,9 @@ probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?,
 #			const compat_sigset_t __user *sigmask,
 #			compat_size_t sigsetsize)
 #
-probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?,
-                               kprobe.function("compat_sys_epoll_pwait") ?
+probe nd_syscall.epoll_pwait = kprobe.function("compat_sys_epoll_pwait") ?,
+                               kprobe.function("SyS_epoll_pwait") ?,
+                               kprobe.function("sys_epoll_pwait") ?
 {
 	name = "epoll_pwait"
 	asmlinkage()
@@ -721,8 +774,9 @@ probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?,
 //		$epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize)
 		int_arg(1), pointer_arg(2), int_arg(3), int_arg(4), pointer_arg(5), ulong_arg(6))
 }
-probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return ?,
-                                      kprobe.function("compat_sys_epoll_pwait").return ?
+probe nd_syscall.epoll_pwait.return = kprobe.function("compat_sys_epoll_pwait").return ?,
+                                      kprobe.function("SyS_epoll_pwait").return ?,
+                                      kprobe.function("sys_epoll_pwait").return ?
 {
 	name = "epoll_pwait"
 	retstr = returnstr(1)
@@ -736,8 +790,9 @@ probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return
 #		struct compat_epoll_event __user *events,
 #		int maxevents, int timeout)
 #
-probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?,
-                              kprobe.function("compat_sys_epoll_wait") ?
+probe nd_syscall.epoll_wait = kprobe.function("compat_sys_epoll_wait") ?,
+                              kprobe.function("SyS_epoll_wait") ?,
+                              kprobe.function("sys_epoll_wait") ?
 {
 	name = "epoll_wait"
 	// epfd = $epfd
@@ -752,8 +807,9 @@ probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?,
 	timeout = int_arg(4)
 	argstr = sprintf("%d, %p, %d, %d", epfd, events_uaddr, maxevents, timeout)
 }
-probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?,
-                                     kprobe.function("compat_sys_epoll_wait").return ?
+probe nd_syscall.epoll_wait.return = kprobe.function("compat_sys_epoll_wait").return ?,
+                                     kprobe.function("SyS_epoll_wait").return ?,
+                                     kprobe.function("sys_epoll_wait").return ?
 {
 	name = "epoll_wait"
 	retstr = returnstr(1)
@@ -762,14 +818,16 @@ probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?,
 # eventfd _____________________________________________________
 # long sys_eventfd(unsigned int count)
 #
-probe nd_syscall.eventfd = kprobe.function("sys_eventfd") ?
+probe nd_syscall.eventfd = kprobe.function("SyS_eventfd") ?,
+                           kprobe.function("sys_eventfd") ?
 {
 	name = "eventfd"
 	// argstr = sprint($count)
 	asmlinkage()
 	argstr = sprint(uint_arg(1))
 }
-probe nd_syscall.eventfd.return = kprobe.function("sys_eventfd").return ?
+probe nd_syscall.eventfd.return = kprobe.function("SyS_eventfd").return ?,
+                                  kprobe.function("sys_eventfd").return ?
 {
 	name = "eventfd"
 	retstr = returnstr(1)
@@ -838,7 +896,8 @@ probe nd_syscall.exit = kprobe.function("do_exit")
 # exit_group _________________________________________________
 # void sys_exit_group(int error_code)
 #
-probe nd_syscall.exit_group = kprobe.function("sys_exit_group")
+probe nd_syscall.exit_group = kprobe.function("SyS_exit_group") ?,
+                              kprobe.function("sys_exit_group") ?
 {
 	name = "exit_group"
 	// status = $error_code
@@ -853,7 +912,8 @@ probe nd_syscall.exit_group = kprobe.function("sys_exit_group")
 # faccessat __________________________________________________
 # new function with 2.6.16
 # long sys_faccessat(int dfd, const char __user *filename, int mode)
-probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ?
+probe nd_syscall.faccessat = kprobe.function("SyS_faccessat") ?,
+                             kprobe.function("sys_faccessat") ?
 {
 	name = "faccessat"
 	// dirfd = $dfd
@@ -870,7 +930,8 @@ probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ?
 	mode_str = _access_mode_str(mode)
 	argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted(pointer_arg(2)), mode_str)
 }
-probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ?
+probe nd_syscall.faccessat.return = kprobe.function("SyS_faccessat").return ?,
+                                    kprobe.function("sys_faccessat").return ?
 {
 	name = "faccessat"
 	retstr = returnstr(1)
@@ -880,7 +941,8 @@ probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ?
 # fadvise64 __________________________________________________
 # long sys_fadvise64(int fd, loff_t offset, size_t len,  int advice)
 #
-probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ?
+probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") ?,
+                             kprobe.function("sys_fadvise64") ?
 {
 	name = "fadvise64"
 	// fd = $fd
@@ -895,7 +957,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ?
 	advice = int_arg(4)
 	argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice))
 }
-probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ?
+probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return ?,
+                                    kprobe.function("sys_fadvise64").return ?
 {
 	name = "fadvise64"
 	retstr = returnstr(1)
@@ -904,7 +967,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ?
 # fadvise64_64 _______________________________________________
 # long sys_fadvise64_64(int fd, loff_t offset, loff_t len,  int advice)
 #
-probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
+probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") ?,
+                                kprobe.function("sys_fadvise64_64") ?
 {
 	name = "fadvise64_64"
 	// fd = $fd
@@ -919,7 +983,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
 	advice = int_arg(4)
 	argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice))
 }
-probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return
+probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return ?,
+                                       kprobe.function("sys_fadvise64_64").return ?
 {
 	name = "fadvise64_64"
 	retstr = returnstr(1)
@@ -930,7 +995,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur
 # fadvise64 __________________________________________________
 # long sys_fadvise64(int fd, loff_t offset, size_t len,  int advice)
 #
-probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64")
+probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") ?,
+                             kprobe.function("sys_fadvise64") ?
 {
 	name = "fadvise64"
 	fd = 0
@@ -939,7 +1005,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64")
 	advice = 0
 	argstr = ""
 }
-probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return
+probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return ?,
+                                    kprobe.function("sys_fadvise64").return ?
 {
 	name = "fadvise64"
 	retstr = returnstr(1)
@@ -948,7 +1015,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return
 # fadvise64_64 _______________________________________________
 # long sys_fadvise64_64(int fd, loff_t offset, loff_t len,  int advice)
 #
-probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
+probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") ?,
+                                kprobe.function("sys_fadvise64_64") ?
 {
 	name = "fadvise64_64"
 	fd = 0
@@ -957,7 +1025,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
 	advice = 0
 	argstr = ""
 }
-probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return
+probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return ?,
+                                       kprobe.function("sys_fadvise64_64").return ?
 {
 	name = "fadvise64_64"
 	retstr = returnstr(1)
@@ -966,7 +1035,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur
 
 # fchdir _____________________________________________________
 # long sys_fchdir(unsigned int fd)
-probe nd_syscall.fchdir = kprobe.function("sys_fchdir")
+probe nd_syscall.fchdir = kprobe.function("SyS_fchdir") ?,
+                          kprobe.function("sys_fchdir") ?
 {
 	name = "fchdir"
 	// fd = $fd
@@ -975,7 +1045,8 @@ probe nd_syscall.fchdir = kprobe.function("sys_fchdir")
 	fd = int_arg(1)
 	argstr = sprint(fd)
 }
-probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return
+probe nd_syscall.fchdir.return = kprobe.function("SyS_fchdir").return ?,
+                                 kprobe.function("sys_fchdir").return ?
 {
 	name = "fchdir"
 	retstr = returnstr(1)
@@ -983,7 +1054,8 @@ probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return
 
 # fchmod _____________________________________________________
 # long sys_fchmod(unsigned int fd, mode_t mode)
-probe nd_syscall.fchmod = kprobe.function("sys_fchmod")
+probe nd_syscall.fchmod = kprobe.function("SyS_fchmod") ?,
+                          kprobe.function("sys_fchmod") ?
 {
 	name = "fchmod"
 	// fildes = $fd
@@ -993,7 +1065,8 @@ probe nd_syscall.fchmod = kprobe.function("sys_fchmod")
 	mode = uint_arg(2) # SAFE?
 	argstr = sprintf("%d, %#o", fildes, mode)
 }
-probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return
+probe nd_syscall.fchmod.return = kprobe.function("SyS_fchmod").return ?,
+                                 kprobe.function("sys_fchmod").return ?
 {
 	name = "fchmod"
 	retstr = returnstr(1)
@@ -1003,7 +1076,8 @@ probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return
 # new function with 2.6.16
 # long sys_fchmodat(int dfd, const char __user *filename,
 #	mode_t mode)
-probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ?
+probe nd_syscall.fchmodat = kprobe.function("SyS_fchmodat") ?,
+                            kprobe.function("sys_fchmodat") ?
 {
 	name = "fchmodat"
 	// dirfd = $dfd
@@ -1018,7 +1092,8 @@ probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ?
 	mode = uint_arg(3)
 	argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted(pointer_arg(2)), mode)
 }
-probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ?
+probe nd_syscall.fchmodat.return = kprobe.function("SyS_fchmodat").return ?,
+                                   kprobe.function("sys_fchmodat").return ?
 {
 	name = "fchmodat"
 	retstr = returnstr(1)
@@ -1026,7 +1101,8 @@ probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ?
 
 # fchown _____________________________________________________
 # long sys_fchown(unsigned int fd, uid_t user, gid_t group)
-probe nd_syscall.fchown = kprobe.function("sys_fchown")
+probe nd_syscall.fchown = kprobe.function("SyS_fchown") ?,
+                          kprobe.function("sys_fchown") ?
 {
 	name = "fchown"
 	// fd = $fd
@@ -1039,7 +1115,8 @@ probe nd_syscall.fchown = kprobe.function("sys_fchown")
 	group = __int32(uint_arg(3))
 	argstr = sprintf("%d, %d, %d", fd, owner, group)
 }
-probe nd_syscall.fchown.return = kprobe.function("sys_fchown").return
+probe nd_syscall.fchown.return = kprobe.function("SyS_fchown").return ?,
+                                 kprobe.function("sys_fchown").return ?
 {
 	name = "fchown"
 	retstr = returnstr(1)
@@ -1070,7 +1147,8 @@ probe nd_syscall.fchown16.return = kprobe.function("sys_fchown16").return ?
 # new function with 2.6.16
 # long sys_fchownat(int dfd, const char __user *filename,
 #	uid_t user, gid_t group, int flag)
-probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ?
+probe nd_syscall.fchownat = kprobe.function("SyS_fchownat") ?,
+                            kprobe.function("sys_fchownat") ?
 {
 	name = "fchownat"
 	// dirfd = $dfd
@@ -1093,7 +1171,8 @@ probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ?
 	argstr = sprintf("%s, %s, %d, %d, %s",
 		dirfd_str, user_string_quoted(pointer_arg(2)), owner, group, flags_str)
 }
-probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ?
+probe nd_syscall.fchownat.return = kprobe.function("SyS_fchownat").return ?,
+                                   kprobe.function("sys_fchownat").return ?
 {
 	name = "fchownat"
 	retstr = returnstr(1)
@@ -1105,10 +1184,11 @@ probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ?
 # long compat_sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg)
 # long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
 #
-probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?,
+probe nd_syscall.fcntl = kprobe.function("compat_sys_fcntl") ?,
+                         kprobe.function("compat_sys_fcntl64") ?,
                          kprobe.function("sys_fcntl64") ?,
-                         kprobe.function("compat_sys_fcntl") ?,
-                         kprobe.function("compat_sys_fcntl64") ?
+                         kprobe.function("SyS_fcntl") ?,
+                         kprobe.function("sys_fcntl") ?
 {
 	name = "fcntl"
 	// fd = $fd
@@ -1123,10 +1203,11 @@ probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?,
 	arg = long_arg(3)
 	argstr = sprintf("%d, %s, %p", fd, cmd_str, arg)
 }
-probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?,
+probe nd_syscall.fcntl.return = kprobe.function("compat_sys_fcntl").return ?,
+                                kprobe.function("compat_sys_fcntl64").return ?,
                                 kprobe.function("sys_fcntl64").return ?,
-                                kprobe.function("compat_sys_fcntl").return ?,
-                                kprobe.function("compat_sys_fcntl64").return ?
+                                kprobe.function("SyS_fcntl").return ?,
+                                kprobe.function("sys_fcntl").return ?
 {
 	name = "fcntl"
 	retstr = returnstr(1)
@@ -1134,7 +1215,8 @@ probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?,
 
 # fdatasync __________________________________________________
 # long sys_fdatasync(unsigned int fd)
-probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync")
+probe nd_syscall.fdatasync = kprobe.function("SyS_fdatasync") ?,
+                             kprobe.function("sys_fdatasync") ?
 {
 	name = "fdatasync"
 	// fd = $fd
@@ -1142,7 +1224,8 @@ probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync")
 	fd = int_arg(1)
 	argstr = sprint(fd)
 }
-probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return
+probe nd_syscall.fdatasync.return = kprobe.function("SyS_fdatasync").return ?,
+                                    kprobe.function("sys_fdatasync").return ?
 {
 	name = "fdatasync"
 	retstr = returnstr(1)
@@ -1151,7 +1234,8 @@ probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return
 # fgetxattr __________________________________________________
 # ssize_t sys_fgetxattr(int fd, char __user *name,
 # 		void __user *value, size_t size)
-probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr")
+probe nd_syscall.fgetxattr = kprobe.function("SyS_fgetxattr") ?,
+                             kprobe.function("sys_fgetxattr") ?
 {
 	name = "fgetxattr"
 	// filedes = $fd
@@ -1167,14 +1251,16 @@ probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr")
 	size  = ulong_arg(4)
 	argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size)
 }
-probe nd_syscall.fgetxattr.return = kprobe.function("sys_fgetxattr").return
+probe nd_syscall.fgetxattr.return = kprobe.function("SyS_fgetxattr").return ?,
+                                    kprobe.function("sys_fgetxattr").return ?
 {
 	name = "fgetxattr"
 	retstr = returnstr(1)
 }
 # flistxattr _________________________________________________
 # ssize_t sys_flistxattr(int fd, char __user *list, size_t size)
-probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr")
+probe nd_syscall.flistxattr = kprobe.function("SyS_flistxattr") ?,
+                              kprobe.function("sys_flistxattr") ?
 {
 	name = "flistxattr"
 	// filedes = $fd
@@ -1186,7 +1272,8 @@ probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr")
 	size = ulong_arg(3)
 	argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size)
 }
-probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return
+probe nd_syscall.flistxattr.return = kprobe.function("SyS_flistxattr").return ?,
+                                     kprobe.function("sys_flistxattr").return ?
 {
 	name = "flistxattr"
 	retstr = returnstr(1)
@@ -1194,7 +1281,8 @@ probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return
 
 # flock ______________________________________________________
 # long sys_flock(unsigned int fd, unsigned int cmd)
-probe nd_syscall.flock = kprobe.function("sys_flock")
+probe nd_syscall.flock = kprobe.function("SyS_flock") ?,
+                         kprobe.function("sys_flock") ?
 {
 	name = "flock"
 	// fd = $fd
@@ -1204,7 +1292,8 @@ probe nd_syscall.flock = kprobe.function("sys_flock")
 	operation = int_arg(2)
 	argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation))
 }
-probe nd_syscall.flock.return = kprobe.function("sys_flock").return
+probe nd_syscall.flock.return = kprobe.function("SyS_flock").return ?,
+                                kprobe.function("sys_flock").return ?
 {
 	name = "flock"
 	retstr = returnstr(1)
@@ -1285,7 +1374,8 @@ probe nd_syscall.fork.return = kprobe.function("do_fork").return
 }
 # fremovexattr _______________________________________________
 # long sys_fremovexattr(int fd, char __user *name)
-probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr")
+probe nd_syscall.fremovexattr = kprobe.function("SyS_fremovexattr") ?,
+                                kprobe.function("sys_fremovexattr") ?
 {
 	name = "fremovexattr"
 	// filedes = $fd
@@ -1297,7 +1387,8 @@ probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr")
 	name2 = user_string(pointer_arg(2))
 	argstr = sprintf("%d, %s", filedes, user_string_quoted(pointer_arg(2)))
 }
-probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").return
+probe nd_syscall.fremovexattr.return = kprobe.function("SyS_fremovexattr").return ?,
+                                       kprobe.function("sys_fremovexattr").return ?
 {
 	name = "fremovexattr"
 	retstr = returnstr(1)
@@ -1312,7 +1403,8 @@ probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").retur
  *               size_t size,
  *               int flags)
  */
-probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr")
+probe nd_syscall.fsetxattr = kprobe.function("SyS_fsetxattr") ?,
+                             kprobe.function("sys_fsetxattr") ?
 {
 	name = "fsetxattr"
 	// filedes = $fd
@@ -1330,7 +1422,8 @@ probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr")
 	flags = int_arg(5)
 	argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size, flags)
 }
-probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return
+probe nd_syscall.fsetxattr.return = kprobe.function("SyS_fsetxattr").return ?,
+                                    kprobe.function("sys_fsetxattr").return ?
 {
 	name = "fsetxattr"
 	retstr = returnstr(1)
@@ -1346,8 +1439,10 @@ probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return
 # long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf)
 #
 probe nd_syscall.fstat = kprobe.function("sys_fstat") ?,
+                         kprobe.function("SyS_fstat64") ?,
                          kprobe.function("sys_fstat64") ?,
                          kprobe.function("sys32_fstat64") ?,
+                         kprobe.function("SyS_newfstat") ?,
                          kprobe.function("sys_newfstat") ?,
                          kprobe.function("sys_oabi_fstat64") ?,
                          kprobe.function("compat_sys_newfstat") ?
@@ -1362,8 +1457,10 @@ probe nd_syscall.fstat = kprobe.function("sys_fstat") ?,
 	argstr = sprintf("%d, %p", filedes, buf_uaddr)
 }
 probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?,
+                                kprobe.function("SyS_fstat64").return ?,
                                 kprobe.function("sys_fstat64").return ?,
                                 kprobe.function("sys32_fstat64").return ?,
+                                kprobe.function("SyS_newfstat").return ?,
                                 kprobe.function("sys_newfstat").return ?,
                                 kprobe.function("sys_oabi_fstat64").return ?,
                                 kprobe.function("compat_sys_newfstat").return ?
@@ -1377,7 +1474,9 @@ probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?,
 # long sys_newfstatat(int dfd, char __user *filename, struct stat __user *statbuf, int flag)
 # long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag)
 # long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag)
-probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?,
+probe nd_syscall.fstatat = kprobe.function("SyS_fstatat64") ?,
+                           kprobe.function("sys_fstatat64") ?,
+                           kprobe.function("SyS_newfstatat") ?,
                            kprobe.function("sys_newfstatat") ?,
                            kprobe.function("compat_sys_newfstatat") ?,
                            kprobe.function("sys32_fstatat64") ?
@@ -1393,7 +1492,9 @@ probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?,
 	buf_uaddr = pointer_arg(3)
 	argstr = sprintf("%s, %s, %p, %s", _dfd_str(dirfd), user_string_quoted(pointer_arg(2)), buf_uaddr, _at_flag_str(int_arg(4)))
 }
-probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?,
+probe nd_syscall.fstatat.return = kprobe.function("SyS_fstatat64").return ?,
+                                  kprobe.function("sys_fstatat64").return ?,
+                                  kprobe.function("SyS_newfstatat").return ?,
                                   kprobe.function("sys_newfstatat").return ?,
                                   kprobe.function("compat_sys_newfstatat").return ?,
                                   kprobe.function("sys32_fstatat64").return ?
@@ -1406,8 +1507,9 @@ probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?,
 # long sys_fstatfs(unsigned int fd, struct statfs __user * buf)
 # long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf)
 #
-probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"),
-                           kprobe.function("compat_sys_fstatfs") ?
+probe nd_syscall.fstatfs = kprobe.function("compat_sys_fstatfs") ?,
+                           kprobe.function("SyS_fstatfs") ?,
+                           kprobe.function("sys_fstatfs") ?
 {
 	name = "fstatfs"
 	// fd = $fd
@@ -1418,8 +1520,9 @@ probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"),
 	buf_uaddr = pointer_arg(2)
 	argstr = sprintf("%d, %p", fd, buf_uaddr)
 }
-probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return,
-                                  kprobe.function("compat_sys_fstatfs").return ?
+probe nd_syscall.fstatfs.return = kprobe.function("compat_sys_fstatfs").return ?,
+                                  kprobe.function("SyS_fstatfs").return ?,
+                                  kprobe.function("sys_fstatfs").return ?
 {
 	name = "fstatfs"
 	retstr = returnstr(1)
@@ -1429,8 +1532,9 @@ probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return,
 # long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf)
 # long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf)
 #
-probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?,
-                             kprobe.function("compat_sys_fstatfs64") ?
+probe nd_syscall.fstatfs64 = kprobe.function("compat_sys_fstatfs64") ?,
+                             kprobe.function("SyS_fstatfs64") ?,
+                             kprobe.function("sys_fstatfs64") ?
 {
 	name = "fstatfs"
 	// fd = $fd
@@ -1443,8 +1547,9 @@ probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?,
 	buf_uaddr = pointer_arg(3)
 	argstr = sprintf("%d, %d, %p", fd, sz, buf_uaddr)
 }
-probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?,
-                                    kprobe.function("compat_sys_fstatfs64").return ?
+probe nd_syscall.fstatfs64.return = kprobe.function("compat_sys_fstatfs64").return ?,
+                                    kprobe.function("SyS_fstatfs64").return ?,
+                                    kprobe.function("sys_fstatfs64").return ?
 {
 	name = "fstatfs"
 	retstr = returnstr(1)
@@ -1452,7 +1557,8 @@ probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?,
 
 # fsync ______________________________________________________
 # long sys_fsync(unsigned int fd)
-probe nd_syscall.fsync = kprobe.function("sys_fsync")
+probe nd_syscall.fsync = kprobe.function("SyS_fsync") ?,
+                         kprobe.function("sys_fsync") ?
 {
 	name = "fsync"
 	// fd = $fd
@@ -1460,14 +1566,16 @@ probe nd_syscall.fsync = kprobe.function("sys_fsync")
 	fd = int_arg(1)
 	argstr = sprint(fd)
 }
-probe nd_syscall.fsync.return = kprobe.function("sys_fsync").return
+probe nd_syscall.fsync.return = kprobe.function("SyS_fsync").return ?,
+                                kprobe.function("sys_fsync").return ?
 {
 	name = "fsync"
 	retstr = returnstr(1)
 }
 # ftruncate __________________________________________________
 # long sys_ftruncate(unsigned int fd, unsigned long length)
-probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate")
+probe nd_syscall.ftruncate = kprobe.function("SyS_ftruncate") ?,
+                             kprobe.function("sys_ftruncate") ?
 {
 	name = "ftruncate"
 	// fd = $fd
@@ -1477,7 +1585,8 @@ probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate")
 	length = ulong_arg(2)
 	argstr = sprintf("%d, %d", fd, length)
 }
-probe nd_syscall.ftruncate.return = kprobe.function("sys_ftruncate").return
+probe nd_syscall.ftruncate.return = kprobe.function("SyS_ftruncate").return ?,
+                                    kprobe.function("sys_ftruncate").return ?
 {
 	name = "ftruncate"
 	retstr = returnstr(1)
@@ -1512,7 +1621,8 @@ probe nd_syscall.ftruncate64.return = kprobe.function("sys_ftruncate64").return
 #		struct compat_timespec __user *utime, u32 __user *uaddr2,
 #		u32 val3)
 #
-probe nd_syscall.futex = kprobe.function("sys_futex") ?
+probe nd_syscall.futex = kprobe.function("SyS_futex") ?,
+                         kprobe.function("sys_futex") ?
 {
 	name = "futex"
 	// futex_uaddr = $uaddr
@@ -1542,7 +1652,8 @@ probe nd_syscall.futex = kprobe.function("sys_futex") ?
 		argstr = sprintf("%p, %s, %d", futex_uaddr,
 			_futex_op_str(op), val)
 }
-probe nd_syscall.futex.return = kprobe.function("sys_futex").return ?
+probe nd_syscall.futex.return = kprobe.function("SyS_futex").return ?,
+                                kprobe.function("sys_futex").return ?
 {
 	name = "futex"
 	retstr = returnstr(1)
@@ -1589,7 +1700,8 @@ probe nd_syscall.compat_futex.return = kprobe.function("compat_sys_futex").retur
 # long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t)
 #
 
-probe nd_syscall.futimesat = kprobe.function("sys_futimesat") ?
+probe nd_syscall.futimesat = kprobe.function("SyS_futimesat") ?,
+                             kprobe.function("sys_futimesat") ?
 {
 	name = "futimesat"
 	// dirfd = $dfd
@@ -1623,7 +1735,8 @@ probe nd_syscall.compat_futimesat = kprobe.function("compat_sys_futimesat") ?
 	argstr = sprintf("%s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)),
 		_struct_compat_timeval_u(pointer_arg(3), 2))
 }
-probe nd_syscall.futimesat.return = kprobe.function("sys_futimesat").return ?
+probe nd_syscall.futimesat.return = kprobe.function("SyS_futimesat").return ?,
+                                    kprobe.function("sys_futimesat").return ?
 {
 	name = "futimesat"
 	retstr = returnstr(1)
@@ -1636,7 +1749,8 @@ probe nd_syscall.compat_futimesat.return = kprobe.function("compat_sys_futimesat
 
 # getcwd _____________________________________________________
 # long sys_getcwd(char __user *buf, unsigned long size)
-probe nd_syscall.getcwd = kprobe.function("sys_getcwd")
+probe nd_syscall.getcwd = kprobe.function("SyS_getcwd") ?,
+                          kprobe.function("sys_getcwd") ?
 {
 	name = "getcwd"
 	// buf_uaddr = $buf
@@ -1646,7 +1760,8 @@ probe nd_syscall.getcwd = kprobe.function("sys_getcwd")
 	size = ulong_arg(2)
 	argstr = sprintf("%p, %d", buf_uaddr, size)
 }
-probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return
+probe nd_syscall.getcwd.return = kprobe.function("SyS_getcwd").return ?,
+                                 kprobe.function("sys_getcwd").return ?
 {
 	name = "getcwd"
 	retstr = returnstr(1)
@@ -1658,7 +1773,9 @@ probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return
 # long sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count)
 # long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count)
 #
-probe nd_syscall.getdents = kprobe.function("sys_getdents") ?,
+probe nd_syscall.getdents = kprobe.function("SyS_getdents") ?,
+                            kprobe.function("sys_getdents") ?,
+                            kprobe.function("SyS_getdents64") ?,
                             kprobe.function("sys_getdents64") ?,
                             kprobe.function("compat_sys_getdents") ?,
                             kprobe.function("compat_sys_getdents64") ?
@@ -1674,7 +1791,9 @@ probe nd_syscall.getdents = kprobe.function("sys_getdents") ?,
 	count = uint_arg(3)
 	argstr = sprintf("%d, %p, %d", fd, dirp_uaddr, count)
 }
-probe nd_syscall.getdents.return = kprobe.function("sys_getdents").return ?,
+probe nd_syscall.getdents.return = kprobe.function("SyS_getdents").return ?,
+                                   kprobe.function("sys_getdents").return ?,
+                                   kprobe.function("SyS_getdents64").return ?,
                                    kprobe.function("sys_getdents64").return ?,
                                    kprobe.function("compat_sys_getdents").return ?,
                                    kprobe.function("compat_sys_getdents64").return ?
@@ -1746,9 +1865,10 @@ probe nd_syscall.getgid.return = kprobe.function("sys_getgid16").return ?,
 # long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist)
 # long sys32_getgroups16(int gidsetsize, u16 __user *grouplist)
 #
-probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?,
-                             kprobe.function("sys_getgroups16") ?,
-                             kprobe.function("sys32_getgroups16") ?
+probe nd_syscall.getgroups = kprobe.function("sys_getgroups16") ?,
+                             kprobe.function("sys32_getgroups16") ?,
+                             kprobe.function("SyS_getgroups") ?,
+                             kprobe.function("sys_getgroups") ?
 {
 	name = "getgroups"
 	// size = $gidsetsize
@@ -1759,9 +1879,10 @@ probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?,
 	list_uaddr = pointer_arg(2)
 	argstr = sprintf("%d, %p", size, list_uaddr)
 }
-probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?,
-                                    kprobe.function("sys_getgroups16").return ?,
-                                    kprobe.function("sys32_getgroups16").return ?
+probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups16").return ?,
+                                    kprobe.function("sys32_getgroups16").return ?,
+                                    kprobe.function("SyS_getgroups").return ?,
+                                    kprobe.function("sys_getgroups").return ?
 {
 	name = "getgroups"
 	retstr = returnstr(1)
@@ -1769,7 +1890,8 @@ probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?,
 
 # gethostname ________________________________________________
 # long sys_gethostname(char __user *name, int len)
-probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ?
+probe nd_syscall.gethostname = kprobe.function("SyS_gethostname") ?,
+                               kprobe.function("sys_gethostname") ?
 {
 	name = "gethostname"
 	// name_uaddr = $name
@@ -1779,7 +1901,8 @@ probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ?
 	len = int_arg(2)
 	argstr = sprintf ("%p, %d", name_uaddr, len)
 }
-probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return ?
+probe nd_syscall.gethostname.return = kprobe.function("SyS_gethostname").return ?,
+                                      kprobe.function("sys_gethostname").return ?
 {
 	name = "gethostname"
 	retstr = returnstr(1)
@@ -1788,7 +1911,8 @@ probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return
 # getitimer __________________________________________________
 # sys_getitimer(int which, struct itimerval __user *value)
 #
-probe nd_syscall.getitimer = kprobe.function("sys_getitimer")
+probe nd_syscall.getitimer = kprobe.function("SyS_getitimer") ?,
+                             kprobe.function("sys_getitimer") ?
 {
 	name = "getitimer"
 	// which = $which
@@ -1799,7 +1923,8 @@ probe nd_syscall.getitimer = kprobe.function("sys_getitimer")
 	value_uaddr = pointer_arg(2)
 	argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr)
 }
-probe nd_syscall.getitimer.return = kprobe.function("sys_getitimer").return
+probe nd_syscall.getitimer.return = kprobe.function("SyS_getitimer").return ?,
+                                    kprobe.function("sys_getitimer").return ?
 {
 	name = "getitimer"
 	retstr = returnstr(1)
@@ -1833,8 +1958,9 @@ probe nd_syscall.compat_getitimer.return = kprobe.function("compat_sys_getitimer
 #		     compat_ulong_t maxnode,
 #		     compat_ulong_t addr, compat_ulong_t flags)
 #
-probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?,
-                                 kprobe.function("compat_sys_get_mempolicy") ?
+probe nd_syscall.get_mempolicy = kprobe.function("compat_sys_get_mempolicy") ?,
+                                 kprobe.function("SyS_get_mempolicy") ?,
+                                 kprobe.function("sys_get_mempolicy") ?
 {
 	name = "get_mempolicy"
 	// policy_uaddr = $policy
@@ -1853,8 +1979,9 @@ probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?,
 	argstr = sprintf("%p, %p, %d, %p, 0x%x", policy_uaddr,
 		nmask_uaddr, maxnode, addr, flags)
 }
-probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").return ?,
-                                        kprobe.function("compat_sys_get_mempolicy").return ?
+probe nd_syscall.get_mempolicy.return = kprobe.function("compat_sys_get_mempolicy").return ?,
+                                        kprobe.function("SyS_get_mempolicy").return ?,
+                                        kprobe.function("sys_get_mempolicy").return ?
 {
 	name = "get_mempolicy"
 	retstr = returnstr(1)
@@ -1863,7 +1990,8 @@ probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").ret
 # getpeername ________________________________________________
 # long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len)
 #
-probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ?
+probe nd_syscall.getpeername = kprobe.function("SyS_getpeername") ?,
+                               kprobe.function("sys_getpeername") ?
 {
 	name = "getpeername"
 	// s = $fd
@@ -1876,7 +2004,8 @@ probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ?
 	namelen_uaddr = pointer_arg(3)
 	argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr)
 }
-probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return ?
+probe nd_syscall.getpeername.return = kprobe.function("SyS_getpeername").return ?,
+                                      kprobe.function("sys_getpeername").return ?
 {
 	name = "getpeername"
 	retstr = returnstr(1)
@@ -1884,7 +2013,8 @@ probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return
 
 # getpgid ____________________________________________________
 # long sys_getpgid(pid_t pid)
-probe nd_syscall.getpgid = kprobe.function("sys_getpgid")
+probe nd_syscall.getpgid = kprobe.function("SyS_getpgid") ?,
+                           kprobe.function("sys_getpgid") ?
 {
 	name = "getpgid"
 	// pid = $pid
@@ -1893,7 +2023,8 @@ probe nd_syscall.getpgid = kprobe.function("sys_getpgid")
 	pid = int_arg(1)
 	argstr = sprintf("%d", pid)
 }
-probe nd_syscall.getpgid.return = kprobe.function("sys_getpgid").return
+probe nd_syscall.getpgid.return = kprobe.function("SyS_getpgid").return ?,
+                                  kprobe.function("sys_getpgid").return ?
 {
 	name = "getpgid"
 	retstr = returnstr(1)
@@ -1940,7 +2071,8 @@ probe nd_syscall.getppid.return = kprobe.function("sys_getppid").return
 
 # getpriority ________________________________________________
 # long sys_getpriority(int which, int who)
-probe nd_syscall.getpriority = kprobe.function("sys_getpriority")
+probe nd_syscall.getpriority = kprobe.function("SyS_getpriority") ?,
+                               kprobe.function("sys_getpriority") ?
 {
 	name = "getpriority"
 	// which = $which
@@ -1950,7 +2082,8 @@ probe nd_syscall.getpriority = kprobe.function("sys_getpriority")
 	who = int_arg(2)
 	argstr = sprintf("%s, %d", _priority_which_str(which), who)
 }
-probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return
+probe nd_syscall.getpriority.return = kprobe.function("SyS_getpriority").return ?,
+                                      kprobe.function("sys_getpriority").return ?
 {
 	name = "getpriority"
 	retstr = returnstr(1)
@@ -1964,7 +2097,8 @@ probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return
 #                 old_uid_t __user *egid,
 #                 old_uid_t __user *sgid)
 probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?,
-                             kprobe.function("sys_getresgid")
+                             kprobe.function("SyS_getresgid") ?,
+                             kprobe.function("sys_getresgid") ?
 {
 	name = "getresgid"
 	// rgid_uaddr = $rgid
@@ -1978,7 +2112,8 @@ probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?,
 	argstr = sprintf("%p, %p, %p", rgid_uaddr, egid_uaddr, sgid_uaddr)
 }
 probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?,
-                                    kprobe.function("sys_getresgid").return
+                                    kprobe.function("SyS_getresgid").return ?,
+                                    kprobe.function("sys_getresgid").return ?
 {
 	name = "getresgid"
 	retstr = returnstr(1)
@@ -1989,7 +2124,8 @@ probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?,
 #		uid_t __user *euid,
 #		uid_t __user *suid)
 probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?,
-                             kprobe.function("sys_getresuid")
+                             kprobe.function("SyS_getresuid") ?,
+                             kprobe.function("sys_getresuid") ?
 {
 	name = "getresuid"
 	// ruid_uaddr = $ruid
@@ -2003,7 +2139,8 @@ probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?,
 	argstr = sprintf("%p, %p, %p", ruid_uaddr, euid_uaddr, suid_uaddr)
 }
 probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?,
-                                    kprobe.function("sys_getresuid").return
+                                    kprobe.function("SyS_getresuid").return ?,
+                                    kprobe.function("sys_getresuid").return ?
 {
 	name = "getresuid"
 	retstr = returnstr(1)
@@ -2013,7 +2150,9 @@ probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?,
 # long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim)
 # long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim)
 # long compat_sys_getrlimit (unsigned int resource, struct compat_rlimit __user *rlim)
-probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"),
+probe nd_syscall.getrlimit = kprobe.function("SyS_getrlimit") ?,
+                             kprobe.function("sys_getrlimit") ?,
+                             kprobe.function("SyS_old_getrlimit") ?,
                              kprobe.function("sys_old_getrlimit") ?,
                              kprobe.function("compat_sys_getrlimit") ?
 {
@@ -2026,7 +2165,9 @@ probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"),
 	rlim_uaddr = pointer_arg(2)
 	argstr = sprintf("%s, %p", _rlimit_resource_str(resource), rlim_uaddr)
 }
-probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return,
+probe nd_syscall.getrlimit.return = kprobe.function("SyS_getrlimit").return ?,
+                                    kprobe.function("sys_getrlimit").return ?,
+                                    kprobe.function("SyS_old_getrlimit").return ?,
                                     kprobe.function("sys_old_getrlimit").return ?,
                                     kprobe.function("compat_sys_getrlimit").return ?
 {
@@ -2036,7 +2177,8 @@ probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return,
 
 # getrusage __________________________________________________
 # long sys_getrusage(int who, struct rusage __user *ru)
-probe nd_syscall.getrusage = kprobe.function("sys_getrusage")
+probe nd_syscall.getrusage = kprobe.function("SyS_getrusage") ?,
+                             kprobe.function("sys_getrusage") ?
 {
 	name = "getrusage"
 	// who = $who
@@ -2056,7 +2198,8 @@ probe nd_syscall.getrusage = kprobe.function("sys_getrusage")
 	usage_uaddr = pointer_arg(2)
 	argstr = sprintf("%s, %p", who_str, usage_uaddr)
 }
-probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return
+probe nd_syscall.getrusage.return = kprobe.function("SyS_getrusage").return ?,
+                                    kprobe.function("sys_getrusage").return ?
 {
 	name = "getrusage"
 	retstr = returnstr(1)
@@ -2064,7 +2207,8 @@ probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return
 
 # getsid _____________________________________________________
 # long sys_getsid(pid_t pid)
-probe nd_syscall.getsid = kprobe.function("sys_getsid")
+probe nd_syscall.getsid = kprobe.function("SyS_getsid") ?,
+                          kprobe.function("sys_getsid") ?
 {
 	name = "getsid"
 	// pid = $pid
@@ -2072,7 +2216,8 @@ probe nd_syscall.getsid = kprobe.function("sys_getsid")
 	pid = int_arg(1)
 	argstr = sprint(pid)
 }
-probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return
+probe nd_syscall.getsid.return = kprobe.function("SyS_getsid").return ?,
+                                 kprobe.function("sys_getsid").return ?
 {
 	name = "getsid"
 	retstr = returnstr(1)
@@ -2082,7 +2227,8 @@ probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return
 # long sys_getsockname(int fd,
 #		struct sockaddr __user *usockaddr,
 #		int __user *usockaddr_len)
-probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ?
+probe nd_syscall.getsockname = kprobe.function("SyS_getsockname") ?,
+                               kprobe.function("sys_getsockname") ?
 {
 	name = "getsockname"
 	// s = $fd
@@ -2095,7 +2241,8 @@ probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ?
 	namelen_uaddr = pointer_arg(3)
 	argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr)
 }
-probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return ?
+probe nd_syscall.getsockname.return = kprobe.function("SyS_getsockname").return ?,
+                                      kprobe.function("sys_getsockname").return ?
 {
 	name = "getsockname"
 	retstr = returnstr(1)
@@ -2108,8 +2255,9 @@ probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return
 #                char __user *optval,
 #                int __user *optlen)
 #
-probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?,
-                              kprobe.function("compat_sys_getsockopt") ?
+probe nd_syscall.getsockopt = kprobe.function("compat_sys_getsockopt") ?,
+                              kprobe.function("SyS_getsockopt") ?,
+                              kprobe.function("sys_getsockopt") ?
 {
 	name = "getsockopt"
 	// fd = $fd
@@ -2132,8 +2280,9 @@ probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?,
 	argstr = sprintf("%d, %s, %s, %p, %p", fd,  _sockopt_level_str(level),
 		_sockopt_optname_str(optname), optval_uaddr, optlen_uaddr)
 }
-probe nd_syscall.getsockopt.return = kprobe.function("sys_getsockopt").return ?,
-                                     kprobe.function("compat_sys_getsockopt").return ?
+probe nd_syscall.getsockopt.return = kprobe.function("compat_sys_getsockopt").return ?,
+                                     kprobe.function("SyS_getsockopt").return ?,
+                                     kprobe.function("sys_getsockopt").return ?
 {
 	name = "getsockopt"
 	retstr = returnstr(1)
@@ -2159,9 +2308,10 @@ probe nd_syscall.gettid.return = kprobe.function("sys_gettid").return
 #	struct timezone __user *tz)
 # long compat_sys_gettimeofday(struct compat_timeval __user *tv,
 #	struct timezone __user *tz)
-probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"),
+probe nd_syscall.gettimeofday = kprobe.function("compat_sys_gettimeofday") ?,
                                 kprobe.function("sys32_gettimeofday") ?,
-                                kprobe.function("compat_sys_gettimeofday") ?
+                                kprobe.function("SyS_gettimeofday") ?,
+                                kprobe.function("sys_gettimeofday") ?
 {
 	name = "gettimeofday"
 	// tv_uaddr = $tv
@@ -2173,9 +2323,10 @@ probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"),
 	argstr = sprintf("%p, %p", tv_uaddr, tz_uaddr)
 }
 
-probe nd_syscall.gettimeofday.return = kprobe.function("sys_gettimeofday").return,
+probe nd_syscall.gettimeofday.return = kprobe.function("compat_sys_gettimeofday").return ?,
                                        kprobe.function("sys32_gettimeofday").return ?,
-                                       kprobe.function("compat_sys_gettimeofday").return ?
+                                       kprobe.function("SyS_gettimeofday").return ?,
+                                       kprobe.function("sys_gettimeofday").return ?
 {
 	name = "gettimeofday"
 	retstr = returnstr(1)
@@ -2204,7 +2355,8 @@ probe nd_syscall.getuid.return = kprobe.function("sys_getuid16").return ?,
 # getxattr ___________________________________________________
 # ssize_t sys_getxattr(char __user *path, char __user *name,
 #		void __user *value, size_t size)
-probe nd_syscall.getxattr = kprobe.function("sys_getxattr")
+probe nd_syscall.getxattr = kprobe.function("SyS_getxattr") ?,
+                            kprobe.function("sys_getxattr") ?
 {
 	name = "getxattr"
 	// %( kernel_v >= "2.6.27" %?
@@ -2234,7 +2386,8 @@ probe nd_syscall.getxattr = kprobe.function("sys_getxattr")
 		user_string_quoted(pointer_arg(2)),
 		value_uaddr, size)
 }
-probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return
+probe nd_syscall.getxattr.return = kprobe.function("SyS_getxattr").return ?,
+                                   kprobe.function("sys_getxattr").return ?
 {
 	name = "getxattr"
 	retstr = returnstr(1)
@@ -2245,7 +2398,8 @@ probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return
 #		unsigned long len,
 #		const char __user *uargs)
 #
-probe nd_syscall.init_module = kprobe.function("sys_init_module") ?
+probe nd_syscall.init_module = kprobe.function("SyS_init_module") ?,
+                               kprobe.function("sys_init_module") ?
 {
 	name = "init_module"
 	// umod_uaddr = $umod
@@ -2258,7 +2412,8 @@ probe nd_syscall.init_module = kprobe.function("sys_init_module") ?
 	uargs = user_string(pointer_arg(3))
 	argstr = sprintf("%p, %d, %s", umod_uaddr, len, user_string_quoted(pointer_arg(4)))
 }
-probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return ?
+probe nd_syscall.init_module.return = kprobe.function("SyS_init_module").return ?,
+                                      kprobe.function("sys_init_module").return ?
 {
 	name = "init_module"
 	retstr = returnstr(1)
@@ -2268,7 +2423,8 @@ probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return
 #
 # long sys_inotify_add_watch(int fd, const char __user *path, u32 mask)
 #
-probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ?
+probe nd_syscall.inotify_add_watch = kprobe.function("SyS_inotify_add_watch") ?,
+                                     kprobe.function("sys_inotify_add_watch") ?
 {
 	name = "inotify_add_watch"
 	// 	fd = $fd
@@ -2289,7 +2445,8 @@ probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ?
 	mask = uint_arg(3)
 	argstr = sprintf("%d, %s, %d", fd, user_string_quoted(path_uaddr), mask)
 }
-probe nd_syscall.inotify_add_watch.return = kprobe.function("sys_inotify_add_watch").return ?
+probe nd_syscall.inotify_add_watch.return = kprobe.function("SyS_inotify_add_watch").return ?,
+                                            kprobe.function("sys_inotify_add_watch").return ?
 {
 	name = "inotify_add_watch"
 	retstr = returnstr(1)
@@ -2314,7 +2471,8 @@ probe nd_syscall.inotify_init.return = kprobe.function("sys_inotify_init").retur
 #
 # long sys_inotify_rm_watch(int fd, u32 wd)
 #
-probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ?
+probe nd_syscall.inotify_rm_watch = kprobe.function("SyS_inotify_rm_watch") ?,
+                                    kprobe.function("sys_inotify_rm_watch") ?
 {
 	name = "inotify_rm_watch"
 	// fd = $fd
@@ -2325,7 +2483,8 @@ probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ?
 	wd = uint_arg(2)
 	argstr = sprintf("%d, %d", fd, wd)
 }
-probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch").return ?
+probe nd_syscall.inotify_rm_watch.return = kprobe.function("SyS_inotify_rm_watch").return ?,
+                                           kprobe.function("sys_inotify_rm_watch").return ?
 {
 	name = "inotify_rm_watch"
 	retstr = returnstr(1)
@@ -2335,7 +2494,8 @@ probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch
 # long sys_io_cancel(aio_context_t ctx_id,
 #		struct iocb __user *iocb,
 #		struct io_event __user *result)
-probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel")
+probe nd_syscall.io_cancel = kprobe.function("SyS_io_cancel") ?,
+                             kprobe.function("sys_io_cancel") ?
 {
 	name = "io_cancel"
 	// ctx_id = $ctx_id
@@ -2347,7 +2507,8 @@ probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel")
 	result_uaddr = pointer_arg(3)
 	argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr)	
 }
-probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return
+probe nd_syscall.io_cancel.return = kprobe.function("SyS_io_cancel").return ?,
+                                    kprobe.function("sys_io_cancel").return ?
 {
 	name = "io_cancel"
 	retstr = returnstr(1)
@@ -2357,8 +2518,9 @@ probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return
 # long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
 # long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
 #
-probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?,
-                         kprobe.function("compat_sys_ioctl") ?
+probe nd_syscall.ioctl = kprobe.function("compat_sys_ioctl") ?,
+                         kprobe.function("SyS_ioctl") ?,
+                         kprobe.function("sys_ioctl") ?
 {
 	name = "ioctl"
 	// fd = $fd
@@ -2371,8 +2533,9 @@ probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?,
 	argp = ulong_arg(3)
 	argstr = sprintf("%d, %d, %p", fd, request, argp)
 }
-probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?,
-                                kprobe.function("compat_sys_ioctl").return ?
+probe nd_syscall.ioctl.return = kprobe.function("compat_sys_ioctl").return ?,
+                                kprobe.function("SyS_ioctl").return ?,
+                                kprobe.function("sys_ioctl").return ?
 {
 	name = "ioctl"
 	retstr = returnstr(1)
@@ -2380,7 +2543,8 @@ probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?,
 
 # io_destroy _________________________________________________
 # long sys_io_destroy(aio_context_t ctx)
-probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy")
+probe nd_syscall.io_destroy = kprobe.function("SyS_io_destroy") ?,
+                              kprobe.function("sys_io_destroy") ?
 {
 	name = "io_destroy"
 	// ctx = $ctx
@@ -2388,7 +2552,8 @@ probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy")
 	ctx = ulong_arg(1)
 	argstr = sprintf("%d", ctx)
 }
-probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return
+probe nd_syscall.io_destroy.return = kprobe.function("SyS_io_destroy").return ?,
+                                     kprobe.function("sys_io_destroy").return ?
 {
 	name = "io_destroy"
 	retstr = returnstr(1)
@@ -2406,8 +2571,9 @@ probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return
 #		 struct io_event __user *events,
 #		 struct compat_timespec __user *timeout)
 #
-probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?,
-                                kprobe.function("compat_sys_io_getevents") ?
+probe nd_syscall.io_getevents = kprobe.function("compat_sys_io_getevents") ?,
+                                kprobe.function("SyS_io_getevents") ?,
+                                kprobe.function("sys_io_getevents") ?
 {
 	name = "io_getevents"
 	// ctx_id = $ctx_id
@@ -2428,8 +2594,9 @@ probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?,
 	argstr = sprintf("%d, %d, %d, %p, %p, %s", ctx_id, min_nr,
 		nr, events_uaddr, timeout_uaddr, timestr)
 }
-probe nd_syscall.io_getevents.return = kprobe.function("sys_io_getevents").return ?,
-                                       kprobe.function("compat_sys_io_getevents").return ?
+probe nd_syscall.io_getevents.return = kprobe.function("compat_sys_io_getevents").return ?,
+                                       kprobe.function("SyS_io_getevents").return ?,
+                                       kprobe.function("sys_io_getevents").return ?
 {
 	name = "io_getevents"
 	retstr = returnstr(1)
@@ -2460,7 +2627,8 @@ probe nd_syscall.ioperm.return = kprobe.function("sys_ioperm").return ?
 # io_setup ___________________________________________________
 # long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp)
 #
-probe nd_syscall.io_setup = kprobe.function("sys_io_setup")
+probe nd_syscall.io_setup = kprobe.function("SyS_io_setup") ?,
+                            kprobe.function("sys_io_setup") ?
 {
 	name = "io_setup"
 	// maxevents = $nr_events
@@ -2472,7 +2640,8 @@ probe nd_syscall.io_setup = kprobe.function("sys_io_setup")
 	argstr = sprintf("%d, %p", maxevents, ctxp_uaddr)
 }
 
-probe nd_syscall.io_setup.return = kprobe.function("sys_io_setup").return
+probe nd_syscall.io_setup.return = kprobe.function("SyS_io_setup").return ?,
+                                   kprobe.function("sys_io_setup").return ?
 {
 	name = "io_setup"
 	retstr = returnstr(1)
@@ -2500,7 +2669,8 @@ probe nd_syscall.compat_io_setup.return = kprobe.function("compat_sys_io_setup")
 # io_submit __________________________________________________
 # long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp)
 #
-probe nd_syscall.io_submit = kprobe.function("sys_io_submit")
+probe nd_syscall.io_submit = kprobe.function("SyS_io_submit") ?,
+                             kprobe.function("sys_io_submit") ?
 {
 	name = "io_submit"
 	// ctx_id = $ctx_id
@@ -2513,7 +2683,8 @@ probe nd_syscall.io_submit = kprobe.function("sys_io_submit")
 	iocbpp_uaddr = pointer_arg(3)
 	argstr = sprintf("%d, %d, %p", ctx_id, nr, iocbpp_uaddr)
 }
-probe nd_syscall.io_submit.return = kprobe.function("sys_io_submit").return
+probe nd_syscall.io_submit.return = kprobe.function("SyS_io_submit").return ?,
+                                    kprobe.function("sys_io_submit").return ?
 {
 	name = "io_submit"
 	retstr = returnstr(1)
@@ -2542,7 +2713,8 @@ probe nd_syscall.compat_io_submit.return = kprobe.function("compat_sys_io_submit
 # ioprio_get _________________________________________________
 # long sys_ioprio_get(int which, int who)
 #
-probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ?
+probe nd_syscall.ioprio_get = kprobe.function("SyS_ioprio_get") ?,
+                              kprobe.function("sys_ioprio_get") ?
 {
 	name = "ioprio_get"
 	// which = $which
@@ -2553,7 +2725,8 @@ probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ?
 	who = int_arg(2)
 	argstr = sprintf("%d, %d", which, who)
 }
-probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ?
+probe nd_syscall.ioprio_get.return = kprobe.function("SyS_ioprio_get").return ?,
+                                     kprobe.function("sys_ioprio_get").return ?
 {
 	name = "ioprio_get"
 	retstr = returnstr(1)
@@ -2562,7 +2735,8 @@ probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ?
 # ioprio_set _________________________________________________
 # long sys_ioprio_set(int which, int who, int ioprio)
 #
-probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ?
+probe nd_syscall.ioprio_set = kprobe.function("SyS_ioprio_set") ?,
+                              kprobe.function("sys_ioprio_set") ?
 {
 	name = "ioprio_set"
 	// which = $which
@@ -2575,7 +2749,8 @@ probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ?
 	ioprio = int_arg(3)
 	argstr = sprintf("%d, %d, %d", which, who, ioprio)
 }
-probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ?
+probe nd_syscall.ioprio_set.return = kprobe.function("SyS_ioprio_set").return ?,
+                                     kprobe.function("sys_ioprio_set").return ?
 {
 	name = "ioprio_set"
 	retstr = returnstr(1)
@@ -2591,8 +2766,9 @@ probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ?
 #		struct compat_kexec_segment __user *segments,
 #		unsigned long flags)
 #
-probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?,
-                              kprobe.function("compat_sys_kexec_load") ?
+probe nd_syscall.kexec_load = kprobe.function("compat_sys_kexec_load") ?,
+                              kprobe.function("SyS_kexec_load") ?,
+                              kprobe.function("sys_kexec_load") ?
 {
 	name = "kexec_load"
 	// entry = $entry
@@ -2607,8 +2783,9 @@ probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?,
 	flags = ulong_arg(4)
 	argstr = sprintf("%p, %d, %p, %d", entry, nr_segments, segments_uaddr, flags)
 }
-probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?,
-                                     kprobe.function("compat_sys_kexec_load").return ?
+probe nd_syscall.kexec_load.return = kprobe.function("compat_sys_kexec_load").return ?,
+                                     kprobe.function("SyS_kexec_load").return ?,
+                                     kprobe.function("sys_kexec_load").return ?
 {
 	name = "kexec_load"
 	retstr = returnstr(1)	
@@ -2622,8 +2799,9 @@ probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?,
 #            unsigned long arg5)
 # long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5)
 #
-probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?,
-                          kprobe.function("compat_sys_keyctl") ?
+probe nd_syscall.keyctl = kprobe.function("compat_sys_keyctl") ?,
+                          kprobe.function("SyS_keyctl") ?,
+                          kprobe.function("sys_keyctl") ?
 {
 	name = "keyctl"
 	// argstr = sprintf("%d, ...", $option)
@@ -2631,8 +2809,9 @@ probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?,
 	argstr = sprintf("%d, ...", uint_arg(1))
 
 }
-probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?,
-                                 kprobe.function("compat_sys_keyctl").return ?
+probe nd_syscall.keyctl.return = kprobe.function("compat_sys_keyctl").return ?,
+                                 kprobe.function("SyS_keyctl").return ?,
+                                 kprobe.function("sys_keyctl").return ?
 {
 	name = "keyctl"
 	retstr = returnstr(1)
@@ -2640,7 +2819,8 @@ probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?,
 
 # kill _______________________________________________________
 # long sys_kill(int pid, int sig)
-probe nd_syscall.kill = kprobe.function("sys_kill")
+probe nd_syscall.kill = kprobe.function("SyS_kill") ?,
+                        kprobe.function("sys_kill") ?
 {
 	name = "kill"
 	// pid = $pid
@@ -2651,7 +2831,8 @@ probe nd_syscall.kill = kprobe.function("sys_kill")
 	sig = int_arg(2)
 	argstr = sprintf("%d, %s", pid, _signal_name(sig))
 }
-probe nd_syscall.kill.return = kprobe.function("sys_kill").return
+probe nd_syscall.kill.return = kprobe.function("SyS_kill").return ?,
+                               kprobe.function("sys_kill").return ?
 {
 	name = "kill"
 	retstr = returnstr(1)
@@ -2660,7 +2841,8 @@ probe nd_syscall.kill.return = kprobe.function("sys_kill").return
 # lchown _____________________________________________________
 # long sys_lchown(const char __user * filename, uid_t user, gid_t group)
 #
-probe nd_syscall.lchown = kprobe.function("sys_lchown")
+probe nd_syscall.lchown = kprobe.function("SyS_lchown") ?,
+                          kprobe.function("sys_lchown") ?
 {
 	name = "lchown"
 	// path = user_string($filename)
@@ -2673,7 +2855,8 @@ probe nd_syscall.lchown = kprobe.function("sys_lchown")
 	group = __int32(uint_arg(3))
 	argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group)
 }	
-probe nd_syscall.lchown.return = kprobe.function("sys_lchown").return
+probe nd_syscall.lchown.return = kprobe.function("SyS_lchown").return ?,
+                                 kprobe.function("sys_lchown").return ?
 {
 	name = "lchown"
 	retstr = returnstr(1)
@@ -2707,7 +2890,8 @@ probe nd_syscall.lchown16.return = kprobe.function("sys_lchown16").return ?
 #               void __user *value,
 #               size_t size)
 #
-probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr")
+probe nd_syscall.lgetxattr = kprobe.function("SyS_lgetxattr") ?,
+                             kprobe.function("sys_lgetxattr") ?
 {
 	name = "lgetxattr"
 	// %( kernel_v >= "2.6.27" %?
@@ -2738,7 +2922,8 @@ probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr")
 		user_string_quoted(pointer_arg(2)),
 		value_uaddr, size)
 }
-probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return
+probe nd_syscall.lgetxattr.return = kprobe.function("SyS_lgetxattr").return ?,
+                                    kprobe.function("sys_lgetxattr").return ?
 {
 	name = "lgetxattr"
 	retstr = returnstr(1)
@@ -2746,7 +2931,8 @@ probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return
 # link _______________________________________________________
 # long sys_link(const char __user * oldname,
 #          const char __user * newname)
-probe nd_syscall.link = kprobe.function("sys_link")
+probe nd_syscall.link = kprobe.function("SyS_link") ?,
+                        kprobe.function("sys_link") ?
 {
 	name = "link"
 	// oldpath = user_string($oldname)
@@ -2761,7 +2947,8 @@ probe nd_syscall.link = kprobe.function("sys_link")
 		user_string_quoted(pointer_arg(1)),
 		user_string_quoted(pointer_arg(2)))
 }
-probe nd_syscall.link.return = kprobe.function("sys_link").return
+probe nd_syscall.link.return = kprobe.function("SyS_link").return ?,
+                               kprobe.function("sys_link").return ?
 {
 	name = "link"
 	retstr = returnstr(1)	
@@ -2771,7 +2958,8 @@ probe nd_syscall.link.return = kprobe.function("sys_link").return
 # new function with 2.6.16
 # long sys_linkat(int olddfd, const char __user *oldname,
 #	int newdfd, const char __user *newname, int flags)
-probe nd_syscall.linkat = kprobe.function("sys_linkat") ?
+probe nd_syscall.linkat = kprobe.function("SyS_linkat") ?,
+                          kprobe.function("sys_linkat") ?
 {
 	name = "linkat"
 	// olddirfd = $olddfd
@@ -2800,7 +2988,8 @@ probe nd_syscall.linkat = kprobe.function("sys_linkat") ?
 		newdirfd_str, user_string_quoted(pointer_arg(4)),
 		flags_str)
 }
-probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ?
+probe nd_syscall.linkat.return = kprobe.function("SyS_linkat").return ?,
+                                 kprobe.function("sys_linkat").return ?
 {
 	name = "linkat"
 	retstr = returnstr(1)
@@ -2808,7 +2997,8 @@ probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ?
 
 # listen _____________________________________________________
 # long sys_listen(int fd, int backlog)
-probe nd_syscall.listen = kprobe.function("sys_listen") ?
+probe nd_syscall.listen = kprobe.function("SyS_listen") ?,
+                          kprobe.function("sys_listen") ?
 {
 	name = "listen"
 	// sockfd = $fd
@@ -2819,7 +3009,8 @@ probe nd_syscall.listen = kprobe.function("sys_listen") ?
 	backlog = int_arg(2)
 	argstr = sprintf("%d, %d", sockfd, backlog)
 }	
-probe nd_syscall.listen.return = kprobe.function("sys_listen").return ?
+probe nd_syscall.listen.return = kprobe.function("SyS_listen").return ?,
+                                 kprobe.function("sys_listen").return ?
 {
 	name = "listen"
 	retstr = returnstr(1)
@@ -2828,7 +3019,8 @@ probe nd_syscall.listen.return = kprobe.function("sys_listen").return ?
 # listxattr __________________________________________________
 # ssize_t sys_listxattr(char __user *path, char __user *list, size_t size)
 #
-probe nd_syscall.listxattr = kprobe.function("sys_listxattr")
+probe nd_syscall.listxattr = kprobe.function("SyS_listxattr") ?,
+                             kprobe.function("sys_listxattr") ?
 {
 	name = "listxattr"
 	// 	list_uaddr = $list
@@ -2849,7 +3041,8 @@ probe nd_syscall.listxattr = kprobe.function("sys_listxattr")
 	size = ulong_arg(3)
 	argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size)
 }
-probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return
+probe nd_syscall.listxattr.return = kprobe.function("SyS_listxattr").return ?,
+                                    kprobe.function("sys_listxattr").return ?
 {
 	name = "listxattr"
 	retstr = returnstr(1)
@@ -2858,7 +3051,8 @@ probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return
 # llistxattr _________________________________________________
 # ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size)
 #
-probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr")
+probe nd_syscall.llistxattr = kprobe.function("SyS_llistxattr") ?,
+                              kprobe.function("sys_llistxattr") ?
 {
 	name = "llistxattr"
 	// 	list_uaddr = $list
@@ -2879,7 +3073,8 @@ probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr")
 	size = ulong_arg(3)
 	argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size)
 }
-probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return
+probe nd_syscall.llistxattr.return = kprobe.function("SyS_llistxattr").return ?,
+                                     kprobe.function("sys_llistxattr").return ?
 {
 	name = "llistxattr"
 	retstr = returnstr(1)
@@ -2891,7 +3086,8 @@ probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return
 #            unsigned long offset_low,
 #            loff_t __user * result,
 #            unsigned int origin)
-probe nd_syscall.llseek = kprobe.function("sys_llseek") ?
+probe nd_syscall.llseek = kprobe.function("SyS_llseek") ?,
+                          kprobe.function("sys_llseek") ?
 {
 	name = "llseek"
 	// fd = $fd
@@ -2912,7 +3108,8 @@ probe nd_syscall.llseek = kprobe.function("sys_llseek") ?
 	argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", fd, offset_high,
 		offset_low, result_uaddr, whence_str)
 }
-probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ?
+probe nd_syscall.llseek.return = kprobe.function("SyS_llseek").return ?,
+                                 kprobe.function("sys_llseek").return ?
 {
 	name = "llseek"
 	retstr = returnstr(1)
@@ -2921,7 +3118,8 @@ probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ?
 # lookup_dcookie _____________________________________________
 # long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len)
 #
-probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ?
+probe nd_syscall.lookup_dcookie = kprobe.function("SyS_lookup_dcookie") ?,
+                                  kprobe.function("sys_lookup_dcookie") ?
 {
 	name = "lookup_dcookie"
 	// cookie = $cookie64
@@ -2934,7 +3132,8 @@ probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ?
 	len = ulong_arg(3)
 	argstr = sprintf("%d, %p, %d", cookie, buffer_uaddr, len)
 }
-probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").return ?
+probe nd_syscall.lookup_dcookie.return = kprobe.function("SyS_lookup_dcookie").return ?,
+                                         kprobe.function("sys_lookup_dcookie").return ?
 {
 	name = "lookup_dcookie"
 	retstr = returnstr(1)
@@ -2943,7 +3142,8 @@ probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").r
 # lremovexattr _______________________________________________
 # long sys_lremovexattr(char __user *path, char __user *name)
 #
-probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr")
+probe nd_syscall.lremovexattr = kprobe.function("SyS_lremovexattr") ?,
+                                kprobe.function("sys_lremovexattr") ?
 {
 	name = "lremovexattr"
 	// 	name_uaddr = $name
@@ -2964,7 +3164,8 @@ probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr")
 	name2 = user_string(name_uaddr)
 	argstr = sprintf("%s, %s", user_string_quoted(path_uaddr), user_string_quoted(name_uaddr))
 }
-probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").return
+probe nd_syscall.lremovexattr.return = kprobe.function("SyS_lremovexattr").return ?,
+                                       kprobe.function("sys_lremovexattr").return ?
 {
 	name = "lremovexattr"
 	retstr = returnstr(1)
@@ -2972,7 +3173,8 @@ probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").retur
 
 # lseek ______________________________________________________
 # off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin)
-probe nd_syscall.lseek = kprobe.function("sys_lseek")
+probe nd_syscall.lseek = kprobe.function("SyS_lseek") ?,
+                         kprobe.function("sys_lseek") ?
 {
 	name = "lseek"
 	// fildes = $fd
@@ -2988,7 +3190,8 @@ probe nd_syscall.lseek = kprobe.function("sys_lseek")
 	whence_str = _seek_whence_str(whence)
 	argstr = sprintf("%d, %d, %s", fildes, offset, whence_str)
 }
-probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return
+probe nd_syscall.lseek.return = kprobe.function("SyS_lseek").return ?,
+                                kprobe.function("sys_lseek").return ?
 {
 	name = "lseek"
 	retstr = returnstr(1)
@@ -3001,7 +3204,8 @@ probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return
 #               size_t size,
 #               int flags)
 #
-probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr")
+probe nd_syscall.lsetxattr = kprobe.function("SyS_lsetxattr") ?,
+                             kprobe.function("sys_lsetxattr") ?
 {
 	name = "lsetxattr"
 	// %( kernel_v >= "2.6.27" %?
@@ -3037,7 +3241,8 @@ probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr")
 		user_string_quoted(name_uaddr),
 		value_uaddr, size, flags)
 }
-probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return
+probe nd_syscall.lsetxattr.return = kprobe.function("SyS_lsetxattr").return ?,
+                                    kprobe.function("sys_lsetxattr").return ?
 {
 	name = "lsetxattr"
 	retstr = returnstr(1)
@@ -3053,9 +3258,11 @@ probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return
 #			struct oldabi_stat64 __user * statbuf)
 #
 probe nd_syscall.lstat = kprobe.function("sys_lstat") ?,
+                         kprobe.function("SyS_newlstat") ?,
                          kprobe.function("sys_newlstat") ?,
                          kprobe.function("compat_sys_newlstat") ?,
                          kprobe.function("sys32_lstat64") ?,
+                         kprobe.function("SyS_lstat64") ?,
                          kprobe.function("sys_lstat64") ?,
                          kprobe.function("sys_oabi_lstat64") ?
 {
@@ -3069,9 +3276,11 @@ probe nd_syscall.lstat = kprobe.function("sys_lstat") ?,
 	argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr)
 }
 probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?,
+                                kprobe.function("SyS_newlstat").return ?,
                                 kprobe.function("sys_newlstat").return ?,
                                 kprobe.function("compat_sys_newlstat").return ?,
                                 kprobe.function("sys32_lstat64").return ?,
+                                kprobe.function("SyS_lstat64").return ?,
                                 kprobe.function("sys_lstat64").return ?,
                                 kprobe.function("sys_oabi_lstat64").return ?
 {
@@ -3082,7 +3291,8 @@ probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?,
 # madvise ____________________________________________________
 # long sys_madvise(unsigned long start, size_t len_in, int behavior)
 #
-probe nd_syscall.madvise = kprobe.function("sys_madvise") ?
+probe nd_syscall.madvise = kprobe.function("SyS_madvise") ?,
+                           kprobe.function("sys_madvise") ?
 {
 	name = "madvise"
 	// start = $start
@@ -3097,7 +3307,8 @@ probe nd_syscall.madvise = kprobe.function("sys_madvise") ?
 	advice_str = _madvice_advice_str(advice)
 	argstr = sprintf("%p, %d, %s", start, length, _madvice_advice_str(advice))
 }
-probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ?
+probe nd_syscall.madvise.return = kprobe.function("SyS_madvise").return ?,
+                                  kprobe.function("sys_madvise").return ?
 {
 	name = "madvise"
 	retstr = returnstr(1)
@@ -3118,8 +3329,9 @@ probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ?
 #	compat_ulong_t maxnode,
 #	compat_ulong_t flags)
 #
-probe nd_syscall.mbind = kprobe.function("sys_mbind") ?,
-                         kprobe.function("compat_sys_mbind") ?
+probe nd_syscall.mbind = kprobe.function("compat_sys_mbind") ?,
+                         kprobe.function("SyS_mbind") ?,
+                         kprobe.function("sys_mbind") ?
 {
 	name = "mbind"
 	// start = $start
@@ -3140,8 +3352,9 @@ probe nd_syscall.mbind = kprobe.function("sys_mbind") ?,
 	argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", start, len, mode,
 		nmask_uaddr, maxnode, flags)
 }
-probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?,
-                                kprobe.function("compat_sys_mbind").return ?
+probe nd_syscall.mbind.return = kprobe.function("compat_sys_mbind").return ?,
+                                kprobe.function("SyS_mbind").return ?,
+                                kprobe.function("sys_mbind").return ?
 {
 	name = "mbind"
 	retstr = returnstr(1)
@@ -3151,14 +3364,16 @@ probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?,
 # long sys_migrate_pages(pid_t pid, unsigned long maxnode,
 #		const unsigned long __user *old_nodes,
 #		const unsigned long __user *new_nodes)
-probe nd_syscall.migrate_pages = kprobe.function("sys_migrate_pages") ?
+probe nd_syscall.migrate_pages = kprobe.function("SyS_migrate_pages") ?,
+                                 kprobe.function("sys_migrate_pages") ?
 {
 	name = "migrate_pages"
 	// argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes)
 	asmlinkage()
 	argstr = sprintf("%d, %d, %p, %p", int_arg(1), ulong_arg(2), pointer_arg(3), pointer_arg(4))
 }
-probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").return ?
+probe nd_syscall.migrate_pages.return = kprobe.function("SyS_migrate_pages").return ?,
+                                        kprobe.function("sys_migrate_pages").return ?
 {
 	name = "migrate_pages"
 	retstr = returnstr(1)
@@ -3167,7 +3382,8 @@ probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").ret
 # mincore ____________________________________________________
 # long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec)
 #
-probe nd_syscall.mincore = kprobe.function("sys_mincore") ?
+probe nd_syscall.mincore = kprobe.function("SyS_mincore") ?,
+                           kprobe.function("sys_mincore") ?
 {
 	name = "mincore"
 	// start = $start
@@ -3180,7 +3396,8 @@ probe nd_syscall.mincore = kprobe.function("sys_mincore") ?
 	vec_uaddr = pointer_arg(3)
 	argstr = sprintf("%p, %d, %p", start, length, vec_uaddr)
 }
-probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ?
+probe nd_syscall.mincore.return = kprobe.function("SyS_mincore").return ?,
+                                  kprobe.function("sys_mincore").return ?
 {
 	name = "mincore"
 	retstr = returnstr(1)	
@@ -3188,7 +3405,8 @@ probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ?
 
 # mkdir ______________________________________________________
 # long sys_mkdir(const char __user * pathname, int mode)
-probe nd_syscall.mkdir = kprobe.function("sys_mkdir")
+probe nd_syscall.mkdir = kprobe.function("SyS_mkdir") ?,
+                         kprobe.function("sys_mkdir") ?
 {
 	name = "mkdir"
 	// pathname_uaddr = $pathname
@@ -3201,7 +3419,8 @@ probe nd_syscall.mkdir = kprobe.function("sys_mkdir")
 	mode = int_arg(2)
 	argstr = sprintf("%s, %#o", user_string_quoted(pathname_uaddr), mode)
 }
-probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return
+probe nd_syscall.mkdir.return = kprobe.function("SyS_mkdir").return ?,
+                                kprobe.function("sys_mkdir").return ?
 {
 	name = "mkdir"
 	retstr = returnstr(1)	
@@ -3210,7 +3429,8 @@ probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return
 # mkdirat ____________________________________________________
 # new function with 2.6.16
 # long sys_mkdirat(int dfd, const char __user *pathname, int mode)
-probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ?
+probe nd_syscall.mkdirat = kprobe.function("SyS_mkdirat") ?,
+                           kprobe.function("sys_mkdirat") ?
 {
 	name = "mkdirat"
 	// dirfd = $dfd
@@ -3223,7 +3443,8 @@ probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ?
 	mode = int_arg(3)
 	argstr = sprintf("%d, %s, %#o", dirfd, user_string_quoted(pointer_arg(2)), mode)
 }
-probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ?
+probe nd_syscall.mkdirat.return = kprobe.function("SyS_mkdirat").return ?,
+                                  kprobe.function("sys_mkdirat").return ?
 {
 	name = "mkdirat"
 	retstr = returnstr(1)
@@ -3231,7 +3452,8 @@ probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ?
 
 # mknod
 # long sys_mknod(const char __user * filename, int mode, unsigned dev)
-probe nd_syscall.mknod = kprobe.function("sys_mknod")
+probe nd_syscall.mknod = kprobe.function("SyS_mknod") ?,
+                         kprobe.function("sys_mknod") ?
 {
 	name = "mknod"
 	// pathname = user_string($filename)
@@ -3245,7 +3467,8 @@ probe nd_syscall.mknod = kprobe.function("sys_mknod")
 	argstr = sprintf("%s, %s, %p", user_string_quoted(pointer_arg(1)), _mknod_mode_str(mode), dev)
 }
 
-probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return
+probe nd_syscall.mknod.return = kprobe.function("SyS_mknod").return ?,
+                                kprobe.function("sys_mknod").return ?
 {
 	name = "mknod"
 	retstr = returnstr(1)
@@ -3255,7 +3478,8 @@ probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return
 # new function with 2.6.16
 # long sys_mknodat(int dfd, const char __user *filename,
 #	int mode, unsigned dev)
-probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ?
+probe nd_syscall.mknodat = kprobe.function("SyS_mknodat") ?,
+                           kprobe.function("sys_mknodat") ?
 {
 	name = "mknodat"
 	// dirfd = $dfd
@@ -3276,7 +3500,8 @@ probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ?
 	argstr = sprintf("%s, %s, %s, %p",
 		dirfd_str, user_string_quoted(pointer_arg(2)), mode_str, dev)
 }
-probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ?
+probe nd_syscall.mknodat.return = kprobe.function("SyS_mknodat").return ?,
+                                  kprobe.function("sys_mknodat").return ?
 {
 	name = "mknodat"
 	retstr = returnstr(1)
@@ -3286,7 +3511,8 @@ probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ?
 #
 # long sys_mlock(unsigned long start, size_t len)
 #
-probe nd_syscall.mlock = kprobe.function("sys_mlock") ?
+probe nd_syscall.mlock = kprobe.function("SyS_mlock") ?,
+                         kprobe.function("sys_mlock") ?
 {
 	name = "mlock"
 	// addr = $start
@@ -3297,7 +3523,8 @@ probe nd_syscall.mlock = kprobe.function("sys_mlock") ?
 	len = ulong_arg(2)
 	argstr = sprintf("%p, %d", addr, len)
 }
-probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ?
+probe nd_syscall.mlock.return = kprobe.function("SyS_mlock").return ?,
+                                kprobe.function("sys_mlock").return ?
 {
 	name = "mlock"
 	retstr = returnstr(1)
@@ -3306,7 +3533,8 @@ probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ?
 #
 # long sys_mlockall(int flags)
 #
-probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ?
+probe nd_syscall.mlockall = kprobe.function("SyS_mlockall") ?,
+                            kprobe.function("sys_mlockall") ?
 {
 	name = "mlockall"
 	// flags = $flags
@@ -3315,7 +3543,8 @@ probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ?
 	flags = int_arg(1)
 	argstr = _mlockall_flags_str(flags)
 }
-probe nd_syscall.mlockall.return = kprobe.function("sys_mlockall").return ?
+probe nd_syscall.mlockall.return = kprobe.function("SyS_mlockall").return ?,
+                                   kprobe.function("sys_mlockall").return ?
 {
 	name = "mlockall"
 	retstr = returnstr(1)
@@ -3356,16 +3585,18 @@ probe nd_syscall.modify_ldt.return = kprobe.function("sys_modify_ldt").return ?
 #                int __user *status,
 #                int flags)
 #
-probe nd_syscall.move_pages = kprobe.function("sys_move_pages") ?,
-                              kprobe.function("compat_sys_move_pages") ?
+probe nd_syscall.move_pages = kprobe.function("compat_sys_move_pages") ?,
+                              kprobe.function("SyS_move_pages") ?,
+                              kprobe.function("sys_move_pages") ?
 {
 	name = "move_pages"
 	// argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags)
 	asmlinkage()
 	argstr = sprintf("%d, %d, %p, %p, 0x%x", int_arg(1), ulong_arg(2), pointer_arg(4), pointer_arg(5), int_arg(6))
 }
-probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?,
-                                     kprobe.function("compat_sys_move_pages").return ?
+probe nd_syscall.move_pages.return = kprobe.function("compat_sys_move_pages").return ?,
+                                     kprobe.function("SyS_move_pages").return ?,
+                                     kprobe.function("sys_move_pages").return ?
 {
 	name = "move_pages"
 	retstr = returnstr(1)
@@ -3382,8 +3613,9 @@ probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?,
 #		char __user * type,
 #		unsigned long flags,
 #		void __user * data)
-probe nd_syscall.mount = kprobe.function("sys_mount"),
-                         kprobe.function("compat_sys_mount") ?
+probe nd_syscall.mount = kprobe.function("compat_sys_mount") ?,
+                         kprobe.function("SyS_mount") ?,
+                         kprobe.function("sys_mount") ?
 {
 	name = "mount"
 	// source = user_string($dev_name)
@@ -3410,8 +3642,9 @@ probe nd_syscall.mount = kprobe.function("sys_mount"),
 		user_string_quoted(pointer_arg(3)),
 		mountflags_str, data)
 }
-probe nd_syscall.mount.return = kprobe.function("sys_mount").return,
-                                kprobe.function("compat_sys_mount").return ?
+probe nd_syscall.mount.return = kprobe.function("compat_sys_mount").return ?,
+                                kprobe.function("SyS_mount").return ?,
+                                kprobe.function("sys_mount").return ?
 {
 	name = "mount"
 	retstr = returnstr(1)
@@ -3420,7 +3653,8 @@ probe nd_syscall.mount.return = kprobe.function("sys_mount").return,
 # mprotect ___________________________________________________
 # long sys_mprotect(unsigned long start, size_t len, unsigned long prot)
 #
-probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ?
+probe nd_syscall.mprotect = kprobe.function("SyS_mprotect") ?,
+                            kprobe.function("sys_mprotect") ?
 {
 	name = "mprotect"
 	// addr = $start
@@ -3435,7 +3669,8 @@ probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ?
 	prot_str = _mprotect_prot_str(prot)
 	argstr = sprintf("%p, %d, %s", addr, len, _mprotect_prot_str(prot))
 }
-probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ?
+probe nd_syscall.mprotect.return = kprobe.function("SyS_mprotect").return ?,
+                                   kprobe.function("sys_mprotect").return ?
 {
 	name = "mprotect"
 	retstr = returnstr(1)
@@ -3449,8 +3684,9 @@ probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ?
 #			const struct compat_mq_attr __user *u_mqstat,
 #			struct compat_mq_attr __user *u_omqstat)
 #
-probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?,
-                                 kprobe.function("compat_sys_mq_getsetattr") ?
+probe nd_syscall.mq_getsetattr = kprobe.function("compat_sys_mq_getsetattr") ?,
+                                 kprobe.function("SyS_mq_getsetattr") ?,
+                                 kprobe.function("sys_mq_getsetattr") ?
 {
 	name = "mq_getsetattr"
 	// mqdes = $mqdes
@@ -3463,8 +3699,9 @@ probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?,
 	u_omqstat_uaddr = pointer_arg(3)
 	argstr = sprintf("%d, %p, %p", mqdes, u_mqstat_uaddr, u_omqstat_uaddr)
 }
-probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").return ?,
-                                        kprobe.function("compat_sys_mq_getsetattr").return ?
+probe nd_syscall.mq_getsetattr.return = kprobe.function("compat_sys_mq_getsetattr").return ?,
+                                        kprobe.function("SyS_mq_getsetattr").return ?,
+                                        kprobe.function("sys_mq_getsetattr").return ?
 {
 	name = "mq_getsetattr"
 	retstr = returnstr(1)
@@ -3474,8 +3711,9 @@ probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").ret
 # long sys_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification)
 # long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification)
 #
-probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?,
-                             kprobe.function("compat_sys_mq_notify") ?
+probe nd_syscall.mq_notify = kprobe.function("compat_sys_mq_notify") ?,
+                             kprobe.function("SyS_mq_notify") ?,
+                             kprobe.function("sys_mq_notify") ?
 {
 	name = "mq_notify"
 	// mqdes = $mqdes
@@ -3486,8 +3724,9 @@ probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?,
 	notification_uaddr = pointer_arg(2)
 	argstr = sprintf("%d, %p", mqdes, notification_uaddr)
 }
-probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?,
-                                    kprobe.function("compat_sys_mq_notify").return ?
+probe nd_syscall.mq_notify.return = kprobe.function("compat_sys_mq_notify").return ?,
+                                    kprobe.function("SyS_mq_notify").return ?,
+                                    kprobe.function("sys_mq_notify").return ?
 {
 	name = "mq_notify"
 	retstr = returnstr(1)
@@ -3502,8 +3741,9 @@ probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?,
 #			int oflag, compat_mode_t mode,
 #			struct compat_mq_attr __user *u_attr)
 #
-probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?,
-                           kprobe.function("compat_sys_mq_open") ?
+probe nd_syscall.mq_open = kprobe.function("compat_sys_mq_open") ?,
+                           kprobe.function("SyS_mq_open") ?,
+                           kprobe.function("sys_mq_open") ?
 {
 	name = "mq_open"
 	// name_uaddr = $u_name
@@ -3529,8 +3769,9 @@ probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?,
 	else
 		argstr = sprintf("%s, %s", user_string_quoted(name_uaddr), _sys_open_flag_str(oflag))
 }
-probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?,
-                                  kprobe.function("compat_sys_mq_open").return ?
+probe nd_syscall.mq_open.return = kprobe.function("compat_sys_mq_open").return ?,
+                                  kprobe.function("SyS_mq_open").return ?,
+                                  kprobe.function("sys_mq_open").return ?
 {
 	name = "mq_open"
 	retstr = returnstr(1)
@@ -3547,8 +3788,9 @@ probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?,
 #			size_t msg_len, unsigned int __user *u_msg_prio,
 #			const struct compat_timespec __user *u_abs_timeout)
 #
-probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?,
-                                   kprobe.function("compat_sys_mq_timedreceive") ?
+probe nd_syscall.mq_timedreceive = kprobe.function("compat_sys_mq_timedreceive") ?,
+                                   kprobe.function("SyS_mq_timedreceive") ?,
+                                   kprobe.function("sys_mq_timedreceive") ?
 {
 	name = "mq_timedreceive"
 	// mqdes = $mqdes
@@ -3567,8 +3809,9 @@ probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?,
 	argstr = sprintf("%d, %p, %d, %p, %p", mqdes, msg_ptr_uaddr, msg_len,
 		msg_prio_uaddr, abs_timeout_uaddr)
 }
-probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive").return ?,
-                                          kprobe.function("compat_sys_mq_timedreceive").return ?
+probe nd_syscall.mq_timedreceive.return = kprobe.function("compat_sys_mq_timedreceive").return ?,
+                                          kprobe.function("SyS_mq_timedreceive").return ?,
+                                          kprobe.function("sys_mq_timedreceive").return ?
 {
 	name = "mq_timedreceive"
 	retstr = returnstr(1)
@@ -3585,8 +3828,9 @@ probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive")
 #			size_t msg_len, unsigned int msg_prio,
 #			const struct compat_timespec __user *u_abs_timeout)
 #
-probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?,
-                                kprobe.function("compat_sys_mq_timedsend") ?
+probe nd_syscall.mq_timedsend = kprobe.function("compat_sys_mq_timedsend") ?,
+                                kprobe.function("SyS_mq_timedsend") ?,
+                                kprobe.function("sys_mq_timedsend") ?
 {
 	name = "mq_timedsend"
 	// mqdes = $mqdes
@@ -3605,8 +3849,9 @@ probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?,
 	argstr = sprintf("%d, %p, %d, %d, %p", mqdes, msg_ptr_uaddr, msg_len,
 		msg_prio, abs_timeout_uaddr)
 }
-probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").return ?,
-                                       kprobe.function("compat_sys_mq_timedsend").return ?
+probe nd_syscall.mq_timedsend.return = kprobe.function("compat_sys_mq_timedsend").return ?,
+                                       kprobe.function("SyS_mq_timedsend").return ?,
+                                       kprobe.function("sys_mq_timedsend").return ?
 {
 	name = "mq_timedsend"
 	retstr = returnstr(1)
@@ -3615,7 +3860,8 @@ probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").retur
 # mq_unlink __________________________________________________
 # long sys_mq_unlink(const char __user *u_name)
 #
-probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ?
+probe nd_syscall.mq_unlink = kprobe.function("SyS_mq_unlink") ?,
+                             kprobe.function("sys_mq_unlink") ?
 {
 	name = "mq_unlink"
 	// u_name_uaddr = $u_name
@@ -3626,7 +3872,8 @@ probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ?
 	u_name = user_string(u_name_uaddr)
 	argstr = user_string_quoted(u_name_uaddr)
 }
-probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ?
+probe nd_syscall.mq_unlink.return = kprobe.function("SyS_mq_unlink").return ?,
+                                    kprobe.function("sys_mq_unlink").return ?
 {
 	name = "mq_unlink"
 	retstr = returnstr(1)
@@ -3639,8 +3886,9 @@ probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ?
 #            unsigned long flags,
 #            unsigned long new_addr)
 #
-probe nd_syscall.mremap = kprobe.function("sys_mremap") ?,
-                          kprobe.function("ia64_mremap") ?
+probe nd_syscall.mremap = kprobe.function("ia64_mremap") ?,
+                          kprobe.function("SyS_mremap") ?,
+                          kprobe.function("sys_mremap") ?
 {
 	name = "mremap"
 	// old_address = $addr
@@ -3659,8 +3907,9 @@ probe nd_syscall.mremap = kprobe.function("sys_mremap") ?,
 	argstr = sprintf("%p, %d, %d, %s, %p", old_address, old_size, new_size,
 		_mremap_flags(flags), new_address)
 }
-probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?,
-                                 kprobe.function("ia64_mremap").return ?
+probe nd_syscall.mremap.return = kprobe.function("ia64_mremap").return ?,
+                                 kprobe.function("SyS_mremap").return ?,
+                                 kprobe.function("sys_mremap").return ?
 {
 	name = "mremap"
 	retstr = returnstr(2)
@@ -3669,7 +3918,8 @@ probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?,
 # msgctl _____________________________________________________
 # long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
 #
-probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ?
+probe nd_syscall.msgctl = kprobe.function("SyS_msgctl") ?,
+                          kprobe.function("sys_msgctl") ?
 {
 	name = "msgctl"
 	// msqid = $msqid
@@ -3682,7 +3932,8 @@ probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ?
 	buf_uaddr = pointer_arg(3)
 	argstr = sprintf("%d, %d, %p", msqid, cmd, buf_uaddr)
 }
-probe nd_syscall.msgctl.return = kprobe.function("sys_msgctl").return ?
+probe nd_syscall.msgctl.return = kprobe.function("SyS_msgctl").return ?,
+                                 kprobe.function("sys_msgctl").return ?
 {
 	name = "msgctl"
 	retstr = returnstr(1)
@@ -3707,7 +3958,8 @@ probe nd_syscall.compat_sys_msgctl.return = kprobe.function("compat_sys_msgctl")
 # msgget _____________________________________________________
 # long sys_msgget (key_t key, int msgflg)
 #
-probe nd_syscall.msgget = kprobe.function("sys_msgget") ?
+probe nd_syscall.msgget = kprobe.function("SyS_msgget") ?,
+                          kprobe.function("sys_msgget") ?
 {
 	name = "msgget"
 	// key = $key
@@ -3720,7 +3972,8 @@ probe nd_syscall.msgget = kprobe.function("sys_msgget") ?
 	msgflg_str = _sys_open_flag_str(msgflg)
 	argstr = sprintf("%d, %s", key, _sys_open_flag_str(msgflg))
 }
-probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ?
+probe nd_syscall.msgget.return = kprobe.function("SyS_msgget").return ?,
+                                 kprobe.function("sys_msgget").return ?
 {
 	name = "msgget"
 	retstr = returnstr(1)
@@ -3733,7 +3986,8 @@ probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ?
 #             long msgtyp,
 #             int msgflg)
 #
-probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ?
+probe nd_syscall.msgrcv = kprobe.function("SyS_msgrcv") ?,
+                          kprobe.function("sys_msgrcv") ?
 {
 	name = "msgrcv"
 	// msqid = $msqid
@@ -3750,7 +4004,8 @@ probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ?
 	msgflg = int_arg(5)
 	argstr = sprintf("%d, %p, %d, %d, %d", msqid, msgp_uaddr, msgsz, msgtyp, msgflg)
 }
-probe nd_syscall.msgrcv.return = kprobe.function("sys_msgrcv").return ?
+probe nd_syscall.msgrcv.return = kprobe.function("SyS_msgrcv").return ?,
+                                 kprobe.function("sys_msgrcv").return ?
 {
 	name = "msgrcv"
 	retstr = returnstr(1)
@@ -3779,7 +4034,8 @@ probe nd_syscall.compat_sys_msgrcv.return = kprobe.function("compat_sys_msgrcv")
 #             size_t msgsz,
 #             int msgflg)
 #
-probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ?
+probe nd_syscall.msgsnd = kprobe.function("SyS_msgsnd") ?,
+                          kprobe.function("sys_msgsnd") ?
 {
 	name = "msgsnd"
 	// msqid = $msqid
@@ -3794,7 +4050,8 @@ probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ?
 	msgflg = int_arg(4)
 	argstr = sprintf("%d, %p, %d, %d", msqid, msgp_uaddr, msgsz, msgflg)
 }
-probe nd_syscall.msgsnd.return = kprobe.function("sys_msgsnd").return ?
+probe nd_syscall.msgsnd.return = kprobe.function("SyS_msgsnd").return ?,
+                                 kprobe.function("sys_msgsnd").return ?
 {
 	name = "msgsnd"
 	retstr = returnstr(1)
@@ -3818,7 +4075,8 @@ probe nd_syscall.compat_sys_msgsnd.return = kprobe.function("compat_sys_msgsnd")
 
 # msync ______________________________________________________
 # long sys_msync(unsigned long start, size_t len, int flags)
-probe nd_syscall.msync = kprobe.function("sys_msync") ?
+probe nd_syscall.msync = kprobe.function("SyS_msync") ?,
+                         kprobe.function("sys_msync") ?
 {
 	name = "msync"
 	// start = $start
@@ -3830,7 +4088,8 @@ probe nd_syscall.msync = kprobe.function("sys_msync") ?
 	flags = int_arg(3)
 	argstr = sprintf("%p, %d, %s", start, length, _msync_flag_str(flags))
 }
-probe nd_syscall.msync.return = kprobe.function("sys_msync").return ?
+probe nd_syscall.msync.return = kprobe.function("SyS_msync").return ?,
+                                kprobe.function("sys_msync").return ?
 {
 	name = "msync"
 	retstr = returnstr(1)
@@ -3838,7 +4097,8 @@ probe nd_syscall.msync.return = kprobe.function("sys_msync").return ?
 
 # munlock ____________________________________________________
 # long sys_munlock(unsigned long start, size_t len)
-probe nd_syscall.munlock = kprobe.function("sys_munlock") ?
+probe nd_syscall.munlock = kprobe.function("SyS_munlock") ?,
+                           kprobe.function("sys_munlock") ?
 {
 	name = "munlock"
 	// addr = $start
@@ -3848,7 +4108,8 @@ probe nd_syscall.munlock = kprobe.function("sys_munlock") ?
 	len = ulong_arg(2)
 	argstr = sprintf("%p, %d", addr, len)
 }
-probe nd_syscall.munlock.return = kprobe.function("sys_munlock").return ?
+probe nd_syscall.munlock.return = kprobe.function("SyS_munlock").return ?,
+                                  kprobe.function("sys_munlock").return ?
 {
 	name = "munlock"
 	retstr = returnstr(1)
@@ -3869,7 +4130,8 @@ probe nd_syscall.munlockall.return = kprobe.function("sys_munlockall").return ?
 
 # munmap _____________________________________________________
 # long sys_munmap(unsigned long addr, size_t len)
-probe nd_syscall.munmap = kprobe.function("sys_munmap")
+probe nd_syscall.munmap = kprobe.function("SyS_munmap") ?,
+                          kprobe.function("sys_munmap") ?
 {
 	name = "munmap"
 	// start = $addr
@@ -3879,7 +4141,8 @@ probe nd_syscall.munmap = kprobe.function("sys_munmap")
 	length = ulong_arg(2)
 	argstr = sprintf("%p, %d", start, length)
 }
-probe nd_syscall.munmap.return = kprobe.function("sys_munmap").return
+probe nd_syscall.munmap.return = kprobe.function("SyS_munmap").return ?,
+                                 kprobe.function("sys_munmap").return ?
 {
 	name = "munmap"
 	retstr = returnstr(1)
-- 
1.5.6.5


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]