Date: Tue, 13 Jul 2004 20:12:57 +0900 From: Eitarou Kamo <e-kamo@trio.plala.or.jp> To: freebsd-hackers@freebsd.org Subject: Re: Article on Sun's DTrace Message-ID: <40F3C3B9.4030001@trio.plala.or.jp>
next in thread | raw e-mail | index | archive | help
Hi Andrey, Andrey Simonenko wrote: > > Having read that bug report I began to think that they change several > continues bytes in a function, probably they just search for well known > commands sequence and atomically change one of them. I think it is > possible > to change almost any instruction on x86, just because changed instruction > should be emulated after return from DTrace probe (this very actual for > probes in userspace). Yes, you are right, using classic debugging > technique for activating DTrace trampoline should work. > > One can find description of probe's activating for x86 in the 4.1 > paragraph of the DTrace Usenix report. They talked about IDT and > interrupt handler. > > I know that you know this, but... > > If an interrupt call for activating probe is used on x86, then this > explains how it is possible to get offset of "ret" command (cs:eip from > trap frame) and how probes work in the userspace (control goes to kernel, > where it works with script's variables). > > Again, if every "ret" instructions or instructions before "ret" > instructions > are changed in a function (because an offset of "ret" instruction is > available in :return probe), then to speed up instruction changing, it > is possible to save offsets of probes entries in some well known sections > of object files (during compilation phase for example) and if there isn't > such section, then try to find probes entries on-the-fly by disassembling > binary code. Wildcard probes can require changing at least two > instructions > in every of tens of thousands functions. > _______________________________________________ > > You seem to know well about DTrace. I was taught a lot by you on the off line too. By the way, Are you plan to port DTrace like tool to FreeBSD? or are you Sun or DTrace developer? Sorry, I'm not sure who and what you are, and I'm not old-timer on this list. Eitarou -- *********************** Eitarou Kamo Tel. +81 75 7035997 Fax +81 75 7035997 VoIP 050 10585997(domestic only) e$B!>(Bmail e-kamo@trio.plala.or.jp For business: Feel free to mail me(above), please. Donation http://www.PayPal.Com GPG FingerPrint: 032D FDF9 D27B 23F7 9A81 BF4C 626C FBAA BC3A 9895 ************************************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40F3C3B9.4030001>