Article on Sun's DTrace

Eitarou Kamo e-kamo at trio.plala.or.jp
Tue Jul 13 04:06:16 PDT 2004 

Hi Andrey,

Andrey Simonenko wrote:

>
> Having read that bug report I began to think that they change several
> continues bytes in a function, probably they just search for well known
> commands sequence and atomically change one of them. I think it is
> possible
> to change almost any instruction on x86, just because changed instruction
> should be emulated after return from DTrace probe (this very actual for
> probes in userspace). Yes, you are right, using classic debugging
> technique for activating DTrace trampoline should work.
>
> One can find description of probe's activating for x86 in the 4.1
> paragraph of the DTrace Usenix report. They talked about IDT and
> interrupt handler.
>
> I know that you know this, but...
>
> If an interrupt call for activating probe is used on x86, then this
> explains how it is possible to get offset of "ret" command (cs:eip from
> trap frame) and how probes work in the userspace (control goes to kernel,
> where it works with script's variables).
>
> Again, if every "ret" instructions or instructions before "ret"
> instructions
> are changed in a function (because an offset of "ret" instruction is
> available in :return probe), then to speed up instruction changing, it
> is possible to save offsets of probes entries in some well known sections
> of object files (during compilation phase for example) and if there isn't
> such section, then try to find probes entries on-the-fly by disassembling
> binary code. Wildcard probes can require changing at least two
> instructions
> in every of tens of thousands functions.
> _______________________________________________
>
>
You seem to know well about DTrace. I was taught a lot by you
on the off line too. By the way, Are you plan to port DTrace like
tool to FreeBSD? or are you Sun or DTrace developer? Sorry,
I'm not sure who and what you are, and I'm not old-timer on this list.

Eitarou

-- 
                                      
***********************
	Eitarou Kamo

	Tel. +81 75 7035997
	Fax  +81 75 7035997
	VoIP   050 10585997(domestic only)
e‐mail   e-kamo at trio.plala.or.jp

For business:
Feel free to mail me(above), please.

Donation   http://www.PayPal.Com

GPG FingerPrint:
032D FDF9 D27B 23F7 9A81 BF4C 626C FBAA BC3A 9895 
************************************************************************

More information about the freebsd-hackers mailing list