Re: Article on Sun's DTrace

[Eitarou Kamo]

Hi Andrey,
(B
(BAndrey Simonenko wrote:
(B
(B>
(B> Having read that bug report I began to think that they change several
(B> continues bytes in a function, probably they just search for well known
(B> commands sequence and atomically change one of them. I think it is
(B> possible
(B> to change almost any instruction on x86, just because changed instruction
(B> should be emulated after return from DTrace probe (this very actual for
(B> probes in userspace). Yes, you are right, using classic debugging
(B> technique for activating DTrace trampoline should work.
(B>
(B> One can find description of probe's activating for x86 in the 4.1
(B> paragraph of the DTrace Usenix report. They talked about IDT and
(B> interrupt handler.
(B>
(B> I know that you know this, but...
(B>
(B> If an interrupt call for activating probe is used on x86, then this
(B> explains how it is possible to get offset of "ret" command (cs:eip from
(B> trap frame) and how probes work in the userspace (control goes to kernel,
(B> where it works with script's variables).
(B>
(B> Again, if every "ret" instructions or instructions before "ret"
(B> instructions
(B> are changed in a function (because an offset of "ret" instruction is
(B> available in :return probe), then to speed up instruction changing, it
(B> is possible to save offsets of probes entries in some well known sections
(B> of object files (during compilation phase for example) and if there isn't
(B> such section, then try to find probes entries on-the-fly by disassembling
(B> binary code. Wildcard probes can require changing at least two
(B> instructions
(B> in every of tens of thousands functions.
(B> _______________________________________________
(B>
(B>
(BYou seem to know well about DTrace. I was taught a lot by you
(Bon the off line too. By the way, Are you plan to port DTrace like
(Btool to FreeBSD? or are you Sun or DTrace developer? Sorry,
(BI'm not sure who and what you are, and I'm not old-timer on this list.
(B
(BEitarou
(B
(B-- 
(B                                      
(B***********************
(B        Eitarou Kamo
(B
(B        Tel. +81 75 7035997
(B        Fax  +81 75 7035997
(B        VoIP   050 10585997(domestic only)
(Be$B!>(Bmail   [EMAIL PROTECTED]
(B
(BFor business:
(BFeel free to mail me(above), please.
(B
(BDonation   http://www.PayPal.Com
(B
(BGPG FingerPrint:
(B032D FDF9 D27B 23F7 9A81 BF4C 626C FBAA BC3A 9895 
(B************************************************************************
(B
(B                                        
(B
(B
(B
(B_______________________________________________
(B[EMAIL PROTECTED] mailing list
(Bhttp://lists.freebsd.org/mailman/listinfo/freebsd-hackers
(BTo unsubscribe, send any mail to "[EMAIL PROTECTED]"