stackoom
  简体   繁体   中英

How Kprobe and Uprobe insert debugging prinkk in executable — Do they extend the address space of running Module or Program

 原文  2021-01-17 12:54:13       c/ linux/ unix/ kprobe

Question

I just could not wrap my head around the idea of debuggers and probing tools.

How is it technically possible to insert debugging printk statements inside running kernel module or user space applications -- using Kprobe and Uprobe. what terminology is used to define the behavior of Kprobe and Uprobe in terms Memory -- how is it possible to stretch the address space in program running state.

1 answers

solution1
 1  2021-01-17 13:41:29

There are usually single-byte instructions that cause a breakpoint (software interrupt) and then there are some debug registers in the processor too.

With these it is possible to insert a trap that jumps to kernel trap handler anywhere in memory without extending any "memory space" - you just set the debug registers or replace the desired instruction at the breakpoint with that trap instruction.

Within the kernel trap handler the kernel would get to know the exact address where the fault occurred and therefore inspect the state of the registers and so forth. In case of a trap by a single-byte instruction or so, you'd replace the trap instruction with the original one; possibly use a processor trick to single step it; and then replace with the trap instruction again...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I check if my executable is running for a service or for a normal program? How can I attached a BPF program to a kernel function via a kprobe? How large is the virtual address space of a program? insmod: ERROR: could not insert module kprobe_example.ko: Operation not permitted Writing in the executable while running the program How to program such that debugging is easy? How do I view the header file (.h) that was included while debugging the executable file? How do I call an executable from a C program (using winapi)? How do I represent a pointer to the beginning of my address space? How do you ascertain that you are running the latest executable?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM