90 likes | 160 Views
Uprobe. Event Tracing. Use. The user space component of kprobes. Places probes in user-space executable process memory. Installation. Compiled as part of the kernel or as a kernel module. int __init init_module(void){ int ret; usp.pid = pid; usp.vaddr = vaddr;
E N D
Uprobe Event Tracing
Use The user space component of kprobes. Places probes in user-space executable process memory.
Installation Compiled as part of the kernel or as a kernel module.
int __init init_module(void){ int ret; usp.pid = pid; usp.vaddr = vaddr; usp.handler = uprobe_handler; printk(KERN_INFO “Registering uprobe on pid %d, vaddr %#lx\n”, usp.pid, usp.vaddr); ret = register_uprobe(&usp); return 0;
static void uprobe_handler(struct uprobe *u, struct pt_regs *regs){ nhits++; if (verbose) printk(KERN_INFO “Hit #%d on probepoint at %#lx\n”, nhits, u->vaddr); }
void __exit cleanup_module(void) { printk(KERN_INFO “Unregistering uprobe on pid %d, vaddr %#lx\n”, usp.pid, usp.vaddr); printk(KERN_INFO “Probepoint was hit %d times\n”, nhits); unregister_uprobe(&usp); }
$ ./myprog & $ ps PID TTY TIME CMD 4367 pts/3 00:00:00 bash 8156 pts/3 00:00:00 myprog 8157 pts/3 00:00:00 ps $ su - # insmod uprobe_example.ko pid=8156 vaddr=0x080484a8
kernel: Hit #1 on probepoint at 0x80484a8 # rmmod uprobe_example Probepoint was hit 5 times”.
References http://www.chunghwan.com/en/systems/user-space-probes-uprobes/ http://lxr.free-electrons.com/source/kernel/events/uprobes.c