随想录(强大的kprobe)
来源:互联网 发布:网络mg老虎机技巧 编辑:程序博客网 时间:2024/06/03 20:37
【 声明:版权所有,欢迎转载,请勿用于商业用途。 联系信箱:feixiaoxing @163.com】
之前一直对systemtap比较感兴趣,但是它的配置太麻烦,使用起来有点不是很顺手。今天偶然之中发现了kprobe,发现很是不错。对我而言,使用kprobe的最大好处就是可以不用重新编译内核就可以学习各个函数之间的调用关系。kprobe的实现原理不复杂,就是在对应的函数设置异常断点,这样可以让函数进入中断,在中断中通过类似信号函数的处理手法,让它先执行我们设定的函数,等到一切结束后再继续原来的流程。它的使用也十分简单,在kernel下有一份简单的代码,大家可以看看。
/* * NOTE: This example is works on x86 and powerpc. * Here's a sample kernel module showing the use of kprobes to dump a * stack trace and selected registers when do_fork() is called. * * For more information on theory of operation of kprobes, see * Documentation/kprobes.txt * * You will see the trace data in /var/log/messages and on the console * whenever do_fork() is invoked to create a new process. */#include <linux/kernel.h>#include <linux/module.h>#include <linux/kprobes.h>/* For each probe you need to allocate a kprobe structure */static struct kprobe kp = {.symbol_name= "do_fork",};/* kprobe pre_handler: called just before the probed instruction is executed */static int handler_pre(struct kprobe *p, struct pt_regs *regs){#ifdef CONFIG_X86printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx,"" flags = 0x%lx\n",p->addr, regs->ip, regs->flags);#endif#ifdef CONFIG_PPCprintk(KERN_INFO "pre_handler: p->addr = 0x%p, nip = 0x%lx,"" msr = 0x%lx\n",p->addr, regs->nip, regs->msr);#endif#ifdef CONFIG_MIPSprintk(KERN_INFO "pre_handler: p->addr = 0x%p, epc = 0x%lx,"" status = 0x%lx\n",p->addr, regs->cp0_epc, regs->cp0_status);#endif/* A dump_stack() here will give a stack backtrace */return 0;}/* kprobe post_handler: called after the probed instruction is executed */static void handler_post(struct kprobe *p, struct pt_regs *regs,unsigned long flags){#ifdef CONFIG_X86printk(KERN_INFO "post_handler: p->addr = 0x%p, flags = 0x%lx\n",p->addr, regs->flags);#endif#ifdef CONFIG_PPCprintk(KERN_INFO "post_handler: p->addr = 0x%p, msr = 0x%lx\n",p->addr, regs->msr);#endif#ifdef CONFIG_MIPSprintk(KERN_INFO "post_handler: p->addr = 0x%p, status = 0x%lx\n",p->addr, regs->cp0_status);#endif}/* * fault_handler: this is called if an exception is generated for any * instruction within the pre- or post-handler, or when Kprobes * single-steps the probed instruction. */static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr){printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",p->addr, trapnr);/* Return 0 because we don't handle the fault. */return 0;}static int __init kprobe_init(void){int ret;kp.pre_handler = handler_pre;kp.post_handler = handler_post;kp.fault_handler = handler_fault;ret = register_kprobe(&kp);if (ret < 0) {printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);return ret;}printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);return 0;}static void __exit kprobe_exit(void){unregister_kprobe(&kp);printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);}module_init(kprobe_init)module_exit(kprobe_exit)MODULE_LICENSE("GPL");当然,为了大家使用方便,这里一起把Makefile附上,希望大家用的愉快。
ifneq ($(KERNELRELEASE),)obj-m := kprobe_example.oelsePWD := $(shell pwd)KVER := $(shell uname -r)KDIR := /lib/modules/$(KVER)/buildall:$(MAKE) -C $(KDIR) M=$(PWD) modulesclean:rm -rf .*.cmd *.o *.mod.c *.ko .tmp_versions modules.* Module.*endif
2 0
- 随想录(强大的kprobe)
- 《软件随想录》的随想
- 随想录(招聘怎样的员工)
- 随想录(linux的四个维度)
- 随想录(linux的四个维度)
- 随想录(linux的四个维度)
- 随想录(程序员的缺点)
- 随想录(程序员的缺点)
- 随想录(程序员的缺点)
- 随想录(程序员的缺点)
- 随想录(程序员的缺点)
- 随想录(程序员的缺点) .
- 随想录(程序员的缺点)
- 随想录(开源代码的学习方法)
- 随想录(开源代码的学习方法)
- 随想录(公司程序员的九层楼)
- 随想录(开源代码的学习方法)
- 随想录(开源代码的学习方法)
- iOS APNS远程推送证书的申请和制作——详细解析
- 搜索业务增速下滑 Google廉颇老矣?
- 在Ubuntu终端彻底删除软件方法
- Linux 进程操作细节
- 第四章 Backbonejs中的Router实践
- 随想录(强大的kprobe)
- OpenStack虚拟机HA建议
- 如何查看项目使用的Eclipse版本和Jdk的版本
- OpenGL学习(hello)
- 内嵌函数和闭包
- BEGINNING SHAREPOINT® 2013 DEVELOPMENT 第13章节--使用业务连接服务创建业务线解决方案 创建启用BCS的业务解决方案
- [LeetCode OJ]Merge Two Sorted Lists
- WebService
- IOS8 模拟器的配置文件目录