[二] Linux动态追踪技术

Security Classification: 【C-1】 | Publish Time:2024-07-31 | Category:Test Notes | Edit

Expiry Notice: The article was published three months ago. Please independently assess the validity of the technical methods and code mentioned within. :)

AI Summary: 本文介绍了Linux追踪系统的分类,包括数据来源、数据加工与传递手段,以及用户前端工具。主要探讨了probe和tracepoint的概念。probe是一种动态修改程序指令的行为,分为kprobe(内核)和uprobe(应用程序),可用于hook函数体的任意位置,kretprobe和uretprobe专门用于hook函数返回地址。tracepoint是在编译时插入的指令,分为内核tracepoint和应用程序USDT,利用GCC参数实现自动插入指令。trace events是内核中预定义的行为,通过tracefs传递数据,分为tracepoint-based events、kprobe-based events和uprobe-based events。perf events用于性能测量,最初基于性能计数器,后发展为一个框架,能够通过perf_event_open()系统调用将数据传递给用户。 --- (From Model:gpt-4o-mini-2024-07-18)


Web3 Info

The ownership of the data in this article is secured by blockchain encryption technology and smart contracts, and is solely owned by the creator.


Comment List

© Copyright: This article is an original work and the copyright belongs to the  Depy's docs  unless marked as Reproduced

Please contact the blogger for authorization to reprint


『📕Category 』