uprobe

package
v0.0.1-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 31, 2022 License: MIT Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var RegisterR8Offsets map[string]int16 = map[string]int16{
	"r15":      0,
	"r14":      8,
	"r13":      16,
	"r12":      24,
	"rbp":      32,
	"rbx":      40,
	"r11":      48,
	"r10":      56,
	"r9":       64,
	"r8":       72,
	"rax":      80,
	"rcx":      88,
	"rdx":      96,
	"rsi":      104,
	"rdi":      112,
	"orig_rax": 120,
	"rip":      128,
	"cs":       136,
	"eflags":   144,
	"rsp":      152,
	"ss":       160,
}

Functions

func MatchWildcard 

func MatchWildcard(pattern, str string) bool

Types

type FetchArg 

type FetchArg struct {
	Varname   string
	Statement string
	Type      string
	Size      int
	Ops       []FetchOp
}

func (*FetchArg) CompileBpfInstructions 

func (f *FetchArg) CompileBpfInstructions(vacantR10Offset int16, destR6Offset int64) (insts asm.Instructions)

func (*FetchArg) Sprint 

func (f *FetchArg) Sprint(data []uint8) string

type FetchOp 

type FetchOp interface {
	BpfInstructions(srcR10Offset int16, dstBase asm.Register, dstOffset int64) asm.Instructions
	TargetSize() int16
}

type FuncTree 

type FuncTree struct {
	Name       string
	FpOffset   uint64
	RetOffsets []uint64
	Children   []*FuncTree
	Err        error
}

func (*FuncTree) Print 

func (t *FuncTree) Print(indent int)

func (*FuncTree) Traverse 

func (t *FuncTree) Traverse(f func(int, *FuncTree, *FuncTree) bool)

func (*FuncTree) Visit 

func (t *FuncTree) Visit(layer int, parent, self *FuncTree, f func(int, *FuncTree, *FuncTree) bool)

type ParseOptions 

type ParseOptions struct {
	Wildcards   []string
	ExWildcards []string
	Fetch       map[string]map[string]string
	SearchDepth int
	Backtrace   bool
}

type ReadMemory 

type ReadMemory struct {
	// contains filtered or unexported fields
}

ReadMemory: offset(FETCH):size

func (*ReadMemory) BpfInstructions 

func (op *ReadMemory) BpfInstructions(srcR10Offset int16, dstBase asm.Register, dstOffset int64) (insts asm.Instructions)

BpfInstructions: bpf_probe_read_user(dstBase+dstOffset, op.size, (void*)R10+srcR10Offset+op.offset)

func (*ReadMemory) TargetSize 

func (op *ReadMemory) TargetSize() int16

type ReadReg 

type ReadReg struct {
	// contains filtered or unexported fields
}

ReadReg: %rsp

func (*ReadReg) BpfInstructions 

func (op *ReadReg) BpfInstructions(_ int16, dstBase asm.Register, dstOffset int64) (insts asm.Instructions)

BpfInstructions: dstBase[dstOffset] = op.register

func (*ReadReg) TargetSize 

func (op *ReadReg) TargetSize() int16

type Uprobe 

type Uprobe struct {
	Funcname                 string
	Location                 UprobeLocation
	Offset                   uint64
	UserSpecified, Backtrace bool
	FetchArgs                []*FetchArg
}

func Parse 

func Parse(elf *elf.ELF, opts *ParseOptions) (uprobes []Uprobe, err error)

type UprobeLocation 

type UprobeLocation int
const (
	AtEntry UprobeLocation = iota
	AtFramePointer
	AtRet
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.