Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Debuggers from scratch

Liz Rice
November 06, 2017
Technology
1
3.5k

Debuggers from scratch

See how a debugger sets breakpoints and generates stack traces. The pdf version of this slide deck doesn't show the animations, so you might prefer to watch the video of this presentation at dotGo EU: https://youtu.be/TBrv17QyUE0

Liz Rice

November 06, 2017
Tweet

More Decks by Liz Rice

See All by Liz Rice
Unleashing the kernel with eBPF
lizrice
0
10
eBPF's Abilities and Limitations: The Truth
lizrice
0
21
Simplifying multi-cloud and multi-cluster Kubernetes deployments with Cilium
lizrice
0
10
When is a Secure Connection not encrypted? And other stories
lizrice
1
17
Keeping it simple: Cilium Mesh - networking for multi-cloud Kubernetes and beyond
lizrice
1
460
How Many Proxies Do You Need
lizrice
1
100
eBPF for Security Observability
lizrice
0
1k
Beginner's Guide to eBPF Programming for Networking
lizrice
1
1.9k
Contributing to Open Source - what's in it for my business?
lizrice
0
35

Other Decks in Technology

See All in Technology
「手動オペレーションに定評がある」と言われた私が心がけていること / phpcon_odawara2024
blue_goheimochi
2
320
スタートアップの技術顧問を3年間続けて発生した事と気付き
biwakonbu
0
150
Oracle Cloud Infrastructure:2024年4月度サービス・アップデート
oracle4engineer
PRO
1
110
クラウドサインにおけるプロダクトマネージャーの役割と開発プロセス / 20240410_cloudsign-PdM
bengo4com
1
680
DevOpsメトリクスとアウトカムの接続にトライ!開発プロセスを通して計測できるメトリクスの活用方法
ham0215
1
190
Postman v10リリース後を振り返る
nagix
0
130
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
320
TransitGatewayの基礎
toru_kubota
0
230
A (short) History of AI
harishpillay
0
110
「共通基盤」を超えよ! 今、Platform Engineeringに取り組むべき理由
jacopen
25
5.8k
2024/4/26 コンピュータ歴史博物館解説告知
toshi_atsumi
0
200
コードを書く隙間を見つけて生きていく技術/Findy 思考の現在地
fujiwara3
24
5k

Featured

See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
What’s in a name? Adding method to the madness
productmarketing
PRO
15
2.6k
Typedesign – Prime Four
hannesfritz
36
2.1k
Designing on Purpose - Digital PM Summit 2013
jponch
110
6.4k
Designing for Performance
lara
602
67k
Raft: Consensus for Rubyists
vanstee
132
6.2k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Gamification - CAS2011
davidbonilla
76
4.6k
The Mythical Team-Month
searls
215
42k
The Pragmatic Product Professional
lauravandoore
24
5.8k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
19
1.9k

Transcript

  1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    A debugger from scratch Liz Rice @lizrice

  2. 2 @lizrice ptrace The ptrace() system call provides a means

    by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. It is primarily used to implement breakpoint debugging and system call tracing.

  3. 3 @lizrice ptrace

  4. 4 @lizrice func f3() int { var j int j

    = 0x44444444 return i + j } Source code MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0, 0x20(SP) MOVQ $0x0, 0(SP) MOVQ $0x44444444, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP SUBQ $0x10, SP JMP main.f2(SB) Machine code

  5. 5 @lizrice MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0,

    0x20(SP) MOVQ $0x0, 0(SP) MOVQ $0x44444444, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP Program Counter CPU Registers SUBQ $0x10, SP JMP main.f2(SB) Machine code

  6. 6 @lizrice MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0,

    0x20(SP) MOVQ $0x0, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP Program Counter CPU Registers 0xCC SUBQ $0x10, SP JMP main.f2(SB) Machine code

  7. 7 @lizrice MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0,

    0x20(SP) MOVQ $0x0, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP 0xCC SUBQ $0x10, SP JMP main.f2(SB) Machine code func f3() int { var j int j = 0x44444444 return i + j } Source code

  8. 8 @lizrice address to return to parameters & return values

    local variables CPU Registers Base Pointer address to return to Stack Pointer Program Counter Program Counter Base Pointer Call Stack Previous stack frame Previous stack frame address to return to parameters & return values

  9. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    github.com/lizrice/debugger-from-scratch with thanks to @mlowicki & @philpearl @lizrice