Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Debuggers from scratch

Liz Rice
November 06, 2017
Technology
1
3.7k

Debuggers from scratch

See how a debugger sets breakpoints and generates stack traces. The pdf version of this slide deck doesn't show the animations, so you might prefer to watch the video of this presentation at dotGo EU: https://youtu.be/TBrv17QyUE0

Liz Rice

November 06, 2017
Tweet

More Decks by Liz Rice

See All by Liz Rice
Unleashing the kernel with eBPF
lizrice
0
190
eBPF's Abilities and Limitations: The Truth
lizrice
0
380
Simplifying multi-cloud and multi-cluster Kubernetes deployments with Cilium
lizrice
0
200
When is a Secure Connection not encrypted? And other stories
lizrice
1
85
Keeping it simple: Cilium Mesh - networking for multi-cloud Kubernetes and beyond
lizrice
1
640
How Many Proxies Do You Need
lizrice
1
150
eBPF for Security Observability
lizrice
0
1.3k
Beginner's Guide to eBPF Programming for Networking
lizrice
1
2.4k
Contributing to Open Source - what's in it for my business?
lizrice
0
58

Other Decks in Technology

See All in Technology
OPENLOGI Company Profile for engineer
hr01
1
24k
От ручной разметки к LLM: как мы создавали облако тегов в Lamoda. Анастасия Ангелова, Data Scientist, Lamoda Tech
lamodatech
0
820
AIでめっちゃ便利になったけど、結局みんなで学ぶよねっていう話
kakehashi
PRO
1
440
AWSで作るセキュアな認証基盤with OAuth mTLS / Secure Authentication Infrastructure with OAuth mTLS on AWS
kaminashi
0
190
MCPを活用した検索システムの作り方/How to implement search systems with MCP #catalks
quiver
13
7.1k
コスト最適重視でAurora PostgreSQLのログ分析基盤を作ってみた #jawsug_tokyo
non97
1
750
AIコーディングの最前線 〜活用のコツと課題〜
pharma_x_tech
4
2.7k
Notion x ポストモーテムで広げる組織の学び / Notion x Postmortem
isaoshimizu
1
130
地味にいろいろあった! 2025春のAmazon Bedrockアップデートおさらい
minorun365
PRO
1
490
営業向け誰でも話せるOCIセールストーク
oracle4engineer
PRO
2
100
Goの組織でバックエンドTypeScriptを採用してどうだったか / How was adopting backend TypeScript in a Golang company
kaminashi
12
8.8k
ガバクラのAWS長期継続割引 ~次の4/1に慌てないために~
hamijay_cloud
1
490

Featured

See All Featured
4 Signs Your Business is Dying
shpigford
183
22k
Building Applications with DynamoDB
mza
94
6.3k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
Navigating Team Friction
lara
185
15k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
680
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Gamification - CAS2011
davidbonilla
81
5.2k
Being A Developer After 40
akosma
91
590k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k

Transcript

  1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    A debugger from scratch Liz Rice @lizrice

  2. 2 @lizrice ptrace The ptrace() system call provides a means

    by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. It is primarily used to implement breakpoint debugging and system call tracing.

  3. 3 @lizrice ptrace

  4. 4 @lizrice func f3() int { var j int j

    = 0x44444444 return i + j } Source code MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0, 0x20(SP) MOVQ $0x0, 0(SP) MOVQ $0x44444444, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP SUBQ $0x10, SP JMP main.f2(SB) Machine code

  5. 5 @lizrice MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0,

    0x20(SP) MOVQ $0x0, 0(SP) MOVQ $0x44444444, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP Program Counter CPU Registers SUBQ $0x10, SP JMP main.f2(SB) Machine code

  6. 6 @lizrice MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0,

    0x20(SP) MOVQ $0x0, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP Program Counter CPU Registers 0xCC SUBQ $0x10, SP JMP main.f2(SB) Machine code

  7. 7 @lizrice MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0,

    0x20(SP) MOVQ $0x0, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP 0xCC SUBQ $0x10, SP JMP main.f2(SB) Machine code func f3() int { var j int j = 0x44444444 return i + j } Source code

  8. 8 @lizrice address to return to parameters & return values

    local variables CPU Registers Base Pointer address to return to Stack Pointer Program Counter Program Counter Base Pointer Call Stack Previous stack frame Previous stack frame address to return to parameters & return values

  9. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    github.com/lizrice/debugger-from-scratch with thanks to @mlowicki & @philpearl @lizrice