Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Debuggers from scratch

Liz Rice
November 06, 2017
Technology
1
3.6k

Debuggers from scratch

See how a debugger sets breakpoints and generates stack traces. The pdf version of this slide deck doesn't show the animations, so you might prefer to watch the video of this presentation at dotGo EU: https://youtu.be/TBrv17QyUE0

Liz Rice

November 06, 2017
Tweet

More Decks by Liz Rice

See All by Liz Rice
Unleashing the kernel with eBPF
lizrice
0
130
eBPF's Abilities and Limitations: The Truth
lizrice
0
240
Simplifying multi-cloud and multi-cluster Kubernetes deployments with Cilium
lizrice
0
140
When is a Secure Connection not encrypted? And other stories
lizrice
1
63
Keeping it simple: Cilium Mesh - networking for multi-cloud Kubernetes and beyond
lizrice
1
570
How Many Proxies Do You Need
lizrice
1
120
eBPF for Security Observability
lizrice
0
1.2k
Beginner's Guide to eBPF Programming for Networking
lizrice
1
2.2k
Contributing to Open Source - what's in it for my business?
lizrice
0
43

Other Decks in Technology

See All in Technology
Terraform Stacks入門 #HashiTalks
msato
0
350
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
240
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
170
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
430
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.8k
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
170
Can We Measure Developer Productivity?
ewolff
1
150
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
410
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270

Featured

See All Featured
Raft: Consensus for Rubyists
vanstee
136
6.6k
Automating Front-end Workflow
addyosmani
1366
200k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
4 Signs Your Business is Dying
shpigford
180
21k
Designing for Performance
lara
604
68k
Become a Pro
speakerdeck
PRO
25
5k
What's new in Ruby 2.0
geeforr
343
31k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k

Transcript

  1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    A debugger from scratch Liz Rice @lizrice

  2. 2 @lizrice ptrace The ptrace() system call provides a means

    by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. It is primarily used to implement breakpoint debugging and system call tracing.

  3. 3 @lizrice ptrace

  4. 4 @lizrice func f3() int { var j int j

    = 0x44444444 return i + j } Source code MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0, 0x20(SP) MOVQ $0x0, 0(SP) MOVQ $0x44444444, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP SUBQ $0x10, SP JMP main.f2(SB) Machine code

  5. 5 @lizrice MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0,

    0x20(SP) MOVQ $0x0, 0(SP) MOVQ $0x44444444, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP Program Counter CPU Registers SUBQ $0x10, SP JMP main.f2(SB) Machine code

  6. 6 @lizrice MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0,

    0x20(SP) MOVQ $0x0, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP Program Counter CPU Registers 0xCC SUBQ $0x10, SP JMP main.f2(SB) Machine code

  7. 7 @lizrice MOVQ BP, 0x8(SP) LEAQ 0x8(SP), BP MOVQ $0x0,

    0x20(SP) MOVQ $0x0, 0(SP) MOVQ 0x18(SP), AX ADDQ $0x44444444, AX MOVQ AX, 0x20(SP) MOVQ 0x8(SP), BP ADDQ $0x10, SP 0xCC SUBQ $0x10, SP JMP main.f2(SB) Machine code func f3() int { var j int j = 0x44444444 return i + j } Source code

  8. 8 @lizrice address to return to parameters & return values

    local variables CPU Registers Base Pointer address to return to Stack Pointer Program Counter Program Counter Base Pointer Call Stack Previous stack frame Previous stack frame address to return to parameters & return values

  9. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    github.com/lizrice/debugger-from-scratch with thanks to @mlowicki & @philpearl @lizrice