$30 off During Our Annual Pro Sale. View Details »

Debuggers from scratch

Liz Rice
November 06, 2017
Technology
1
3.4k

Debuggers from scratch

See how a debugger sets breakpoints and generates stack traces. The pdf version of this slide deck doesn't show the animations, so you might prefer to watch the video of this presentation at dotGo EU: https://youtu.be/TBrv17QyUE0

Liz Rice

November 06, 2017
Tweet

More Decks by Liz Rice

See All by Liz Rice
When is a Secure Connection not encrypted? And other stories
lizrice
0
6
Keeping it simple: Cilium Mesh - networking for multi-cloud Kubernetes and beyond
lizrice
1
380
How Many Proxies Do You Need
lizrice
1
94
eBPF for Security Observability
lizrice
0
900
Beginner's Guide to eBPF Programming for Networking
lizrice
1
1.7k
Contributing to Open Source - what's in it for my business?
lizrice
0
33
Cloud Native eBPF Superpowers
lizrice
0
210
Beginner's Guide to eBPF programming with Go
lizrice
0
950
Kubernetes-native security with Starboard
lizrice
0
150

Other Decks in Technology

See All in Technology
Garoon 開発チーム / Garoon development team
cybozuinsideout
PRO
0
2.2k
急成長スタートアップにおける技術的負債とトレードオフ・スライダー / Technical Debt and Trade-off Sliders in Fast-Growing Startups
codenote
2
2.3k
SmartHRのマルチプロダクト戦略実行の苦悩と挑戦
h1kita
5
3k
Making your Kubernetes-based log collection reliable & durable with Vector
palark
0
340
CPOが開発する覚悟 〜コンパウンドスタートアップにおける、爆速の新規プロダクト開発スタイル〜
mosa_siru
7
6.1k
Kaggle Tokyo Meetup2023 CommonLit Solutionの紹介と考え方 - Fulltrain戦略と(Seed/Model)Ensembleの可視化 -
chumajin
2
1k
AWS re:Invent 2023の期間中に出たコンテナアップデート集
yoshiitaka
3
200
開発組織の体制づくり、いつやるか問題
akiroom
0
1.7k
CloudNative_TrailMap_Study#2_20231114
tkhresk
1
110
pmconf 2023 プロダクトと事業を無限にスケールするための最強のロードマップの作り方 / The Greatest Roadmap for Unlimited Scaling your Business and Products
yamamuteki
15
8.2k
ROSCon 2023参加報告:Real-Time Workshop & Zenoh's Current Status and Forecast
takasehideki
1
210
eBPF for the rest of us - Golab 2023
fedepaol
0
320

Featured

See All Featured
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
2.7k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
In The Pink: A Labor of Love
frogandcode
135
21k
Designing for humans not robots
tammielis
246
24k
How to name files
jennybc
59
87k
Optimizing for Happiness
mojombo
368
68k
GitHub's CSS Performance
jonrohan
1021
440k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
0
270
How to train your dragon (web standard)
notwaldorf
71
4.8k
Ruby is Unlike a Banana
tanoku
93
10k
The Cult of Friendly URLs
andyhume
71
5.4k

Transcript

  1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.
    A debugger from scratch
    Liz Rice
    @lizrice

    View Slide

  2. 2
    @lizrice
    ptrace
    The ptrace() system call provides a means by which one process (the
    "tracer") may observe and control the execution of another process
    (the "tracee"), and examine and change the tracee's memory and
    registers. It is primarily used to implement breakpoint debugging
    and system call tracing.

    View Slide

  3. 3
    @lizrice
    ptrace

    View Slide

  4. 4
    @lizrice
    func f3() int {
    var j int
    j = 0x44444444
    return i + j
    }
    Source code
    MOVQ BP, 0x8(SP)
    LEAQ 0x8(SP), BP
    MOVQ $0x0, 0x20(SP)
    MOVQ $0x0, 0(SP)
    MOVQ $0x44444444, 0(SP)
    MOVQ 0x18(SP), AX
    ADDQ $0x44444444, AX
    MOVQ AX, 0x20(SP)
    MOVQ 0x8(SP), BP
    ADDQ $0x10, SP
    SUBQ $0x10, SP
    JMP main.f2(SB)
    Machine code

    View Slide

  5. 5
    @lizrice
    MOVQ BP, 0x8(SP)
    LEAQ 0x8(SP), BP
    MOVQ $0x0, 0x20(SP)
    MOVQ $0x0, 0(SP)
    MOVQ $0x44444444, 0(SP)
    MOVQ 0x18(SP), AX
    ADDQ $0x44444444, AX
    MOVQ AX, 0x20(SP)
    MOVQ 0x8(SP), BP
    ADDQ $0x10, SP
    Program Counter
    CPU Registers SUBQ $0x10, SP
    JMP main.f2(SB)
    Machine code

    View Slide

  6. 6
    @lizrice
    MOVQ BP, 0x8(SP)
    LEAQ 0x8(SP), BP
    MOVQ $0x0, 0x20(SP)
    MOVQ $0x0, 0(SP)
    MOVQ 0x18(SP), AX
    ADDQ $0x44444444, AX
    MOVQ AX, 0x20(SP)
    MOVQ 0x8(SP), BP
    ADDQ $0x10, SP
    Program Counter
    CPU Registers
    0xCC
    SUBQ $0x10, SP
    JMP main.f2(SB)
    Machine code

    View Slide

  7. 7
    @lizrice
    MOVQ BP, 0x8(SP)
    LEAQ 0x8(SP), BP
    MOVQ $0x0, 0x20(SP)
    MOVQ $0x0, 0(SP)
    MOVQ 0x18(SP), AX
    ADDQ $0x44444444, AX
    MOVQ AX, 0x20(SP)
    MOVQ 0x8(SP), BP
    ADDQ $0x10, SP
    0xCC
    SUBQ $0x10, SP
    JMP main.f2(SB)
    Machine code
    func f3() int {
    var j int
    j = 0x44444444
    return i + j
    }
    Source code

    View Slide

  8. 8
    @lizrice
    address to return to
    parameters & return values
    local variables
    CPU Registers
    Base Pointer
    address to return to
    Stack Pointer
    Program Counter
    Program Counter
    Base Pointer
    Call Stack
    Previous stack frame
    Previous stack frame
    address to return to
    parameters & return values

    View Slide

  9. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.
    github.com/lizrice/debugger-from-scratch
    with thanks to @mlowicki & @philpearl
    @lizrice

    View Slide