Thursday, December 19, 2013

Comparison between kprobes, kretprobes and jprobes

kprobes are the basic structure which are used for debugging. 

kretprobes and jprobes are the two structures which work as wrappers around the kprobes structure providing additional information.

Structure of jprobes is as follows:
struct jprobe {
        struct kprobe kp;
        void *entry;    /* probe handling code to jump to */
};

Jprobes allow you to register a function at the *entry pointer which has the same arguments as jprobe.kp.addr = <func add looked up from kallsyms> or jprobe.kp.symbol_name=<func name> for example jprobe.kp.symbol_name = do_fork.
Jprobes are useful in finding out if the arguments passed to the function we are interested in inspecting are correct?

kretprobes on the other hand are a wrapper around kprobes that allow us to register a function handler that is invoked when the function we are interested in returns.
184 struct kretprobe {
185 struct kprobe kp;
186 kretprobe_handler_t handler;
187 kretprobe_handler_t entry_handler;
188 int maxactive;
189 int nmissed;
190 size_t data_size;
191 struct hlist_head free_instances;
192 raw_spinlock_t lock;
193 };

0 comments:

Post a Comment