larytet

// ==UserScript==
// @name           Yad2 Ad update
// @namespace      yad2
// @description    Simulates click on "kaftor3"
// @include        http://my.yad2.co.il/MyYad2/MyOrder/Yad2.php
// ==/UserScript==
// Use chromium-browser --enable-easy-off-store-extension-install to install offline 
// in Chrome

/*

larytet

@define cc1 %( "/usr/libexec/gcc/x86_64-redhat-linux/6.3.1/cc1" %)
global insns
probe perf.hw.instructions.process(@cc1).counter("foo") {}
probe process(@cc1).function("*").return {
   insns[execname(),tid()] = @perf("foo") // implicit max()
}

larytet

stap -D MAXSKIPPED=0 -D MAXTRYLOCK=1000000 -D TRYLOCKDELAY=1 -g   -e 'global ar%; function w_ar() {ar[tid()]=tid();} %{long long counter;u8 shm[256];static void* w_shm(void);static void* w_shm() {memset(shm, 0, sizeof(shm));return shm;} %} probe syscall.close{w_ar();%{ {counter++;w_shm();} %}} probe syscall.close.return {w_ar();%{ {counter++;w_shm();} %}} probe syscall.open{w_ar();%{ {counter++;w_shm();} %}} probe syscall.open.return{w_ar();%{ {counter++;w_shm();} %}} probe syscall.dup2.return{w_ar();%{ {counter++;w_shm();} %}} probe syscall.dup2.return{w_ar();%{ {counter++;w_shm();} %}} probe syscall.read.return{w_ar();%{ {counter++;w_shm();} %}} probe syscall.read{w_ar();%{ {counter++;w_shm();} %}} probe end {  %{ {printk("\n%lli\n", counter);} %}}'


stap -D MAXSKIPPED=0 -D MAXTRYLOCK=1000000 -D TRYLOCKDELAY=1 -g   -e '%{long long counter;u8 shm[256];static void* w_shm(void);static void* w_shm() {memset(shm, 0, sizeof(shm));return shm;} %} probe syscall.close{%{ {counter++;w_shm();} %}} probe syscall.close

larytet

probe kprocess.exec
{
	%{HIT_MAP_INC(HIT_MAP_KPROCESS_EXEC)%}
 	tid = tid()
 	if (stringat(filename,0) == 0x22) // filename starts with a quotation mark
 	{
		MAP_SYSCALL_EXEC_NAME[tid] = filename 
		MAP_SYSCALL_EXEC_ARGV[tid] = args
 	}
 	else  // failed to recog the filename, trigger do_execve

larytet

#!/bin/bash

function echo_loop()
{
  file=echo_file_`date +%s%N`
  echo $file
  echo > $file
  counter=1
  end=$((SECONDS+10))
  while [ $SECONDS -lt $end ]; do 

larytet

wget https://raw.githubusercontent.com/torvalds/linux/master/scripts/extract-vmlinux
chmod +x extract-vmlinux 
sudo ./extract-vmlinux /boot/vmlinuz-`uname -r` > vmlinux
crash vmlinux

larytet

// Use MAXMAPENTRIES to set the maximum size of the array
// for example sudo stap  -D MAXMAPENTRIES=40000 ./src/driver/load_measurement.stp
global probe_frequency%
global processes%

probe begin
{
	printf("Ctrl-C to print the results\n");
}

larytet

/*
Shared memory (SHM_FIFO) is a byte ring buffer in the virtual memory. Driver pushes the data to
the tail of the FIFO (producer) and user space application reads the data from the head of the
buffer. Driver always places data structures in consecutive memory. If there is not enough
room to place the whole structure into the ring buffer without wrap around driver places special
"skip" code until the last byte of the allocated virtual memory and writes the structure
starting with offset zero. Application knows to handle the wrap around correctly by checking
if there is enough space for a strcuture of minimum size and skipping the data to the end of the
virtual memory.

larytet

static void *rvmalloc(unsigned long size)
{
	void *mem;
	unsigned long adr;

	size = PAGE_ALIGN(size);
	mem = vzalloc(size); //syscalls_trace_buffer;//vmalloc(size);
#	if (SHM_RESERVE_PAGES > 0)
	if (mem) {
		// memset(mem, 0, size);  vzalloc() will zero the memory

larytet

• http://dynamorio.org/
• http://www.drmemory.org/ is a 3x-5x times faster alternative for valgrind memcheck
• http://ics11.cs.arizona.edu/workshops/whist-2011/papers/whist-2011-rountree.pdf
• https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool