Please reply to the list. I don't know, this is _your_ research :)
Thanks, Mathieu ----- Original Message ----- > From: "tarek slaymia" <[email protected]> > To: "Mathieu Desnoyers" <[email protected]> > Sent: Thursday, June 5, 2014 2:50:50 PM > Subject: Re: [lttng-dev] lttng kretprobe issue > thanks Mathiew. > what i'm trying to do exacltly is changing the address of sys_write in the > sys_call_table by a new function. > i wanna check if the sys_call_table[__NR_write] contains the address of my > new function instead of the address of sys_write after loading my module. > How can i check this change using lttng ? > Thanks in advance ! > 2014-06-05 13:08 GMT-04:00 Mathieu Desnoyers < [email protected] > > : > > > From: "tarek slaymia" < [email protected] > > > > > > > To: [email protected] , [email protected] > > > > > > Sent: Thursday, May 29, 2014 3:53:10 PM > > > > > > Subject: [lttng-dev] lttng kretprobe issue > > > > > > Hi all > > > > > > when i replace a syscall function address for example sys_write using > > > this > > > function in my LKM module : > > > > > > xchg(&sys_call_table[__NR_write],my_own_write); > > > > > > In the normal case the content of sys_call_table[__NR_write] address > > > changes > > > and it displays the address of my_own_write using debug technique . > > > > > > I have an issue when tracing this change using lttng kretprobe : > > > > > > lttng enable-event sys_write -k --function sys_write > > > > > > The ip value of sys_write ( the same address of > > > sys_call_table[__NR_write] > > > ) > > > remains the same even after changing it by the new function address > > > (address > > > of my_own_write) > > > > > > Why the ip value of sys_write syscall displayed in lttng traces remains > > > the > > > same even after changing it ? > > > > > sys_write is a symbol, and its address does not change. You place the > > > kretprobe on the symbol. > > > What you are overwriting is the content of the sys_call_table array, not > > > the address of the sys_write symbol. > > > So the resulting behavior is very much expected. > > > Thanks, > > > Mathieu > > > > Best regards. > > > > > > _______________________________________________ > > > > > > lttng-dev mailing list > > > > > > [email protected] > > > > > > http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev > > > > > -- > > > Mathieu Desnoyers > > > EfficiOS Inc. > > > http://www.efficios.com > -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com
_______________________________________________ lttng-dev mailing list [email protected] http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
