Check out my first novel, midnight's simulacra!

Kprobes

From dankwiki

Revision as of 04:48, 6 October 2019 by Dank (talk | contribs) (Created page with "Kprobes use the breakpoint mechanism to dynamically instrument Linux kernel code. Two types exist: <i>kprobes</i> can be attached to all but a few blacklisted instruction rang...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Kprobes use the breakpoint mechanism to dynamically instrument Linux kernel code. Two types exist: kprobes can be attached to all but a few blacklisted instruction ranges in a running kernel, while kretprobes are attached to a function and run when it returns. This instrumentation is typically packaged as a kernel module or eBPF.

Kernel configuration

CONFIG_KPROBES=y
CONFIG_HAVE_KPROBES=y
CONFIG_KPROBE_EVENTS=y

Further reading

LWN's Introduction to Kprobes, 2005-04-18

Retrieved from "https://nick-black.com/dankwiki/index.php?title=Kprobes&oldid=6350"