ftrace -s ./programm doesnt work with gcc #5
Comments
|
Keep in mind it does not work on position independent executables. Back
when I designed it there were virtually none. Also it's very slow it should
not use PTRACE_SINGLESTEP, it should set breakpoints on the function
addresses and use PTRACE_CONT until it hits each breakpoint. Feel free to
update it :)
…-Ryan
On Tue, Jul 13, 2021 at 7:22 PM flaskymasky ***@***.***> wrote:
i tried it with gcc on both 32 and 64 executable.
it works with clang tho.
Ubuntu kernel: 5.8.0-59
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#5>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABMVMIATTNPRAHEHSLT4WLTTXTYGNANCNFSM5AKQE7XA>
.
|
|
What do you mean it doesn't work with gcc? Show me the output.
…-Ryan
On Tue, Jul 13, 2021 at 9:37 PM ryan oneill ***@***.***> wrote:
Keep in mind it does not work on position independent executables. Back
when I designed it there were virtually none. Also it's very slow it should
not use PTRACE_SINGLESTEP, it should set breakpoints on the function
addresses and use PTRACE_CONT until it hits each breakpoint. Feel free to
update it :)
-Ryan
On Tue, Jul 13, 2021 at 7:22 PM flaskymasky ***@***.***>
wrote:
> i tried it with gcc on both 32 and 64 executable.
> it works with clang tho.
>
> Ubuntu kernel: 5.8.0-59
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#5>, or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/ABMVMIATTNPRAHEHSLT4WLTTXTYGNANCNFSM5AKQE7XA>
> .
>
|
|
Sorry i had no internet the rest of my text didn't send; if I run 64 bit gcc -o prog prog.c output just : [+] Function tracing begins here:
just the normal program output nothing else. when I use clang to compile it works perfect, maybe some difference in linking and symbol tables, I don't know. |
|
Hey, can you recommend me some books for expanding my knowledge in general ( binary analysis, Assembly, ... ) maybe some of which you gained your knowledge too. |
|
Hey Flaskymasky,
I mainly learned by studying papers. I wrote a book that has helped alot of
people to learn ELF binary voodoo it's called "learning linux binary
analysis"
…-Ryan
On Thu, Jul 15, 2021 at 7:54 PM flaskymasky ***@***.***> wrote:
Hey, can you recommend me some books for expanding my knowledge in general
( binary analysis, Assembly, ... ) maybe some of which you gained your
knowledge too.
I would appreciate it very much.
Thanks
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#5 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABMVMICGRH6PMUYOHUHQQODTX6NNTANCNFSM5AKQE7XA>
.
|
|
Ok thanks. |
|
Absolutely. Best of luck on your journey. Feel free to hit me up with
questions anytime. I'm not sure why gcc is not working to build the
software properly.
One day I may re-write ftrace :)
…-Ryan
On Fri, Jul 16, 2021 at 12:43 PM flaskymasky ***@***.***> wrote:
Ok thanks.
I am doing your book right now, as I said great book and thank you for
your time :)
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#5 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABMVMIHYLUFSQ2TV4BURKJDTYCDVXANCNFSM5AKQE7XA>
.
|
|
Thank you alot. |
|
@elfmaster and some call instruinstruction is ff15 not prefix is e8
|
|
Yes I am familiar w this limitation. It doesn’t handle indirect calls, or
position independent executables.
…On Thu, Sep 2, 2021 at 7:39 PM 易罗阳 ***@***.***> wrote:
@elfmaster <https://github.com/elfmaster>
the problem is that :
[image: image]
<https://user-images.githubusercontent.com/23090916/131942074-20036f24-4967-4af1-b43e-f6a8be42b833.png>
and some call instruinstruction is ff15 not prefix is e8
[image: image]
<https://user-images.githubusercontent.com/23090916/131942214-17111dfe-1915-4eac-adbc-78f3c94f54f5.png>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#5 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABMVMICINW7SYLZJQMHZYVTUAAYMRANCNFSM5AKQE7XA>
.
|
|
If you want to build support I’ll answer any questions you have
…On Thu, Sep 2, 2021 at 8:14 PM ryan oneill ***@***.***> wrote:
Yes I am familiar w this limitation. It doesn’t handle indirect calls, or
position independent executables.
On Thu, Sep 2, 2021 at 7:39 PM 易罗阳 ***@***.***> wrote:
> @elfmaster <https://github.com/elfmaster>
> the problem is that :
> [image: image]
> <https://user-images.githubusercontent.com/23090916/131942074-20036f24-4967-4af1-b43e-f6a8be42b833.png>
>
> and some call instruinstruction is ff15 not prefix is e8
>
> [image: image]
> <https://user-images.githubusercontent.com/23090916/131942214-17111dfe-1915-4eac-adbc-78f3c94f54f5.png>
>
> —
> You are receiving this because you were mentioned.
>
>
> Reply to this email directly, view it on GitHub
> <#5 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/ABMVMICINW7SYLZJQMHZYVTUAAYMRANCNFSM5AKQE7XA>
> .
>
|
how solve it? thanks,i have same problem |
answer myself: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
i tried it with gcc on both 32 and 64 executable.
it works with clang tho.
Ubuntu kernel: 5.8.0-59
The text was updated successfully, but these errors were encountered: