Skip to content

Instantly share code, notes, and snippets.

@jperkin

jperkin/userland-dtrace-so.md

Created February 27, 2024 17:28
Show Gist options
  • Save jperkin/c6c19ded5daaecd9c53656a37ff06d56 to your computer and use it in GitHub Desktop.
Save jperkin/c6c19ded5daaecd9c53656a37ff06d56 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. jperkin created this gist Feb 27, 2024.
    58 changes: 58 additions & 0 deletions userland-dtrace-so.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,58 @@
    Userland arguments work for functions from the main object, but not those in shared libraries.

    An example from the main `smbd` program is ok:

    ```console
    $ dtrace -lvn 'pid$target:smbd:samba_cmdline_init:entry' -p 76224
    ID PROVIDER MODULE FUNCTION NAME
    96158 pid76224 smbd samba_cmdline_init entry

    Probe Description Attributes
    Identifier Names: Private
    Data Semantics: Private
    Dependency Class: Unknown

    Argument Attributes
    Identifier Names: Private
    Data Semantics: Private
    Dependency Class: Unknown

    Argument Types
    args[0]: userland TALLOC_CTX *
    args[1]: userland enum samba_cmdline_config_type
    args[2]: userland _Bool
    ```

    But any from `libsmbd-base-samba4.so` (or indeed any of the Samba shared libraries) are all listed as "unknown":

    ```console
    $ dtrace -lvn 'pid$target::readlink_talloc:entry' -p 76224
    ID PROVIDER MODULE FUNCTION NAME
    97390 pid76224 libsmbd-base-samba4.so readlink_talloc entry

    Probe Description Attributes
    Identifier Names: Private
    Data Semantics: Private
    Dependency Class: Unknown

    Argument Attributes
    Identifier Names: Private
    Data Semantics: Private
    Dependency Class: Unknown

    Argument Types
    args[0]: (unknown)
    args[1]: (unknown)
    args[2]: (unknown)
    args[3]: (unknown)
    ```

    As far as I can see they are built in the same way, and CTF is generated correctly for them. For example `ctfdump -c`:

    ```console
    $ ctfdump -c /opt/local/sbin/smbd | grep samba_cmdline_init
    extern _Bool samba_cmdline_init(TALLOC_CTX *, enum samba_cmdline_config_type, _Bool);

    $ ctfdump -c /opt/local/lib/samba/private/libsmbd-base-samba4.so | grep readlink_talloc
    extern NTSTATUS readlink_talloc(TALLOC_CTX *, struct files_struct *, struct smb_filename *, char **);
    ```