Re: Does this work? "dcprobes" an x86-hack simple djprobes-equivalent?

From: Masami Hiramatsu
Date: Wed Sep 27 2006 - 22:31:05 EST

Hi Karim,

Thank you for new idea.
I discussed your proposal deeply with my coworkers.

I think your approach has following advantages/disadvantages/problem;
(a) Able to be inserted into the target address of the branch.
(b) So, binary analysis tool becomes simple.
(c) Implementation is much complicated.
(d) Highly depend on the x86 arch.
(e) Bigger overhead than djprobe.
(f) There will be side effect(*)
(g) User applications can modify LDT. (ex. wine)

I think the dcprobe will work, but, unfortunately, it has
an vulnerability by the problem (g).

(*) In the following code:
do {
}while (a <= 100)
In case of inserting dcprobe at the 1st line (a=0),
it will replace 2nd (or more) instructions.
In this case, the fix up routine (based on int3)
will be invoked one hundred times.


2nd Research Dept.
Hitachi, Ltd., Systems Development Laboratory

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at