摘要:
作者:朱辉开源网站:https://github.com/teawaterhttp://teawater.github.io/kgtp/有一个中文版本的描述内核编译:Generalsetup--˃[*]提示开发和/或completecode/drivers[*]KrobeKernel hacking--˃[*]使用调试编译内核
作者:朱辉
开源网址:https://github.com/teawater
http://teawater.github.io/kgtp/ 有中文版说明
内核编绎:
General setup ---> [ * ] Prompt fordevelopment and/or incomplete code/drivers [ * ] KprobeKernel hacking ---> [ * ] Compile the kernel with debug info [ * ] Compile the kernel with frame pointersgdb版本:
KGTP_NEED_GDB_VERSION = 7.6
KGTP_INSTALL_GDB = "gdb-7.7"
1.编绎
tar -zxvf kgtp-20140510.tar.gz
[root@localhost kgtp-20140510]# ls add-ons gtp_2.6.20_to_2.6.32.patch gtp_rb.c plugin_example.c dkms.conf gtp_2.6.33_to_2.6.38.patch kgtpcn.odt putgtprsp.c dkms_others_install.sh gtp_2.6.39.patch kgtpcn.pdf README.md dkms_others_uninstall.sh gtp_3.0_to_3.6.patch kgtp.odt ring_buffer.c getframe.c gtp_3.7_to_upstream.patch kgtp.pdf ring_buffer.h getgtprsp.pl gtp.c kgtp.py UPDATE getmod.c gtp.h Makefile getmod.py gtp_older_to_2.6.19.patch perf_event.c
[root@localhost kgtp-20140510]# make make CROSS_COMPILE= -C /lib/modules/2.6.32/build/ M=/root/kgtp-20140510 modules make[1]: Entering directory `/usr/src/kernels/linux-2.6.32' CC [M] /root/kgtp-20140510/gtp.o /root/kgtp-20140510/gtp.c:132:2: warning: #warning "Current Kernel is too old. Function of performance counters is not available." /root/kgtp-20140510/gtp.c:168:2: warning: #warning "Cannot trace user program because the Linux Kernel that older than 3.9 doesn't support UPROBES." /root/kgtp-20140510/gtp_rb.c: In function ‘gtp_rb_walk’: /root/kgtp-20140510/gtp_rb.c:337: warning: ‘step’ may be used uninitialized in this function /root/kgtp-20140510/gtp.c:132:2: warning: #warning "Current Kernel is too old. Function of performance counters is not available." /root/kgtp-20140510/gtp.c:168:2: warning: #warning "Cannot trace user program because the Linux Kernel that older than 3.9 doesn't support UPROBES." Building modules, stage 2. MODPOST 1 modules CC /root/kgtp-20140510/gtp.mod.o LD [M] /root/kgtp-20140510/gtp.ko make[1]: Leaving directory `/usr/src/kernels/linux-2.6.32' gcc -O2 -static -o getmod getmod.c gcc -O2 -static -o getframe getframe.c gcc -O2 -static -o putgtprsp putgtprsp.c
2.insmod gtp.ko
3. mount -t sysfs none /sys/
mount -t debugfs none /sys/kernel/debug/
4. cd /usr/src/kernels/linux-2.6.32 进入源代码目录
5.gdb vmlinux
6.(gdb) target remote /sys/kernel/debug/gtp
7. 调试内核
(gdb) trace vfs_readdir 跟踪涵数名 Tracepoint 1 at 0xffffffff810d751f: file fs/readdir.c, line 23.
-------------------------------------------------------------------- (gdb) actions 设轩预到跟踪点进行收集信息
Enter actions for tracepoint 1, one per line. End with a line saying just "end".
> collect jiffies_64 > collect file->f_path.dentry->d_iname > end
------------------------------------------------------------------------------------------- (gdb) tstart 开始跟踪
-------------------------------------------------------------------------------------------- (gdb) shell ls :跟踪ls arch Documentation init MAINTAINERS net security virt block drivers ipc Makefile README sound vmlinux COPYING firmware Kbuild mm REPORTING-BUGS System.map vmlinux.o CREDITS fs kernel modules.order samples tools crypto include lib Module.symvers scripts usr
---------------------------------------------------------------------------------------------- (gdb) tstop 停止跟踪
------------------------------------------------------------------------------------------------- (gdb) tfind #0 vfs_readdir (file=0xffff88003c087480, filler=0xffffffff810d7468 <filldir>, buf=0xffff88004884df38) at fs/readdir.c:23 23 { (gdb) p jiffies_64 $1 = 4297940608 (gdb) p file->f_path.dentry->d_iname $2 = "/