fche changed the topic of #systemtap to: http://sourceware.org/systemtap; email systemtap@sourceware.org if answers here not timely, conversations may be logged
gromero has quit [Ping timeout: 276 seconds]
gromero has joined #systemtap
gromero has quit [Ping timeout: 255 seconds]
hpt has joined #systemtap
orivej has joined #systemtap
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #systemtap
gromero has joined #systemtap
sj0rz has quit [Quit: o/]
sj0rz has joined #systemtap
orivej has quit [Ping timeout: 252 seconds]
orivej has joined #systemtap
orivej has quit [Ping timeout: 264 seconds]
orivej has joined #systemtap
gromero has quit [Ping timeout: 255 seconds]
orivej has quit [Ping timeout: 248 seconds]
orivej has joined #systemtap
sanoj has joined #systemtap
orivej has quit [Ping timeout: 248 seconds]
orivej has joined #systemtap
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #systemtap
slowfranklin has joined #systemtap
sanoj has quit [Ping timeout: 240 seconds]
orivej has quit [Ping timeout: 256 seconds]
slowfranklin has quit [Quit: slowfranklin]
slowfranklin has joined #systemtap
slowfranklin has quit [Quit: slowfranklin]
gila has joined #systemtap
sanoj has joined #systemtap
slowfranklin has joined #systemtap
hpt has quit [Quit: Lost terminal]
orivej has joined #systemtap
orivej has quit [Ping timeout: 246 seconds]
sanoj has quit [Ping timeout: 248 seconds]
gila has quit [Quit: My Mac Pro has gone to sleep. ZZZzzz…]
orivej has joined #systemtap
mjw has joined #systemtap
gromero has joined #systemtap
<sb3>
drsmith: i found no answer unfortunately
<sb3>
drsmith_away: even.
<sb3>
i'm attempting to interpose printf, so ultimately syscall.write, and have it "return" a custom string
<sb3>
would be great to have this as a LKM, but then i'm not sure where it would end up being printed out - kernel messages probably?
orivej has quit [Ping timeout: 252 seconds]
orivej has joined #systemtap
orivej has quit [Ping timeout: 240 seconds]
<fche>
you can certainly hook syscall.write in the kernel or printf(3) in userspace
<fche>
but not 'interpose' in the sense of 'replace the function entirely' in any easy way
mbenitez has joined #systemtap
mbenitez has quit [Changing host]
mbenitez has joined #systemtap
<sb3>
fche: thanks for your info
<fche>
if you can be more specific about what outcome you're looking for, we can help more
sanoj has joined #systemtap
wcohen has quit [Ping timeout: 240 seconds]
orivej has joined #systemtap
<sb3>
fche: sure - i must admit i'm struggling with articulating my requirements, but: To have stap spit out a LKM which, for a particular binary and/or execname(), will hook syscall.write and replace the formatstr with something custom
sanoj has quit [Ping timeout: 265 seconds]
<fche>
ok; note that syscall.write never sees printf style format strings
<fche>
printf is evaluated in userspace (glibc)
<fche>
by the time the data hits the kernel, it's all -formatted- & ready-to-print.
<sb3>
ah yeah sorry, in that case i mean clobbering the buffer that write gets
scox has quit [Ping timeout: 265 seconds]
drsmith_away is now known as drsmith
sanoj has joined #systemtap
<sb3>
probe syscall.write {
<sb3>
log($$vars);
<sb3>
if(execname() == "prog1") {
<sb3>
}
<sb3>
}
<sb3>
with this, i see:
<sb3>
fd=0x1 buf=0x225e010 count=0x13 ret=?
<fche>
yup, so the $buf variable is the userspace buffer with the string
<fche>
the buf_str script variable will have a copy of its contents
<sb3>
ah ok - the len is also though, ala write(2), but i'm not sure about squeezing what i want to write in there
<sb3>
will i not be running into segfault territory?
<fche>
you very well may
<fche>
set_user_string() could be used to write into that buffer, but risky (as it's a userspace area owned by glibc)
<sb3>
ah ok
<fche>
you could change the $buf pointer itself (as well as the $count var), if you have the string of interest in another location already
<sb3>
you've already given me a good push in the right direction
<sb3>
i'll have a hack around and see if i can make it happen
<sb3>
thank you for your help!
<fche>
np, good luck
<sb3>
ta
<fche>
might consider userspace probing instead of kernel space for a little more liberty
<sb3>
ah, so printf itself?
<sb3>
or puts, etc
<fche>
yeah. anyway that's an option
<sb3>
supi - will go in this direction
brolley has joined #systemtap
wcohen has joined #systemtap
wcohen has quit [Remote host closed the connection]
wcohen has joined #systemtap
tromey has joined #systemtap
scox has joined #systemtap
sanoj has quit [Ping timeout: 248 seconds]
slowfranklin has quit [Quit: slowfranklin]
pfallenop has quit [Read error: Connection reset by peer]
pfallenop has joined #systemtap
slowfranklin has joined #systemtap
slowfranklin has quit [Quit: slowfranklin]
slowfranklin has joined #systemtap
mbenitez has quit [Quit: Leaving]
mbenitez has joined #systemtap
mbenitez has joined #systemtap
gila has joined #systemtap
orivej has quit [Ping timeout: 264 seconds]
slowfranklin has quit [Quit: slowfranklin]
gila has quit [Quit: My Mac Pro has gone to sleep. ZZZzzz…]
gila has joined #systemtap
slowfranklin has joined #systemtap
mjw has quit [Quit: Leaving]
slowfranklin has quit [Quit: slowfranklin]
slowfranklin has joined #systemtap
mbenitez has quit [Quit: Leaving]
mbenitez has joined #systemtap
mbenitez has quit [Changing host]
mbenitez has joined #systemtap
mbenitez has quit [Client Quit]
tromey has quit [Quit: ERC (IRC client for Emacs 26.0.90)]
wcohen has quit [Ping timeout: 240 seconds]
scox has quit [Ping timeout: 246 seconds]
brolley has left #systemtap [#systemtap]
gromero has quit [Ping timeout: 255 seconds]
drsmith is now known as drsmith_away
gila has quit [Quit: My Mac Pro has gone to sleep. ZZZzzz…]