zoukankan      html  css  js  c++  java
  • Tracing Memory access of an oracle process : Intel PinTools

    https://mahmoudhatem.wordpress.com/2016/11/07/tracing-memory-access-of-an-oracle-process-intel-pintools/

     

     

    This blog post is motivated by a conversation with Frits Hoogland on his great blog post The curious case of the missing semctl call about how he managed to find  a useful memory address (suspecting a fixed SGA variable) used by a process in his investigation.So here i will show how we can easily generates a trace of all/range of memory addresses referenced by a program with an acceptable overhead.

     

    For that we are going to use a Binary Instrumentation Tool named Pin.Pin is basically a tool to insert arbitrary code (written in C or C++) in arbitrary places in the executable. The code is added dynamically while the executable is running.

    What is interesting is that Pin allow as to us to instrument only a class of instructions like memory operations by using the Pin API which includes functions that classify and examine instructions.For more info please check :

    Using PinTools we can trace all/range of memory  references inside a program by attaching to the running process.

    Time for testing : (OEL6/UEK4/ORACLE 12.1.0.2.6)

    1. Download pin tools and install it as user oracle (as of UPDATE 17/11/2016 )
    2. Build the sample tool for memory reference tracing (  cd source/tools/SimpleExamples   make obj-intel64/pinatrace.so )
    3. Test it using the root/oracle user :

    ../../../pin -t obj-intel64/pinatrace.so — /bin/ls

    UPDATE 17/11/2016 : The owner of the instrumented program (target to attach to) need to access some files from the pin directory like (pinbin,linker,etc) so to trace the oracle executable (owner oracle) using the root user for example  execute the following command after installing pin :”chown -R oracle pin_tools/pin-3.0-76991-gcc-linux” or simply install pin using the oracle user (if the instrumented program don’t have access to some files in the pin directory you will receive the following misleading  error “E: Pin loader can’t open file /app/oracle/12.1.0/dbhome_1/bin/oracle: Permission denied”).

    UPDATE 17/11/2016 : Good introduction to Intel Pin by Frits Hoogland :  Introduction to Intel Pin

    Let’s try how we can find the address “0x60027e20” referenced inside “ksaamb” using PIN tools.(as found by Frits Hoogland) .

    Using gdb we can verify that with our test case (deleting one line from a table followed by a commit) this address is accessed 4 time (3 reads/1 writes):

    capture-01

    Using pin tools  (The test case took less that 2 sec to run and display all the memory address referenced) :

    /pin-3.0-76991-gcc-linux/pin -pid 9266  -t  /pin-3.0-76991-gcc-linux/source/tools/SimpleExamples/obj-intel64/pinatrace.so

    capture-02

    We have the memory address and it’s content and also from where it’s was referenced (Instruction pointer). Using addr2line we can display the actual symbol name :

    capture-04

    Extract from the memory trace file :

    capture-03

    This was a very simple example using a ready to use sample tools.More complex plugin can be written depending on the needs.

  • 相关阅读:
    ioncube 加密软件 linux 使用方法
    PHP使用FPDF pdf添加水印中文乱码问题 pdf合并版本问题
    redis windows dll 下载
    浅析PHP7新功能及语法变化总结
    PHP二维数组去重
    extract 用法说明
    python基础之循环
    linux防火墙(五)—— 防火墙的规则备份与还原
    Haproxy搭建Web群集
    网站五层架构
  • 原文地址:https://www.cnblogs.com/zengkefu/p/8432176.html
Copyright © 2011-2022 走看看