Skip to content

Latest commit

 

History

History
22 lines (17 loc) · 1.2 KB

README.md

File metadata and controls

22 lines (17 loc) · 1.2 KB

multiatch-relocate-example

Make a single uprobe.bpf.o able to work on both x86_64 and aarch64

Way:

  • Build that object file using vmlinux header of x86, so it would be able to work on x86
  • Patch the object file bases on CORE relocation records in .BTF.ext, manually patch access to struct pt_regs with offsets to aarch64, then remove .BTF.ext section.

How to use?

  • Run make -C ./uprobe -j8 && cp ./uprobe/.output/uprobe.bpf.o . && cp ./uprobe/target . to get a bpf object file which is able to run on x86
  • Run make loader and ./loader uprobe.bpf.o, and run ./target in another terminal. See /sys/kernel/tracing/trace_pipe for output. This can prove that the ebpf program is able to run on x86
  • Run cd relocate && cargo run -- ../uprobe.bpf.o to generate uprobe_new.bpf.o. This step requires Rust.

On aarch64 machine (Debian12 ARM64 has been tested):

  • Run make -C ./uprobe target && cp ./uprobe/target .
  • Run make loader. This steps requires libbpf
  • Copy that uprobe_new.bpf.o to the project root
  • Run ./loader uprobe_new.bpf.o, and ./target in another terminal
  • See /sys/kernel/tracing/trace_pipe for output

References