-
Notifications
You must be signed in to change notification settings - Fork 566
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
attach feature on Windows #725
Comments
From bruen...@google.com on May 08, 2012 10:42:26 some ideas I've entertained: ** TODO how regain control? however, some experiments show that cbs are delivered at probably |
From bruen...@google.com on May 08, 2012 10:42:38 Owner: bruen...@google.com |
From bruen...@google.com on May 09, 2012 07:37:55 *** TODO idea: set trap flag and single-step while this works great across normal syscalls, it fails to work across int2b or cbret syscall (debugger must use some other mechanism). it also has complications on wow64: would have to have some x64 stubs in 32-bit DR. |
9c95ba5 added enumeration and takeover of unknown threads, invoked by default on regular startup |
Added in #5075. Test occasionally failing in one of two ways:
|
Adds an attach feature for Windows, marked as experimental. Builds on the unsubmitted PR #3328. One difference from the original PR, is not taking over threads that are terminating (otherwise attach always fails). Added the possibility to sleep 1 millisecond between takeover attempts, and controlling the number of attempts. Attach fails when the main thread (to which we are injecting) is blocking. To solve this, we create a new suspended thread that sleeps indefinitely and we inject into it. As part of pointing this thread at a Sleep function, generalizes find_remote_ntdll_base() to find_remote_dll_base(), and solves an infinite loop there coming from strange kernel behavior. Adds attach documentation to the section on how to deploy an application under DR. Adds a new test client.attach. It uses a new target rather than the existing infloop due to differences in staging the output checking steps. Unfortunately there are still some flaky failures, so the test is added to the ignore list for now in order to make progress and get this key feature into DR. Co-authored-by: Yibai Zhang <xm1994@gmail.com> Co-authored-by: orbp <obporathl@gmail.com> Issue: #725
I thought the Windows detach via nudge was exposed today but it's not: The existing Windows detach nudge feature is internal to DR and does not go So that is a remaining action item as well. Xref adding a nudge detach |
Still remaining:
Once we have those 2 things we should be able to close this issue (with any future problems being opened as new bugs). |
For the test, pasting from PR #6209 See e.g. client.attach_test which has support in multiple places to accomplish an attach from another process: see git grep '<attach'. |
The old way to trigger detach on the Windows platform is the no-longer-supported "drcontrol" front-end. Re-exposing the detach feature in drconfig front-end on the Windows platform. The following briefly describes my manual testing process, and I'll continue to submit an automated testing tool in a new PR soon. I wrote my own continuously running example as a manual test case for DynamoRIO, which counts the time of summing the first 1 billion numbers in real time. I'd like to use the real-time output of the test case to present the running state of the program. ``` #include <iostream> #include <chrono> #define LOOPCOUNT 100000; // Function to perform a computationally intensive task void performTask() { //calculate the sum of the first 1 billion numbers long long unsigned sum = 0; for (int i = 1; i <= 1000000000; ++i) { sum += i; } std::cout << "The sum of the first 1 billion numbers: " << sum << std::endl; } void single_loop() { // Start the timer auto start = std::chrono::high_resolution_clock::now(); // Perform the computationally intensive task performTask(); // Stop the timer auto end = std::chrono::high_resolution_clock::now(); // Calculate the elapsed time auto duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start); // Print the elapsed time std::cout << "Elapsed time: " << duration.count() << " milliseconds" << std::endl; } int main() { int counts = LOOPCOUNT; for (int i = 0; i < counts;i++) { single_loop(); } return 0; } ``` Here are the steps to perform a manual test: 1. Execute our test case: ./SumOneBillion.exe 2. Use the "ps" command to get the target process ID: ps | grep SumOneBillion 3. Use "-attach" option to instrument the target process ID: .\drrun.exe -attach pid -c64 D:\dynamorio\build_debug\api\bin\inscount.dll 4. Use "-detach" option to stop the instrumentation:.\drconfig.exe -detach pid The output of the test case and the DynamoRIO in debug version is like following. > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 192 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 191 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 191 milliseconds **> <Starting application D:\vs_demos_repos\SumOneBillion\x64\Release\SumOneBillion.exe (16300)> > <cannot remove dll from rbtree: at root/min + can't find real tree> > <Running on newer-than-this-build "Microsoft Windows 10-2009 x64"> > <Early threads found> > <Initial options = -no_dynamic_options -client_lib 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -client_lib64 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -code_api -probe_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -skip_terminating_threads -no_indcall2direct > > Client inscount is running** > <CURIOSITY : instr_get_opcode(instr_new) != instr_get_opcode(instr_old) in file D:\DynamoRIODetach\dynamorio-master\core\win32\callback.c line 2079 > version 9.93.19549, custom build > -no_dynamic_options -client_lib 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -client_lib64 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -code_api -probe_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignored_syscalls -native_exec_default_list '' > D:\dynamorio\build_debug\lib64\debug\dynamorio.dll=0x0000000015000000 > D:\dynamorio\build_debug\api\bin\inscount.dll=0x00007ff721f90000 > C:\WINDOWS/system32/KERNEL32.dll=0x0000026257e00000 > C:\WINDOWS/system32/KERNELBASE.dll=0x0000026257f40000 > D:\dynamorio\build_debug\ext\lib64\debug/drmgr.dll=0x00007ff721ff0000> > <CURIOSITY : instr_new == instrlist_first(ilist) || instr_new == instr_get_next(instrlist_first(ilist)) in file D:\dynamorio\core\win32\callback.c line 2082 > version 9.93.19549, custom build > -no_dynamic_options -client_lib 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -client_lib64 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -code_api -probe_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignored_syscalls -native_exec_default_list '' > D:\dynamorio\build_debug\lib64\debug\dynamorio.dll=0x0000000015000000 > D:\dynamorio\build_debug\api\bin\inscount.dll=0x00007ff721f90000 > C:\WINDOWS/system32/KERNEL32.dll=0x0000026257e00000 > C:\WINDOWS/system32/KERNELBASE.dll=0x0000026257f40000 > D:\dynamorio\build_debug\ext\lib64\debug/drmgr.dll=0x00007ff721ff0000> > <Cleaning hooked Nt wrapper @0x00007ffeba790800 sysnum=0x1c2> > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 417 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 552 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 545 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 537 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 543 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 539 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 538 milliseconds **> <curiosity: rex.w on OPSZ_6_irex10_short4!> > <received nudge mask=0x4 id=0x00000000 arg=0x0000000000000000> > <Detaching from application D:\vs_demos_repos\SumOneBillion\x64\Release\SumOneBillion.exe (16300)> > <Detaching from process, entering final cleanup> > Instrumentation results: 20766267822 instructions executed** > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 194 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 194 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 194 milliseconds > Issue: [#725](#725)
The automated test of detach and detach documentation have been fixed, although the detach test for vs2019-32 may complain timeout like the attach test. |
Looks like the attach_test is still listed on the ignore-failures list. That should be fixed before this issue is closed.
Vs the actual output
|
Even if I swap the order of the two lines, there are still some tests that don't pass, it may require a clear macro definition rule. |
You mean Linux has one order and Windows another? We can use |
This patch adds an automated test of detach on Windows platform. The test start a target program and attach to the process firstly, then use the drconfig front-end to detach from the process. As shown in the .template file, the detach mechanism lets the target process be detached before stopping it. Issue: [#725](#725) --------- Co-authored-by: Derek Bruening <bruening@google.com>
The old way to trigger detach on the Windows platform is the no-longer-supported "drcontrol" front-end. Re-exposing the detach feature in drconfig front-end on the Windows platform. The following briefly describes my manual testing process, and I'll continue to submit an automated testing tool in a new PR soon. I wrote my own continuously running example as a manual test case for DynamoRIO, which counts the time of summing the first 1 billion numbers in real time. I'd like to use the real-time output of the test case to present the running state of the program. ``` #include <iostream> #include <chrono> #define LOOPCOUNT 100000; // Function to perform a computationally intensive task void performTask() { //calculate the sum of the first 1 billion numbers long long unsigned sum = 0; for (int i = 1; i <= 1000000000; ++i) { sum += i; } std::cout << "The sum of the first 1 billion numbers: " << sum << std::endl; } void single_loop() { // Start the timer auto start = std::chrono::high_resolution_clock::now(); // Perform the computationally intensive task performTask(); // Stop the timer auto end = std::chrono::high_resolution_clock::now(); // Calculate the elapsed time auto duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start); // Print the elapsed time std::cout << "Elapsed time: " << duration.count() << " milliseconds" << std::endl; } int main() { int counts = LOOPCOUNT; for (int i = 0; i < counts;i++) { single_loop(); } return 0; } ``` Here are the steps to perform a manual test: 1. Execute our test case: ./SumOneBillion.exe 2. Use the "ps" command to get the target process ID: ps | grep SumOneBillion 3. Use "-attach" option to instrument the target process ID: .\drrun.exe -attach pid -c64 D:\dynamorio\build_debug\api\bin\inscount.dll 4. Use "-detach" option to stop the instrumentation:.\drconfig.exe -detach pid The output of the test case and the DynamoRIO in debug version is like following. > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 192 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 191 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 191 milliseconds **> <Starting application D:\vs_demos_repos\SumOneBillion\x64\Release\SumOneBillion.exe (16300)> > <cannot remove dll from rbtree: at root/min + can't find real tree> > <Running on newer-than-this-build "Microsoft Windows 10-2009 x64"> > <Early threads found> > <Initial options = -no_dynamic_options -client_lib 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -client_lib64 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -code_api -probe_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -skip_terminating_threads -no_indcall2direct > > Client inscount is running** > <CURIOSITY : instr_get_opcode(instr_new) != instr_get_opcode(instr_old) in file D:\DynamoRIODetach\dynamorio-master\core\win32\callback.c line 2079 > version 9.93.19549, custom build > -no_dynamic_options -client_lib 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -client_lib64 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -code_api -probe_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignored_syscalls -native_exec_default_list '' > D:\dynamorio\build_debug\lib64\debug\dynamorio.dll=0x0000000015000000 > D:\dynamorio\build_debug\api\bin\inscount.dll=0x00007ff721f90000 > C:\WINDOWS/system32/KERNEL32.dll=0x0000026257e00000 > C:\WINDOWS/system32/KERNELBASE.dll=0x0000026257f40000 > D:\dynamorio\build_debug\ext\lib64\debug/drmgr.dll=0x00007ff721ff0000> > <CURIOSITY : instr_new == instrlist_first(ilist) || instr_new == instr_get_next(instrlist_first(ilist)) in file D:\dynamorio\core\win32\callback.c line 2082 > version 9.93.19549, custom build > -no_dynamic_options -client_lib 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -client_lib64 'D:\dynamorio\build_debug\api\bin\inscount.dll;0;' -code_api -probe_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignored_syscalls -native_exec_default_list '' > D:\dynamorio\build_debug\lib64\debug\dynamorio.dll=0x0000000015000000 > D:\dynamorio\build_debug\api\bin\inscount.dll=0x00007ff721f90000 > C:\WINDOWS/system32/KERNEL32.dll=0x0000026257e00000 > C:\WINDOWS/system32/KERNELBASE.dll=0x0000026257f40000 > D:\dynamorio\build_debug\ext\lib64\debug/drmgr.dll=0x00007ff721ff0000> > <Cleaning hooked Nt wrapper @0x00007ffeba790800 sysnum=0x1c2> > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 417 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 552 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 545 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 537 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 543 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 539 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 538 milliseconds **> <curiosity: rex.w on OPSZ_6_irex10_short4!> > <received nudge mask=0x4 id=0x00000000 arg=0x0000000000000000> > <Detaching from application D:\vs_demos_repos\SumOneBillion\x64\Release\SumOneBillion.exe (16300)> > <Detaching from process, entering final cleanup> > Instrumentation results: 20766267822 instructions executed** > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 194 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 194 milliseconds > The sum of the first 1 billion numbers: 500000000500000000 > Elapsed time: 194 milliseconds > Issue: [DynamoRIO#725](DynamoRIO#725)
…ynamoRIO#6222) Updates the usage docs to include an example of `drcontrol -detach`. Issue: [DynamoRIO#725](DynamoRIO#725)
…moRIO#6227) Fixes incorrect output ordering for the client.attach_test. Removes the client.attach_test from the ignore-failure list in the wrapper script as it now passes for 32-bit and 64-bit Windows. Issue: [DynamoRIO#725](DynamoRIO#725) --------- Co-authored-by: Derek Bruening <bruening@google.com>
This patch adds an automated test of detach on Windows platform. The test start a target program and attach to the process firstly, then use the drconfig front-end to detach from the process. As shown in the .template file, the detach mechanism lets the target process be detached before stopping it. Issue: [DynamoRIO#725](DynamoRIO#725) --------- Co-authored-by: Derek Bruening <bruening@google.com>
Looks like there is non-determinism as this win32 run has "thread_init" before "event_post_attach": https://github.com/DynamoRIO/dynamorio/actions/runs/5764745468/job/15629345646?pr=6241 |
Removes the printing of "event_post_attach" in the client.attach test, as it had non-deterministic ordering versus the "thread init" printing (and runall.cmake requires "thread init"). Replaces with a boolean check and error print at exit to ensure we saw the attach event. This completes the base attach feature. Future problems should open new issues. Fixes #725
Removes the printing of "event_post_attach" in the client.attach test, as it had non-deterministic ordering versus the "thread init" printing (and runall.cmake requires "thread init"). Replaces with a boolean check and error print at exit to ensure we saw the attach event. This completes the base attach feature. Future problems should open new issues. Fixes #725
From bruen...@google.com on April 09, 2012 14:58:26
xref issue #38 : attach injection on Linux
xref issue #722 : internally-triggered attach
the problem with attach on windows of course is the inability to
maintain control across a callback return when the callback
occurred prior to attaching.
idea: have thin_client presence up front that hooks all alertable
syscalls. risk: there are many alertable syscalls and maybe we
don't really know all of them. probably best to hook all the
file i/o calls even though their alertability depends on their
args.
in absence of control up front, we could go ahead and try on windows and lose control briefly, counting on native_exec_syscalls like we do when we lose control on AppInit (though here there are multiple threads), and
just document the limitations to any users
Original issue: http://code.google.com/p/dynamorio/issues/detail?id=725
The text was updated successfully, but these errors were encountered: