Description:
Tracing is a specialized use of logging to record information about a program's execution. This information is typically used by programmers for debugging purposes, and additionally, depending on the type and detail of information contained in a trace log, by experienced system administrators or technical support personnel to diagnose common problems with software.
DTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kernel and application problems on production systems in real time. Originally developed for Solaris, it has since been released under the free Common Development and Distribution License (CDDL) and has been ported to several other Unix-like systems. DTrace can be used to get a global overview of a running system, such as the amount of memory, CPU time, filesystem and network resources used by the active processes. It can also provide much more fine-grained information, such as a log of the arguments with which a specific function is being called, or a list of the processes accessing a specific file.
In Video 1: Bryan Cantrill will discuss the Dtrace and how it can be used to significantly improve debugging both for development and live systems.
In Video 2: In this video, made at Black Hat Europe, security engineer David Weston illustrates his research related to DTrace. Many of the features of DTrace can be leveraged to discover new exploits, unobtrusively monitor malware and even protect against buffer overflow attacks.
His full presentation is here.We also
posted a video from Recon 2008 about Dtrace here.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: