-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for more operating systems and architectures #3
Comments
I might work on implementing x64 SEH (Windows) unwinding. For the context, a few days ago I made a few tweaks to samply and I was surprised that it worked very reliably to profile Wine applications, which I routinely do for Proton/Wine related development. (Thanks for the amazing work!) Right now, I've made it to unwind through Wine DLLs through the PE DWARF debug info MinGW can generate, but using SEH we could get rid of the reliance on debug info and also unwind through most externally compiled applications as well. I've went through https://auscitte.github.io/posts/Exception-Directory-pefile and got a grasp of how unwind codes work. After looking at real world exes I think most of the SEH opcodes should be translatable to the current cacheable rule infrastructure, with the exception of frame pointers, as I've been seeing MSVC happily putting the frame pointer in the middle of the stack:
I'll keep you updated with progresses. |
Excellent, that sounds great! Also, what a fun use case! Profiling Windows binaries on Linux is certainly not something that I've anticipated, but it makes total sense. I was never sure whether it's justified to ship the PDB code in samply's Linux build, and this is an excellent justification. You may also be interested in goblin's SEH parsing code: https://github.com/m4b/goblin/blob/master/src/pe/exception.rs I'd like to avoid the goblin dependency and would prefer an implementation which uses zerocopy parsing, like in |
I've just created pe-unwind-info (not yet published to crates.io), which I'll work on integrating into |
FYI my previous attempt to add x64 support to framehop is at https://github.com/ishitatsuyuki/framehop/tree/seh-poc, but I didn't have time to clean it up yet. A tricky part is that the RVAs in RUNTIME_FUNCTION can technically point to any section. My POC branch uses something called |
Yeah, in my code I just take the entire module data as a parameter and parse the sections. In my few tests I saw that the data is usually in |
The text was updated successfully, but these errors were encountered: