[Gammaray-interest] New plugin idea: Event inspector

Milian Wolff milian.wolff at kdab.com
Sun Sep 17 22:25:31 CEST 2017 

On Sonntag, 17. September 2017 08:25:24 CEST Christian Gagneraud wrote:
> On 17 September 2017 at 17:10, Christian Gagneraud <chgans at gmail.com> wrote:
> > On 15 September 2017 at 22:37, Christian Gagneraud <chgans at gmail.com> 
wrote:
> >> On 15 September 2017 at 16:06, Christian Gagneraud <chgans at gmail.com> 
wrote:
> >>> Hi there,
> >>> 
> >>> I'm starting to think seriously about jumping into the gammara world.
> >>> 
> >>> What I would like to get/do/contribute is a first class citizen event
> >>> inspector.
> >>> 
> >>> I won't waste your time with lot of words, so basically i would like
> >>> to hook on CustomApplication::notify, CustomObject::event and
> >>> CustomnObject::eventFilter, and store occurrences when some condition
> >>> matches.
> >> 
> >> context: Linux + x86(_64) + gcc
> >> 
> >> I just had a look at the Probe, the Injector and the
> >> FunctionOverwriter classes and skimmed quickly through some plugins ,
> >> and there's enough interesting stuff to start playing with this idea.
> >> I've already learned lot of things! ;)
> >> I didn't know that since Qt-5.4, installing hooks was that easy - if
> >> you don't mind depending on qtbase-private.
> >> I was surprise by the "simple" approach taken by GammaRay, I was
> >> expecting heavy use of SO preload instead i found a "simple is
> >> beautiful" approach (simple is always a relative word).
> >> 
> >> I think it is doable to dynamically wrap CustomApplication::notify, as
> >> you can dynamically build the mangled symbol of the
> >> QApplication::notify overloads, same goes with QObject::Event and
> >> QObject::eventFilter ones: their signatures are well known and
> >> QMetaObject provide the rest, did i miss something?
> > 
> > Obviously i did miss something! ;)
> > First FunctionOverwriter is not a misnomer, it does overwrite the
> > function implementation not the symbol. So once overwritten there is
> > no way to call the original implementation.
> > Then, the function overwriter overwrites special Qt function, that are
> > designed for this purpose, i cannot use that to overwrite arbitray C++
> > symbol. Or at least not in it's current form.
> 
> Hope you don't mind my monologue... ;)
> 
> I'm reading this right [1] now, it's called "Cheating the ELF -
> Subversive Dynamic Linking to Libraries".
> AFAIU, he's talking about manipulation of the PLT of an ELF image.
> Which is, I think, what i would like to achieve: replace a symbol with
> another one of my choice, and still be able to call the original
> symbol.
> Now, this does not seem easy....

You can have a look at the heaptrack injector code, which does just that.

But note that it might be a better idea to add custom trace points to Qt 
upstream at strategic points.

Cheers

-- 
Milian Wolff | milian.wolff at kdab.com | Senior Software Engineer
KDAB (Deutschland) GmbH&Co KG, a KDAB Group company
Tel: +49-30-521325470
KDAB - The Qt Experts

More information about the Gammaray-interest mailing list