Skip to content

retsnoop v0.9.5
Compare
Choose a tag to compare
@anakryiko anakryiko released this 16 Feb 05:12
· 164 commits to master since this release
v0.9.5
3396c29

What's Changed

Massive improvements in how retsnoop determines whether kprobes are attachable:

  • add --debug multi-kprobe mode to bisect failing multi-kprobe attachment; it quickly narrows down and logs which kprobes were attempted but failed to be attached;
  • skip attaching to kernel functions that have non-unique name and some of instances are not traceable;
  • resolve internal mix up of function and data ksyms;
  • internal fixes to consistently take into account kernel module to which ksym/kprobe belongs to.

Overall, these fixes and improvements make retsnoop's mass-attach behavior more reliable.

Full Changelog: v0.9.4...v0.9.5

Assets 5
Loading