short-paper

Don't panic: reverse debugging of kernel drivers

Authors:

Pavel Dovgalyuk,

Denis Dmitriev,

Vladimir MakarovAuthors Info & Claims

ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

Pages 938 - 941

https://doi.org/10.1145/2786805.2803179

Published: 30 August 2015 Publication History

Get Access

Abstract

Debugging of device drivers' failures is a very tough task because of kernel panics, blue screens of death, hardware volatility, long periods of time required to expose the bug, perturbation of the drivers by the debugger, and non-determinism of multi-threaded environment. This paper shows how reverse debugging reduces the influence of these factors to the process of drivers debugging. We present reverse debugger as a practical tool, which was tested for i386, x86-64, and ARM platforms, for Windows and Linux guest operating systems. We show that our tool incurs very low overhead (about 10%), which allows using it for debugging of the time sensitive applications. The paper also presents the case study which demonstrates reverse debugging of the USB kernel drivers for Linux.

References

[1]

F. Bellard. Qemu, a fast and portable dynamic translator. In Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC ’05, pages 41–41, Berkeley, CA, USA, 2005. USENIX Association.

Digital Library

Google Scholar

[2]

B. Boothe. Efficient algorithms for bidirectional debugging. SIGPLAN Not., 35(5):299–310, May 2000.

Digital Library

Google Scholar

[3]

S. S. Chia-Wei Hsu. Free: A fine-grain replaying executions by using emulation. The 20th Cryptology and Information Security Conference (CISC 2010), 2010.

Google Scholar

[4]

J. Chow, T. Garfinkel, and P. M. Chen. Decoupling dynamic program analysis from execution in virtual environments. In USENIX 2008 Annual Technical Conference on Annual Technical Conference, ATC’08, pages 1–14, Berkeley, CA, USA, 2008. USENIX Association.

Digital Library

Google Scholar

[5]

B. Dolan-Gavitt, J. Hodosh, P. Hulin, T. Leek, and R. Whelan. Repeatable reverse engineering for the greater good with panda. Oct. 2014.

Google Scholar

[6]

P. Dovgalyuk. Deterministic replay of system’s execution with multi-target qemu simulator for dynamic analysis and reverse debugging. In Proceedings of the 2012 16th European Conference on Software Maintenance and Reengineering, CSMR ’12, pages 553–556, Washington, DC, USA, 2012. IEEE Computer Society.

Digital Library

Google Scholar

[7]

J. Engblom. A review of reverse debugging. In in S4D, 2012.

Google Scholar

[8]

J. Engblom, D. Aarno, and B. Werner. Full-system simulation from embedded to high-performance systems. In R. Leupers and O. Temam, editors, Processor and System-on-Chip Simulation, pages 25–45. Springer US, 2010.

Google Scholar

[9]

S. T. King, G. W. Dunlap, and P. M. Chen. Debugging operating systems with time-traveling virtual machines. In Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC ’05, pages 1–1, Berkeley, CA, USA, 2005. USENIX Association.

Digital Library

Google Scholar

[10]

M. Rittinghaus, K. Miller, M. Hillenbrand, and F. Bellosa. Simuboost: Scalable parallelization of functional system simulation. In Proceedings of the 11th International Workshop on Dynamic Analysis (WODA 2013), Houston, Texas, Mar. 16 2013.

Google Scholar

[11]

M. Xu, V. Malyugin, J. Sheldon, G. Venkitachalam, B. Weissman, and V. Inc. Retrace: Collecting execution trace with virtual machine deterministic replay. In In Proceedings of the 3rd Annual Workshop on Modeling, Benchmarking and Simulation, 2007.

Google Scholar

Cited By

View all

Schwartz DKowshik APina L(2024)Jmvx: Fast Multi-threaded Multi-version Execution and Record-Replay for Managed LanguagesProceedings of the ACM on Programming Languages10.1145/36897698:OOPSLA2(1641-1669)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689769
Yilmaz FSridhar MChoi W(2020)Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual MachineProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427568(386-400)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427568
Dmitriev DDovgalyuk PMakarov V(2019)What is reverse debugging? Classification of reverse debugging methodsJournal of Physics: Conference Series10.1088/1742-6596/1352/1/0120101352(012010)Online publication date: 4-Nov-2019
https://doi.org/10.1088/1742-6596/1352/1/012010
Show More Cited By

Index Terms

Don't panic: reverse debugging of kernel drivers
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Platform-independent reverse debugging of the virtual machines
FRUCT '18: Proceedings of the 18th Conference of Open Innovations Association FRUCT

Prototyping and debugging of operating systems and drivers are very tough tasks because of hardware volatility, kernel panics, blue screens of death, long periods of time required to expose the bug, perturbation of the drivers by the debugger, and non-...
Transparent mutable replay for multicore debugging and patch validation
ASPLOS '13: Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems

We present Dora, a mutable record-replay system which allows a recorded execution of an application to be replayed with a modified version of the application. This feature, not available in previous record-replay systems, enables powerful new ...
Transparent mutable replay for multicore debugging and patch validation
ASPLOS '13

We present Dora, a mutable record-replay system which allows a recorded execution of an application to be replayed with a modified version of the application. This feature, not available in previous record-replay systems, enables powerful new ...

Comments

Information & Contributors

Information

Published In

ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

August 2015

1068 pages

ISBN:9781450336758

DOI:10.1145/2786805

General Chair:
Elisabetta Di Nitto
Politecnico di Milano, Italy
,
Program Chairs:
Mark Harman
University College London, UK
,
Patrick Heymans
University of Namur, Belgium

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 August 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Russian Foundation for Basic Research

Conference

ESEC/FSE'15

Sponsor:

SIGSOFT

ESEC/FSE'15: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering

August 30 - September 4, 2015

Bergamo, Italy

Acceptance Rates

Overall Acceptance Rate 112 of 543 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
390
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)4

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Schwartz DKowshik APina L(2024)Jmvx: Fast Multi-threaded Multi-version Execution and Record-Replay for Managed LanguagesProceedings of the ACM on Programming Languages10.1145/36897698:OOPSLA2(1641-1669)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689769
Yilmaz FSridhar MChoi W(2020)Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual MachineProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427568(386-400)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427568
Dmitriev DDovgalyuk PMakarov V(2019)What is reverse debugging? Classification of reverse debugging methodsJournal of Physics: Conference Series10.1088/1742-6596/1352/1/0120101352(012010)Online publication date: 4-Nov-2019
https://doi.org/10.1088/1742-6596/1352/1/012010
Kwon JHwang TKim D(2016)Emulation of processing in memory architecture for application development2016 International SoC Design Conference (ISOCC)10.1109/ISOCC.2016.7799848(183-184)Online publication date: Oct-2016
https://doi.org/10.1109/ISOCC.2016.7799848

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Platform-independent reverse debugging of the virtual machines

Transparent mutable replay for multicore debugging and patch validation

Transparent mutable replay for multicore debugging and patch validation

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations