DevConf.cz 2018

"strace is a diagnostic, debugging and instructional utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state.

In 2017, several interesting features were implemented within strace project, including
+ syscall specification improvements: new syscall classes, regular expressions, conditional expressions;
+ detailed parsers of netlink protocols;
+ advanced syscall filtering syntax;
+ advanced syscall tampering and filtering with Lua;
+ asinfo: advanced syscall information tool.

In this talk the maintainer of strace will describe these new features
and demonstrate what kinds of problems they help to solve."

"The strace is a diagnostic, debugging and instructional userspace utility for Linux. Over the years, strace gained an unique database storage of system calls for a wide range of architectures, such as microblaze, riscv, avr32, well-known x86 etc. So asinfo (advanced system call information) tool has to operate with this database and provide main information about system calls and architectures in the most convenient way. Therefore, asinfo is deemed as a static query tool with the following functionality:
1) Provide brief architecture information;
2) Take a guess about userspace ABI and architecture;
3) Find syscalls name by number or vice versa setting an exact match, substring, syscall group or regex expression;
4) Multiarch mode."

"Session will walk through demonstrating various ways of tracking the run time issues using binary utilities available with `binutils` package and `gdb` debugger in absence of source code, just from binary executables or libraries. This session will help the audience understand the code flow from binary files alone, backtracking and formulating the potential source code, binary is generated form. Many kind of problems like symbol resolution failure, application crashes and deviation from standard programming practices can be identified using these tools, without access to actual source code of the application. These are the foundations of hacking and cracking. Some insight into system architecture (like registers and their usage) and assembly language and programming is helpful."

"Ftrace is the official tracer of the Linux Kernel. It allows one to see how tasks are scheduled, interrupts take place, page faults and much more. The interface to ftrace is the tracefs file system and can be a bit daunting. The user tool trace-cmd is a front end to the tracefs file system and can access almost all of ftrace features without having to know about the tracefs file system. This session will explain how to use trace-cmd, and use it to see how the Linux kernel is working on the machine that you are using."

"Model checking is often thought of as an academic enterprise, detached from
reality. This is a myth that we would like to set straight. Just like SAT
solvers (think DNF), model checking is about to find its way into practical,
day-to-day tools. The DIVINE toolset is an emerging example.

Dealing with bugs in concurrent and safety-critical software is where model
checking is its strongest. However, even in the arena of everyday C (and C++)
programs, it is a formidable assistant. We will see how a model checker can
deliver (non-interactive) valgrind- and sanitizer-like features that are also
completely robust in multi-threaded programs. On top of that, we will also
discuss how this technology allows for an interactive, reversible debugger and
show you how it looks in practice."

"Debugging Go can be a difficult task. The language has a lot of powerful features which while incredibly useful, can make debugging tough problems tricky.

In this talk I will begin by introducing Delve, a Go-specific debugger. Following the introduction I will discuss what makes Go different from other languages, how Delve is different from other debuggers, how it works, and how you can use it to debug your own Go programs.

From there we will jump into hands on demos, showing how to use Delve to fix even the most difficult bugs you may come across during development. At the end of the talk attendees will have a new tool in their development toolkit, and the knowledge of how to use it in day to day development."

"The talk will give an overview of the linux perf
subsystem kernel side. The design, scheduler hooks,
exported API and other kernel side details might
shed some light on perf tool hidden behaviour for
its users."

"Suffering from a lack of good free software tools, reverse engineering on Linux never been a very popular activity among hobbyists. However, more tools exist now, and we will discover how to use Radare2, a GPL set of tools to examine a wide range of binaries.
This session will present the very basics concepts behind assembly and low level languages, and show simple commands and the philosophy behind radare 2. In order to be concrete, a very simple binary will be looked at to illustrate the concepts, tools and practices, and let people be ready to tackle more complex challenges either for fun (such as a security CTF) or for more serious reasons (such as malware and exploit dissecting).

No binaries will be harmed during the presentation."

"Beautifying syscall args using kernel headers and eBPF in 'perf trace'.

There are many players driving the addition of features in the kernel to help observe events and filter voluminous information at the source, with the lowest overhead, making (or trying to make) sure that security is kept while helping developers cope with increasingly complex systems.

Showing examples of how these infrastructures can be used, in the kernel sources is the overall objective of tools/. Nevermind that what is there can actually be used to attack this complexity.

The perf trace is one such effort, to get the strace workflow and augment it with tracepoints, callchains, system wide, cgroup wide and other targets besides those accessible to the original strace, using the perf and eBPF is the goal here."