Presentation from training day for Sun Solaris customers to explain features of Solaris DTrace.
Presentation covers following themes:
- architecture and syntax
- tools DTraceToolkit, chime, DTraceTazTool, DLight
- system DTrace (system providers like syscall, sched, vminfo ...)
- application DTrace (providers pid* and plockstat*, User-Level Statically Defined Tracing (USDT)), Dtrace for MySQL, Apache webserver, PHP module, Java and Firefox Javascript
Czech Oracle Solaris Administrators Day 2011 - DTrace Martin Cerveny
Presentation from training day for Oracle Solaris customers to explain features of Solaris DTrace.
Presentation covers following themes:
- architecture and syntax
- tools DTraceToolkit, chime, DTraceTazTool, DLight
- system DTrace (system providers like syscall, sched, vminfo ...)
- application DTrace (providers pid* and plockstat*, User-Level Statically Defined Tracing (USDT)), Dtrace for MySQL, Apache webserver, PHP module, Java and Firefox Javascript
Demolabs: http://www.edumaster.cz/java-developers-solaris-administrators-day/pdf/jsd2011_dtrace_labs.tar.gz
Presentation from training day for Sun Solaris customers to explain features of Solaris DTrace.
Presentation covers following themes:
- architecture and syntax
- tools DTraceToolkit, chime, DTraceTazTool, DLight
- system DTrace (system providers like syscall, sched, vminfo ...)
- application DTrace (providers pid* and plockstat*, User-Level Statically Defined Tracing (USDT)), Dtrace for MySQL, Apache webserver, PHP module, Java and Firefox Javascript
Czech Oracle Solaris Administrators Day 2011 - DTrace Martin Cerveny
Presentation from training day for Oracle Solaris customers to explain features of Solaris DTrace.
Presentation covers following themes:
- architecture and syntax
- tools DTraceToolkit, chime, DTraceTazTool, DLight
- system DTrace (system providers like syscall, sched, vminfo ...)
- application DTrace (providers pid* and plockstat*, User-Level Statically Defined Tracing (USDT)), Dtrace for MySQL, Apache webserver, PHP module, Java and Firefox Javascript
Demolabs: http://www.edumaster.cz/java-developers-solaris-administrators-day/pdf/jsd2011_dtrace_labs.tar.gz
Slovak Sun Training Day 2010 - OpenSolarisMartin Cerveny
Presentation from training day for Sun Solaris customers to explain new features of OpenSolaris.
Presentation covers following themes:
- installation
- software packaging - IPS
- network virtualization - crossbow
- SCSI target - COMSTAR
Oracle Solaris Day 2013 - Oracle DB and OS SolarisMartin Cerveny
Presentation from training day for Oracle Solaris customers to explain advantages of running Oracle Database on Oracle Solaris.
Presentation covers following themes:
- system and network virtualization
- filesystem ZFS
- security with RBAC
- running with SMF
- tuning with DTrace
Demo labs: http://www.slideshare.net/m_cerveny/osd2013-cmd
2011 X33EJA Výkonové Aspekty JEE Monitoring a optimalizaceMartin Ptáček
2011 ČVUT X33EJA Výkonové Aspekty JEE, Monitoring a optimalizace, hlavní oblasti ovlivňující výkon, proč monitorovat?, základní funkce monitorovacího nástroje, JMX, JDK tools, jconsole, visualvm, Glassfish monitoring, první pomoc
Czech and Slovak Sun Training Day 2007 - SolarisMartin Cerveny
Presentation from training day for Sun Solaris customers to explain new features of Solaris 10 and OpenSolaris,
Presentation covers following themes:
- installation with Wanboot and JASS (SST - Solaris Security Toolkit)
- kernel privileges and RBAC
- SMF starting service
- DTrace overview
- Solaris Zone
- ZFS filesystem
- OpenSolaris project and community
Slovak Sun Training Day 2010 - OpenSolarisMartin Cerveny
Presentation from training day for Sun Solaris customers to explain new features of OpenSolaris.
Presentation covers following themes:
- installation
- software packaging - IPS
- network virtualization - crossbow
- SCSI target - COMSTAR
Oracle Solaris Day 2013 - Oracle DB and OS SolarisMartin Cerveny
Presentation from training day for Oracle Solaris customers to explain advantages of running Oracle Database on Oracle Solaris.
Presentation covers following themes:
- system and network virtualization
- filesystem ZFS
- security with RBAC
- running with SMF
- tuning with DTrace
Demo labs: http://www.slideshare.net/m_cerveny/osd2013-cmd
2011 X33EJA Výkonové Aspekty JEE Monitoring a optimalizaceMartin Ptáček
2011 ČVUT X33EJA Výkonové Aspekty JEE, Monitoring a optimalizace, hlavní oblasti ovlivňující výkon, proč monitorovat?, základní funkce monitorovacího nástroje, JMX, JDK tools, jconsole, visualvm, Glassfish monitoring, první pomoc
Czech and Slovak Sun Training Day 2007 - SolarisMartin Cerveny
Presentation from training day for Sun Solaris customers to explain new features of Solaris 10 and OpenSolaris,
Presentation covers following themes:
- installation with Wanboot and JASS (SST - Solaris Security Toolkit)
- kernel privileges and RBAC
- SMF starting service
- DTrace overview
- Solaris Zone
- ZFS filesystem
- OpenSolaris project and community
2. Proˇc analyz´ator spustiteln´ych soubor˚u?
zad´an´ı: rozˇs´ıˇrit a vylepˇsit
existuj´ıc´ı n´astroj
projekt Lissom (FIT VUT)
informace pro dekompilaci
souborov´y form´at
architektura
vstupn´ı bod (entry point)
pouˇzit´y pˇrekladaˇc nebo packer
informace o pouˇzit´em pˇrekladaˇci ˇci packeru
unpacking
funkce main, instrukˇcn´ı idiomy
Rozˇs´ıˇren´ı n´astroje pro anal´yzu spustiteln´ych soubor˚u 2 / 8
3. Proˇc analyz´ator spustiteln´ych soubor˚u?
zad´an´ı: rozˇs´ıˇrit a vylepˇsit
existuj´ıc´ı n´astroj
projekt Lissom (FIT VUT)
informace pro dekompilaci
souborov´y form´at
architektura
vstupn´ı bod (entry point)
pouˇzit´y pˇrekladaˇc nebo packer
Rozˇs´ıˇren´ı n´astroje pro anal´yzu spustiteln´ych soubor˚u 2 / 8
4. Proˇc analyz´ator spustiteln´ych soubor˚u?
zad´an´ı: rozˇs´ıˇrit a vylepˇsit
existuj´ıc´ı n´astroj
projekt Lissom (FIT VUT)
informace pro dekompilaci
souborov´y form´at
architektura
vstupn´ı bod (entry point)
pouˇzit´y pˇrekladaˇc nebo packer
informace o pouˇzit´em pˇrekladaˇci ˇci packeru
unpacking
funkce main, instrukˇcn´ı idiomy
Rozˇs´ıˇren´ı n´astroje pro anal´yzu spustiteln´ych soubor˚u 2 / 8
12. Experiment´aln´ı v´ysledky
PE
0
20
40
60
80
100
fileinfo 2.0 RDG fileinfo 1.0 PEiD PID Exeinfo PEDetect FastScan DiE
Přesnost(%)
Detekce názvu (např. UPX)
Detekce hlavní verze (např. UPX 3.xx)
Detekce přesné verze (např. UPX 3.05)
ELF
0
20
40
60
80
100
fileinfo 2.0 DiE fileinfo 1.0
Přesnost(%)
Rozˇs´ıˇren´ı n´astroje pro anal´yzu spustiteln´ych soubor˚u 7 / 8
13. Z´avˇer
rozˇs´ıˇren´ı poˇctu z´ısk´avan´ych informac´ı
architekturnˇe specifick´e anal´yzy
nov´e souborov´e form´aty
rychlostn´ı optimalizace
heuristiky
experiment´aln´ı v´ysledky
J. Kˇroustek, P. Matula, D. Kol´aˇr, and M. Zavoral
Advanced Preprocessing of Binary Executable Files and its Usage in
Retargetable Decompilation
In: International Journal on Advances in Software, 2014
Rozˇs´ıˇren´ı n´astroje pro anal´yzu spustiteln´ych soubor˚u 8 / 8
14. Z´avˇer
rozˇs´ıˇren´ı poˇctu z´ısk´avan´ych informac´ı
architekturnˇe specifick´e anal´yzy
nov´e souborov´e form´aty
rychlostn´ı optimalizace
heuristiky
experiment´aln´ı v´ysledky
J. Kˇroustek, P. Matula, D. Kol´aˇr, and M. Zavoral
Advanced Preprocessing of Binary Executable Files and its Usage in
Retargetable Decompilation
In: International Journal on Advances in Software, 2014
decompiler.fit.vutbr.cz/fileinfo
Rozˇs´ıˇren´ı n´astroje pro anal´yzu spustiteln´ych soubor˚u 8 / 8
15. Ot´azky oponenta
”
Pri detekci´ı viacer´ych prekladaˇcov s´u relevantnejˇsie tie, ktor´e boli
detekovan´e na z´aklade heurist´ık. Preˇco s´u detekcie pomocou heurist´ık
povaˇzovan´e za viac relevantn´e ako detekcie pomocou signat´ur?“
experiment´aln´ı v´ysledky
nˇekolik pravidel pro ˇrazen´ı
zdroj
shoda v n´azvu n´astroje
kompar´ator verz´ı
”
V rozsiahlej datab´aze signat´ur mˆoˇze doch´adzat’ ku kol´ızi´am medzi
jednotliv´ymi signat´urami. Ako by ste tento probl´em rieˇsili?“
tˇr´ıdˇen´ı signatur
detektor koliz´ı (NtCore PE Detective, vlastn´ı detektor)
stromy
16. Ot´azky oponenta
”
Pri detekci´ı viacer´ych prekladaˇcov s´u relevantnejˇsie tie, ktor´e boli
detekovan´e na z´aklade heurist´ık. Preˇco s´u detekcie pomocou heurist´ık
povaˇzovan´e za viac relevantn´e ako detekcie pomocou signat´ur?“
experiment´aln´ı v´ysledky
nˇekolik pravidel pro ˇrazen´ı
zdroj
shoda v n´azvu n´astroje
kompar´ator verz´ı
”
V rozsiahlej datab´aze signat´ur mˆoˇze doch´adzat’ ku kol´ızi´am medzi
jednotliv´ymi signat´urami. Ako by ste tento probl´em rieˇsili?“
tˇr´ıdˇen´ı signatur
detektor koliz´ı (NtCore PE Detective, vlastn´ı detektor)
stromy
17. Ot´azky oponenta
”
Pri detekci´ı viacer´ych prekladaˇcov s´u relevantnejˇsie tie, ktor´e boli
detekovan´e na z´aklade heurist´ık. Preˇco s´u detekcie pomocou heurist´ık
povaˇzovan´e za viac relevantn´e ako detekcie pomocou signat´ur?“
experiment´aln´ı v´ysledky
nˇekolik pravidel pro ˇrazen´ı
zdroj
shoda v n´azvu n´astroje
kompar´ator verz´ı
”
V rozsiahlej datab´aze signat´ur mˆoˇze doch´adzat’ ku kol´ızi´am medzi
jednotliv´ymi signat´urami. Ako by ste tento probl´em rieˇsili?“
tˇr´ıdˇen´ı signatur
detektor koliz´ı (NtCore PE Detective, vlastn´ı detektor)
stromy
18. Z´ısk´avan´e informace
souborov´y form´at
architektura
vstupn´ı bod
pˇrekladaˇc nebo packer
informace z hlaviˇcek
pˇr´ıznaky (flags)
typ souboru
endianita
OS, kontroln´ı souˇcet...
sekce, segmenty
symboly
relokace
dynamick´e sekce (ELF)
adres´aˇre dat (PE)
specifick´e anal´yzy (ARM)
origin´aln´ı jazyk
24. Instrukˇcn´ı idiomy
#include <stdio.h>
int main()
{
int a;
scanf("%d", &a);
printf("%dn",
-(a >= 0));
return 0;
}
# include <stdint.h>
# include <stdio.h>
int main()
{
int apple = 0;
scanf("%d", &apple);
printf("%dn",
-(apple >> 31 ^ 1));
return 0;
}
J. Kˇroustek and F. Pokorn´y
Reconstruction of Instruction Idioms in a Retargetable Decompiler
In: WAPL, Krak´ow, PL, 2013
25. Uk´azka v´ystupu
Input file : fileName
File format : ELF
File class : 64-bit
File type : Executable file
Architecture : x86 -64
Endianness : Little endian
Entry point address : 0x405d10
Entry point offset : 0x5d10
Entry point section index: 12
Entry point section name : .text
Bytes on entry point : 554889 e541554c...
Detected compiler/packer : GHC (7.6.3)
Original language : Haskell
26. Uk´azka v´ystupu
i type flags offset vaddr memsize align
-------------------------------------------------------------------------------
i - index
type - type of segment
flags - segment flags
offset - offset in file
vaddr - virtual address in memory
memsize - size in memory
align - alignment in memory and in file
-------------------------------------------------------------------------------
i type flags offset vaddr memsize align
-------------------------------------------------------------------------------
0 PHDR rx 0 x00040 0 x400040 0x001c0 0 x000008
1 INTERP r 0 x00200 0 x400200 0x00015 0 x000001
2 LOADABLE rx 0 0 x400000 0xabfcc 0 x200000
3 LOADABLE rw 0 xac000 0 x6ac000 0x15488 0 x200000
4 DYNAMIC rw 0 xac030 0 x6ac030 0x001d0 0 x000008
5 NOTE r 0 x00218 0 x400218 0x00018 0 x000004
6 OS - specific r 0 xa5898 0 x4a5898 0x0138c 0 x000004
7 OS - specific rwx 0 0 0 0 x000010
-------------------------------------------------------------------------------
Flags:
r - readable
x - executable
w - writable
27. Uk´azka v´ystupu
i type flags offset vaddr memsize align
-------------------------------------------------------------------------------
i - index
type - type of segment
flags - segment flags
offset - offset in file
vaddr - virtual address in memory
memsize - size in memory
align - alignment in memory and in file
-------------------------------------------------------------------------------
i type flags offset vaddr memsize align
-------------------------------------------------------------------------------
0 PHDR rx 0 x00040 0 x400040 0x001c0 0 x000008
1 INTERP r 0 x00200 0 x400200 0x00015 0 x000001
2 LOADABLE rx 0 0 x400000 0xabfcc 0 x200000
3 LOADABLE rw 0 xac000 0 x6ac000 0x15488 0 x200000
4 DYNAMIC rw 0 xac030 0 x6ac030 0x001d0 0 x000008
5 NOTE r 0 x00218 0 x400218 0x00018 0 x000004
6 OS - specific r 0 xa5898 0 x4a5898 0x0138c 0 x000004
7 OS - specific rwx 0 0 0 0 x000010
-------------------------------------------------------------------------------
Flags :
r - readable
x - executable
w - writable