Need tool to generate BTF data from PE images generated by MSVC tool chain #3945
Comments
|
@Alan-Jowett please add more details on possible solutions to this for someone else to pick this up. And please add use cases (such as invoking helpers with BTF Id). |
|
Linux has pahole but we don't yet have an equivalent tool for eBPF for Windows. Such a tool would read a .pdb file and generate BTF data to be added to an ELF file. Bing copilot explains: The pahole tool is part of the DWARF project and is used in the context of BPF (Berkeley Packet Filter) to generate BTF (BPF Type Format) information from non-stripped ELF files that contain DWARF debug data. Here's a brief overview of what it does: Input: pahole takes an ELF file as input, which can be either the kernel or a standard eBPF ELF object. Processing: It processes the DWARF debug data within the ELF file to extract type information. Output: The tool appends two additional ELF sections with BTF encoding to the input ELF file. This BTF information can then be used by BPF tools to provide better type information and improve debugging and profiling[1]. [1] https://github.com/aquasecurity/btfhub/blob/main/docs/how-to-use-pahole.md For Windows, the input would be the PDB file but otherwise would work similarly. In the future it might (needs investigation) even be possible to have a BTF ID for a prog type and/or attach type, to avoid having to coordinate those as well. |
BTF is a machine-readable format for introspection of OS interfaces (like syscalls). Linux has a tool called pahole that does this, but Windows lacks a similar feature.
The text was updated successfully, but these errors were encountered: