DTrace-on-Windows
ebpf-for-windows
DTrace-on-Windows | ebpf-for-windows | |
---|---|---|
8 | 13 | |
449 | 2,592 | |
1.8% | 1.7% | |
5.5 | 9.7 | |
2 months ago | 1 day ago | |
C | C | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
DTrace-on-Windows
- DTrace-on-Windows
- GitHub - microsoft/DTrace-on-Windows: Code for the cross platform, single source, OpenDTrace implementation
-
Hacker News top posts: Aug 19, 2022
DTrace-on-Windows\ (17 comments)
-
DTrace-on-Windows: Code for the cross platform, OpenDTrace implementation
I'll be surprised if this doesn't become an abandoned experiment.
Take a look at the commit history: https://github.com/microsoft/DTrace-on-Windows/commits/windo...
Last commit 4 months ago... and then a year ago... and then two years before that.
I saw this mentioned here a while back and saw the "last commit 2 years ago" status in GitHub and just ignored it completely. It's most likely someone's pet project with no real support in the larger Microsoft corp.
Oh and I tried it in a virtual machine, but it just blue screened, which doesn't inspire confidence.
-
Can't get dtrace for cargo flamegraph to work (on windows)
In my experience, the dtrace implementation for windows does not work very well with cargo flamegraph. The issue the above comments pointed out, requires the user to build the app from source. Once I did that, I was able to generate a flamegraph, but the detail was not very good as it seemed to only show generic windows/rust runtime information.
ebpf-for-windows
-
Why ACPI?
There already is an eBPF for Windows, it's even Microsoft's own project https://github.com/microsoft/ebpf-for-windows
-
eBPF Verification Is Untenable
This link is about a proposed new eBPF verifier for the Linux kernel that doesn't use signing. As a research project it is not integrated to the kernel, but their plan does not involve trusting user space (instead they suggest doing the heavy lifting of the verification in user space and provide a proof of safety that the kernel checks, which seems sensible to me).
I believe you meant to link https://github.com/microsoft/ebpf-for-windows/ instead (discussed on HN recently) which is an implementation by Microsoft using the above research project that indeed does not follow the suggestion from the authors of the research project to use validation and does require trusting user space.
- eBPF for Windows
-
GitHub - microsoft/DTrace-on-Windows: Code for the cross platform, single source, OpenDTrace implementation
Somewhat funnily, Microsoft also developed eBPF for Windows.
-
ELI5: eBPF
Not for long https://github.com/microsoft/ebpf-for-windows
- Linux developers patch security holes faster than anyone else, says Google
- Linux's IPTABLES Vs OpenBSD's PF ...... Which is more secure ?
- How to add eBPF observability to your product
- eBPF implementation that runs on top of Windows
What are some alternatives?
bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
UACME - Defeating Windows User Account Control
ebpf-verifier - eBPF verifier based on abstract interpretation
ebpf - ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
libbpf - Automated upstream mirror for libbpf stand-alone build.
xdp-tools - Utilities and example programs for use with XDP
opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
lai - LAI is an interpreter for AML, the ACPI Machine Language.