ebpf-for-windows
lai
| ebpf-for-windows | lai | |
|---|---|---|
| 13 | 3 | |
| 2,617 | 173 | |
| 2.6% | 2.3% | |
| 9.7 | 3.9 | |
| about 13 hours ago | 2 months ago | |
| C | C | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ebpf-for-windows
-
Why ACPI?
There already is an eBPF for Windows, it's even Microsoft's own project https://github.com/microsoft/ebpf-for-windows
-
eBPF Verification Is Untenable
This link is about a proposed new eBPF verifier for the Linux kernel that doesn't use signing. As a research project it is not integrated to the kernel, but their plan does not involve trusting user space (instead they suggest doing the heavy lifting of the verification in user space and provide a proof of safety that the kernel checks, which seems sensible to me).
I believe you meant to link https://github.com/microsoft/ebpf-for-windows/ instead (discussed on HN recently) which is an implementation by Microsoft using the above research project that indeed does not follow the suggestion from the authors of the research project to use validation and does require trusting user space.
- eBPF for Windows
-
GitHub - microsoft/DTrace-on-Windows: Code for the cross platform, single source, OpenDTrace implementation
Somewhat funnily, Microsoft also developed eBPF for Windows.
-
ELI5: eBPF
Not for long https://github.com/microsoft/ebpf-for-windows
- Linux developers patch security holes faster than anyone else, says Google
- Linux's IPTABLES Vs OpenBSD's PF ...... Which is more secure ?
- How to add eBPF observability to your product
- eBPF implementation that runs on top of Windows
lai
- Why ACPI?
- Lightweight AML (ACPI Machine Language) Interpreter
-
How to integrate ACPICA in your OS
The osdev wiki has an article explaining it. Mind you, ACPICA is quite heavy. If you don’t mind running into potential unsupported boards on real hardware (which should be quite rare and the developers will fix it if they can), you might want to look at LAI (https://github.com/managarm/lai). It works fine under QEMU so if you’re only doing virtualization there are no problems. LAI is a lot less convoluted to port, less code and less bloat. In essence, it’s add source files from LAI to your source tree, define and implement a few functions (last I checked less than 10 for basic operations if I recall correctly) and call like two LAI functions to enumerate namespaces and enable ACPI mode. LAI comes with documentation and there is a support channel on both discord and irc, linked in the readme of the repo.
What are some alternatives?
bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
dropWPBT - Disables the Windows Platform Binary Table (WPBT) in your UEFI firmware.
UACME - Defeating Windows User Account Control
emscripten - Emscripten: An LLVM-to-WebAssembly Compiler
ebpf-verifier - eBPF verifier based on abstract interpretation
asus-fan - Kernel module to get/set (both) fan speed(s) on ASUS Zenbooks
ebpf - ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
libbpf - Automated upstream mirror for libbpf stand-alone build.
xdp-tools - Utilities and example programs for use with XDP
opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
DTrace-on-Windows - Code for the cross platform, single source, OpenDTrace implementation