Instrument and Find Out: Writing Parasitic Tracers for High(-Level) Languages

Presented at DEF CON 29 (2021), Aug. 8, 2021, 2 p.m. (20 minutes).

Modern programming languages are, more and more, being designed not just around performance, ease-of-use, and (sometimes) security, but also performance monitoring and introspectability. But what about the languages that never adopted such concepts from their peers? Or worse, what about the languages that tacked on half-hearted implementations as an afterthought? The answer is simple, you write your own and instrument them into the language dynamically. In this talk, we will discuss the process for developing generalized parasitic tracers targeting specific programming languages and runtimes using Ruby as our case study. We will show how feasible it is to write external tracers targeting a language and its runtime, and discuss best practices for supporting different versions over time. REFERENCES: * https://github.com/ruby/ruby * https://frida.re/docs/javascript-api/

Presenters:

  • Jeff Dileo / chaosdata - Technical Director, NCC Group   as Jeff Dileo
    Jeff Dileo (chaosdata) is a security consultant by day, and sometimes by night. He hacks on embedded systems, mobile apps and devices, web apps, and complicated things that don't have names. He likes candy and arguing about text editors and window managers he doesn't actually use. @chaosdatumz

Links:

Similar Presentations: