> drgn (pronounced “dragon”) is a debugger with an emphasis on programmability. drgn exposes the types and variables in a program for easy, expressive scripting in Python. For example, you can debug the Linux kernel:
from drgn.helpers.linux import list_for_each_entry
for mod in list_for_each_entry('struct module', prog['modules'].address_of_(),'list'):
if mod.refcnt.counter > 10:
print(mod.name)
> (char [56])"snd"
> (char [56])"evdev"
> (char [56])"i915"
I remember looking at some internals on Solaris with dtrace, I think eBPF would be an equally good tool for doing that on Linux, it's mentionned at the end of the article but I fail to see why would drgn be better.
https://drgn.readthedocs.io/en/latest/index.html
> drgn (pronounced “dragon”) is a debugger with an emphasis on programmability. drgn exposes the types and variables in a program for easy, expressive scripting in Python. For example, you can debug the Linux kernel: