-
Notifications
You must be signed in to change notification settings - Fork 481
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hooks plugin is slow #1545
Comments
I suspect this isn't a hooks issue. Primarily because hooks is used all over the place and in this case is probably running in both cases of your test. In particular, if you load panda/panda/plugins/osi_linux/osi_linux.cpp Line 1306 in c363487
And panda/panda/plugins/syscalls2/syscalls2.cpp Lines 1398 to 1403 in c363487
Because hooks is running in both scenarios I suspect the slowdown has to be related with what is running on the task switch callback than it could with hooks itself. FWIW: I don't tend to use the |
Interesting - I assumed this was happening in hooks because I was profiling panda and seeing the majority of the time was being spent in panda_hooks.so - but I certainly could have misinterpreted what I was seeing - I can take a closer look and try to isolate where the slowdown might be occurring. |
There are a couple of cases where plugins load the hooks plugin. The callbacks invoked by hooks significantly slow down panda. We should consider whether loading hooks by default is correct in all cases. Maybe just adding a warning along with a method to disable the use of hooks would be enough - which wouldn't break anything if anyone is relying on the current behavior.
One instance where I'm seeing this is when an osi_linux kernel profile includes the optional parameter task.switch_hook_addr. In my case I got a 4x speed boost by using an updated profile with this parameter commented out.
Another case I'm seeing this is when the wintrospection plugin is loaded. In my case, I didn't need the functionality that wintrospection was leveraging from hooks so I updated wintrospection to not load hooks. This change cut my analysis time by a third.
Wondering if others are affected by either of these issues and may not be aware.
The text was updated successfully, but these errors were encountered: