eBPF for Windows should support ETW, syscall and kprobe style hooks

microsoft / ebpf-for-windows

eBPF implementation that runs on top of Windows

MIT License

2.95k stars 240 forks source link

eBPF for Windows should support ETW, syscall and kprobe style hooks #206

Open Alan-Jowett opened 3 years ago

Alan-Jowett commented 3 years ago

eBPF for Windows should support ETW, syscall and kprobe style hooks

One of the strong points of BPF on Linux is the ability to execute BPF programs in response to kprobes and system calls. This provides a very rich set of diagnostic tools to the developer and administrator of Linux systems. eBPF for Windows would benefit from adding equivalent functionality.

dthaler commented 3 years ago

Need a proposed design before code changes

dthaler commented 3 years ago

uprobes should also be part of this discussion.

danf1 commented 1 month ago

Can someone please update on plans to support uprobes?