Abstract
Dynamic Binary Instrumentation (DBI) in user space often suffers from low probe insertion success rates and high execution overhead, due to challenges in handling the compact instruction layouts (<inline-formula><tex-math notation="LaTeX">$< $</tex-math><alternatives><mml:math><mml:mo><</mml:mo></mml:math><inline-graphic xlink:href="shahnejatbushehri-ieq1-3641055.gif"/></alternatives></inline-formula>5 bytes) and complex trampoline placement constraints. Existing techniques are either limited in scope, incur high runtime overhead, or rely on heavyweight code relocation. This article introduces NOProbe, a lightweight, user-space DBI framework that enables safe and efficient probe insertion using two novel strategies. The first strategy locates trampoline sites by leveraging compiler-generated NOP paddings; the second employs pseudo-NOP instructions to support trampoline placement even when instructions overlap. Additionally, we propose a thread-safe patching algorithm, <italic>lock</italic>-<italic>redirect</italic>-<italic>load</italic>-<italic>arm</italic>, for safe runtime code modification. Experimental results show that NOProbe achieves 97%β99% probe effectiveness, reduces probe insertion latency, and maintains very low per-probe execution overhead, even under high probe density and multithreaded workloads.