system-calls

问题 I want to count the malloc system call with Kprobe in fedora. I know that malloc is not a system call and is implemented in user space, but I want to count malloc with kprobe if its possible. What is the name of system call that I must give to Kprobe? For example for do_work: kp.addr = (kprobe_opcode_t *) kallsyms_lookup_name("do_fork"); 回答1: This is not possible with kprobes because, as you said, malloc is not a system call. You can, however, use USDTs to trace userspace processes. The bcc

问题 Is it possible to make a system call, such as executing ls -la , and use the result in your app? 回答1: Usually when someone says system call they mean calling into the kernel through one of the defined entry points. While its technically possible on iPhone, you are always better of going through the libSystem shims because the call interface is probably not stable (it isn't on Mac OS X for instance). I doubt Apple would like it if you did that, but I suspect no one as really thought about it

问题 I need to add an own system call to the Raspbian Linux Kernel. Now I am stuck after searching for about 2 days to find a solution. To add a system call, I am basically following the general outline (http://elinux.org/RPi_Kernel_Compilation) using the kernel sources from the following git repo: git://github.com/raspberrypi/tools.git I have installed a cross-compile environment using crosstool-ng (http://www.kitware.com/blog/home/post/426). All these above works. I am able to compile and deploy

问题 The Mmap() syscall in the x/sys/unix package in Golang returns a []byte type, while the underlying syscall actually returns a pointer. How does it do this? More specifically, in this package by a Golang developer, the VirtualAlloc function simply returns a pointer. How can this be converted to a byte slice, the same way as it's done in the Unix package? 回答1: Using the unsafe package you can do the same thing golang.org/x/sys/unix does in the Mmap method of its unexported mmapper type: //

问题 I was using the following code which actually gets me the contents in the registers (eax, ebx, ecx) whenever a open system call is called. Now after a lot of struggle I understood what the values signify from this Question. ebx contains the pointer to filename. But when I try to access it I was getting a segmentation fault. Where am I going wrong? The code can be accessed from the here 回答1: Every process has its own address space. An address obtained from another process will not be valid in

问题 Okay so I am trying to teach myself on how to do signalling, and I came across a hiccup and I can't figure out what I'm doing wrong. What is going on right now is: it is executing the parent then goes to child and then back to parent.. It's not doing what I want it to do which is execute the parent (which the user defines the amount of time it runs) then kills it then go to child and run itself at the same amount of time. #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include

问题 Problem I want to execute the exit system call in ARM using inline assembly on a Linux Android device, and I want the exit value to be read from a location in memory. Example Without giving this extra argument, a macro for the call looks like: #define ASM_EXIT() __asm__("mov %r0, #1\n\t" \ "mov %r7, #1\n\t" \ "swi #0") This works well. To accept an argument, I adjust it to: #define ASM_EXIT(var) __asm__("mov %r0, %0\n\t" \ "mov %r7, #1\n\t" \ "swi #0" \ : \ : "r"(var)) and I call it using:

问题 I am studying the Linux kernel and at the moment I try to implement my own system call. In the kernel code it looks the following: asmlinkage long sys_my_syscall() { printk("My system call\n"); return 0; } If I call it with a systemcall() function it works fine, but I have found another one way: int my_syscall(void) { long __res; __asm__ volatile ( "movl $312, %%eax;" "int $0x80;" "movl %%eax, %0;" : "=m" (__res) : : "%eax" ); if ((unsigned long) (__res) >= (unsigned long) (-125)) { errno = -

问题 I'm writing a simple REPL (a command line wrapper for adb ) in Ruby where I support two kinds of commands: interactive commands non-interactive commands As for 2, I simply want to invoke a system command from the REPL, capture its output while it's outputting text, and allow the user to exit back into the REPL from that command. Example: >> logcat ... // log output here ! user hits CTRL-D >> // back at the prompt This is to happen within my program, not the system shell. Now the problem is:

问题 I'm studying system call handling process in linux. I found that the entry_SYSCALL_64 function is called when the user process run syscall instruction to call system call. This function save interrupt frame. However, when it push the ip to interrupt frame, it read not rip but rcx. This code is in blow. ENTRY(entry_SYSCALL_64) UNWIND_HINT_EMPTY /* * Interrupts are off on entry. * We do not frame this tiny irq-off block with TRACE_IRQS_OFF/ON, * it is too small to ever cause noticeable irq