system-calls

I'm studying system call handling process in linux. I found that the entry_SYSCALL_64 function is called when the user process run syscall instruction to call system call. This function save interrupt frame. However, when it push the ip to interrupt frame, it read not rip but rcx. This code is in blow. ENTRY(entry_SYSCALL_64) UNWIND_HINT_EMPTY /* * Interrupts are off on entry. * We do not frame this tiny irq-off block with TRACE_IRQS_OFF/ON, * it is too small to ever cause noticeable irq latency. */ swapgs /* * This path is only taken when PAGE_TABLE_ISOLATION is disabled so it * is not

Problem I want to execute the exit system call in ARM using inline assembly on a Linux Android device, and I want the exit value to be read from a location in memory. Example Without giving this extra argument, a macro for the call looks like: #define ASM_EXIT() __asm__("mov %r0, #1\n\t" \ "mov %r7, #1\n\t" \ "swi #0") This works well. To accept an argument, I adjust it to: #define ASM_EXIT(var) __asm__("mov %r0, %0\n\t" \ "mov %r7, #1\n\t" \ "swi #0" \ : \ : "r"(var)) and I call it using: #define GET_STATUS() (*(int*)(some_address)) //gets an integer from an address ASM_EXIT(GET_STATUS());

My code works well with malloc , but not with mmap . The code is below: main.c #include <stdio.h> #include <stdlib.h> int main(){ int * p = (int*) malloc(sizeof(int)); printf("in main(): value p = %d\n", *p); free(p); } preload.c #define _GNU_SOURCE #include <time.h> #include <dlfcn.h> #include <stdio.h> #include <sys/types.h> void *(*orig_malloc)(size_t size); void *malloc(size_t size){ printf(" Hooked(preload)! malloc:size:%lu\n", size); return orig_malloc(size); } void * (*orig_mmap)(void *start, size_t length, int prot, int flags, int fd, off_t offset); void * mmap(void *start, size_t

My epoll_wait fails due to EINTR. My gdb trace shows this: enter code here 221 in ../nptl/sysdeps/pthread/createthread.c (gdb) 224 in ../nptl/sysdeps/pthread/createthread.c (gdb) [New Thread 0x40988490 (LWP 3589)] 227 in ../nptl/sysdeps/pthread/createthread.c (gdb) epoll_wait error in start timer: Measurement will befor entire duration of execution epoll_wait: Interrupted system call [Thread 0x40988490 (LWP 3589) exited] This string "epoll_wait error in start timer: Measurement will befor entire duration of execution" is printed by me in stderr. I am not able to make out, how to remedy this

I'm writing a kernel module and I need to hijack/wrap some sys calls. I'm brute-forcing the sys_call_table address and I'm using cr0 to disable/enable page protection. So far so good (I'll make public the entire code once it's done, so I can update this question if somebody wants). Anyways, I have noticed that if I hijack __NR_sys_read I get a kernel oops when I unload the kernel module, and also all konsoles (KDE) crash. Note that this doesn't happen with __NR_sys_open or __NR_sys_write . I'm wondering why is this happening. Any ideas? PS: Please don't go the KProbes way, I already know about

I'm writing a simple REPL (a command line wrapper for adb ) in Ruby where I support two kinds of commands: interactive commands non-interactive commands As for 2, I simply want to invoke a system command from the REPL, capture its output while it's outputting text, and allow the user to exit back into the REPL from that command. Example: >> logcat ... // log output here ! user hits CTRL-D >> // back at the prompt This is to happen within my program, not the system shell. Now the problem is: while logcat is running, the parent process (the REPL) keeps capturing keystrokes and then replays (?)

I'm new to linux. I want to make child process and parent process at the same time. But I have failed. Here is my code. Can anybody help me? #define _GNU_SOURCE #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <sched.h> #include <signal.h> #define FIBER_STACK 8192 void * stack; int do_something(){ int a = 0; while (a<10){ printf("pid : %d, a = %d\n", getpid(), a++); } exit(1); } int main() { void * stack; stack = malloc(FIBER_STACK); if(!stack) { printf("The stack failed\n"); exit(0); } int a = 0; if (c == 0) clone(&do_something, (char *)stack + FIBER_STACK, CLONE_VM|CLONE

this is for an assignment at school, where I need to determine the size of the processes on the system using a system call. My code is as follows: ... struct task_struct *p; struct vm_area_struct *v; struct mm_struct *m; read_lock(&tasklist_lock); for_each_process(p) { printk("%ld\n", p->pid); m = p->mm; v = m->mmap; long start = v->vm_start; printk("vm_start is %ld\n", start); } read_unlock(&tasklist_lock); ... When I run a user level program that calls this system call, the output that I get is: 1 vm_start is 134512640 2 EIP: 0073:[<0806e352>] CPU: 0 Not tainted ESP: 007b:0f7ecf04 EFLAGS:

I am writing a program which uses Ptrace and does the following: It reads the current eax and checks if the system call is sys_open. If it is then i need to know what are the arguments that are passed. int sys_open(const char * filename, const int mode, const int mask) So eax = 5 implies it is a open system call I came to know ebx has the address of the file location from this Question But how do I knows the length of the file name so I can read the contents in that location? I came across the following questions which address the same Question 1 Question 2 (This one is mine only!) But I still

how to monitor system calls for a process? Check strace In the simplest case strace runs the specified command until it exits. It intercepts and records the system calls which are called by a process and the signals which are received by a process. The name of each system call, its arguments and its return value are printed on standard error or to the file specified with the -o option. Each line in the trace contains the system call name, followed by its arguments in parentheses and its return value. 来源： https://stackoverflow.com/questions/1010561/unix-system-call-monitor