Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

システムコールトレーサーの動作原理と実装 (Writing system call tracer for Linux/x86)

275 views

Published on

ソースコード:
https://github.com/c-bata/systracer

Published in: Internet
  • Be the first to comment

  • Be the first to like this

システムコールトレーサーの動作原理と実装 (Writing system call tracer for Linux/x86)

  1. 1. AbemaTV Linux / x86 Go
  2. 2. AbemaTV Masashi SHIBATA c-bata c_bata_! "
  3. 3. #include <stdio.h> int main(int argc, char *argv[]) { printf("Hello World! %d %sn", argc, argv[0]); return 0; } strace $ gcc hello.c -o hello -Wall -O0 $ strace ./hello hello.c
  4. 4. $ strace ./hello execve("./hello", ["./hello"], [/* 25 vars */]) = 0 uname({sys="Linux", node="ip-10-0-2-15.ap- northeast-1.compute.internal", ...}) = 0 : fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma… mmap2(NULL, 4096, PROT_READ|PROT_WRITE, … write(1, "Hello World! 1 ./hellon",
 23Hello World! 1 ./hello) = 23 exit_group(0) = ? strace
  5. 5. $ strace ./hello execve("./hello", ["./hello"], [/* 25 vars */]) = 0 uname({sys="Linux", node="ip-10-0-2-15.ap- northeast-1.compute.internal", ...}) = 0 : fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma… mmap2(NULL, 4096, PROT_READ|PROT_WRITE, … write(1, "Hello World! 1 ./hellon",
 23Hello World! 1 ./hello) = 23 exit_group(0) = ? fork execve
  6. 6. $ strace ./hello execve("./hello", ["./hello"], [/* 25 vars */]) = 0 uname({sys="Linux", node="ip-10-0-2-15.ap- northeast-1.compute.internal", ...}) = 0 : fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma… mmap2(NULL, 4096, PROT_READ|PROT_WRITE, … write(1, "Hello World! 1 ./hellon",
 23Hello World! 1 ./hello) = 23 exit_group(0) = ? write
  7. 7. Topic 1 Linux / X86 CPU Application Binary Interface System Call Numbers X86 Registers KEYWORDS
  8. 8. ABI: Application Binary Interface
  9. 9. https://github.com/torvalds/linux/blob/v4.14/arch/x86/entry/syscalls/syscall_32.tbl 0 i386 restart_syscall sys_restart_syscall 1 i386 exit sys_exit 2 i386 fork sys_fork sys_fork 3 i386 read sys_read 4 i386 write sys_write 5 i386 open sys_open compat_sys_open
  10. 10.
  11. 11. Topic 2 ptrace ptrace system call https://github.com/c-bata/systrace/ KEYWORDS
  12. 12. ptrace ptrace system call
  13. 13. https://github.com/c-bata/systracer Target(Traced) ProcessTracing Process ptrace(PTRACE_TRACEME, …) waitpid(pid, &status, 0) if WIFEXITED(status) { break; } ptrace(PTRACE_GETREGS, …) ptrace(PTRACE_SYSCALL, …) execve(…) fork() while(1) SIGCONT ! ! ! ! !
  14. 14. https://github.com/c-bata/systrace/

×