Download to read offline
![#include <stdio.h>
int main(int argc, char *argv[])
{
printf("Hello World! %d %sn", argc, argv[0]);
return 0;
}
strace
$ gcc hello.c -o hello -Wall -O0
$ strace ./hello
hello.c](https://image.slidesharecdn.com/systracer-180125110841/85/Writing-system-call-tracer-for-Linux-x86-3-320.jpg)
![$ strace ./hello
execve("./hello", ["./hello"], [/* 25 vars */]) = 0
uname({sys="Linux", node="ip-10-0-2-15.ap-
northeast-1.compute.internal", ...}) = 0
:
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma…
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, …
write(1, "Hello World! 1 ./hellon",
23Hello World! 1 ./hello) = 23
exit_group(0) = ?
strace](https://image.slidesharecdn.com/systracer-180125110841/85/Writing-system-call-tracer-for-Linux-x86-4-320.jpg)
![$ strace ./hello
execve("./hello", ["./hello"], [/* 25 vars */]) = 0
uname({sys="Linux", node="ip-10-0-2-15.ap-
northeast-1.compute.internal", ...}) = 0
:
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma…
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, …
write(1, "Hello World! 1 ./hellon",
23Hello World! 1 ./hello) = 23
exit_group(0) = ?
fork execve](https://image.slidesharecdn.com/systracer-180125110841/85/Writing-system-call-tracer-for-Linux-x86-5-320.jpg)
![$ strace ./hello
execve("./hello", ["./hello"], [/* 25 vars */]) = 0
uname({sys="Linux", node="ip-10-0-2-15.ap-
northeast-1.compute.internal", ...}) = 0
:
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma…
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, …
write(1, "Hello World! 1 ./hellon",
23Hello World! 1 ./hello) = 23
exit_group(0) = ?
write](https://image.slidesharecdn.com/systracer-180125110841/85/Writing-system-call-tracer-for-Linux-x86-6-320.jpg)
![#include <stdio.h>
int main(int argc, char *argv[])
{
printf("Hello World! %d %sn", argc, argv[0]);
return 0;
}
strace
$ gcc hello.c -o hello -Wall -O0
$ strace ./hello
hello.c](https://image.slidesharecdn.com/systracer-180125110841/75/Writing-system-call-tracer-for-Linux-x86-3-2048.jpg)
![$ strace ./hello
execve("./hello", ["./hello"], [/* 25 vars */]) = 0
uname({sys="Linux", node="ip-10-0-2-15.ap-
northeast-1.compute.internal", ...}) = 0
:
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma…
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, …
write(1, "Hello World! 1 ./hellon",
23Hello World! 1 ./hello) = 23
exit_group(0) = ?
strace](https://image.slidesharecdn.com/systracer-180125110841/75/Writing-system-call-tracer-for-Linux-x86-4-2048.jpg)
![$ strace ./hello
execve("./hello", ["./hello"], [/* 25 vars */]) = 0
uname({sys="Linux", node="ip-10-0-2-15.ap-
northeast-1.compute.internal", ...}) = 0
:
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma…
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, …
write(1, "Hello World! 1 ./hellon",
23Hello World! 1 ./hello) = 23
exit_group(0) = ?
fork execve](https://image.slidesharecdn.com/systracer-180125110841/75/Writing-system-call-tracer-for-Linux-x86-5-2048.jpg)
![$ strace ./hello
execve("./hello", ["./hello"], [/* 25 vars */]) = 0
uname({sys="Linux", node="ip-10-0-2-15.ap-
northeast-1.compute.internal", ...}) = 0
:
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma…
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, …
write(1, "Hello World! 1 ./hellon",
23Hello World! 1 ./hello) = 23
exit_group(0) = ?
write](https://image.slidesharecdn.com/systracer-180125110841/75/Writing-system-call-tracer-for-Linux-x86-6-2048.jpg)
Uploaded byMasashi Shibata
システムコールトレーサーの動作原理と実装 (Writing system call tracer for Linux/x86)
This document discusses AbemaTV and includes code snippets and documentation on Linux/x86 systems. It covers three main topics: 1. The Linux/x86 Application Binary Interface, system call numbers, and CPU registers. 2. The strace tool and examples of its output tracing system calls like execve, write, and exit_group. 3. The ptrace system call, how it is used for process tracing, and a link to a process tracing tool called systracer on GitHub.
More Related Content
Similar to システムコールトレーサーの動作原理と実装 (Writing system call tracer for Linux/x86)
システムコールトレーサーの動作原理と実装 (Writing system call tracer for Linux/x86)
- 1.
- 2.
- 3. #include <stdio.h> int main(intargc, char *argv[]) { printf("Hello World! %d %sn", argc, argv[0]); return 0; } strace $ gcc hello.c -o hello -Wall -O0 $ strace ./hello hello.c
- 4. $ strace ./hello execve("./hello",["./hello"], [/* 25 vars */]) = 0 uname({sys="Linux", node="ip-10-0-2-15.ap- northeast-1.compute.internal", ...}) = 0 : fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma… mmap2(NULL, 4096, PROT_READ|PROT_WRITE, … write(1, "Hello World! 1 ./hellon", 23Hello World! 1 ./hello) = 23 exit_group(0) = ? strace
- 5. $ strace ./hello execve("./hello",["./hello"], [/* 25 vars */]) = 0 uname({sys="Linux", node="ip-10-0-2-15.ap- northeast-1.compute.internal", ...}) = 0 : fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma… mmap2(NULL, 4096, PROT_READ|PROT_WRITE, … write(1, "Hello World! 1 ./hellon", 23Hello World! 1 ./hello) = 23 exit_group(0) = ? fork execve
- 6. $ strace ./hello execve("./hello",["./hello"], [/* 25 vars */]) = 0 uname({sys="Linux", node="ip-10-0-2-15.ap- northeast-1.compute.internal", ...}) = 0 : fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=ma… mmap2(NULL, 4096, PROT_READ|PROT_WRITE, … write(1, "Hello World! 1 ./hellon", 23Hello World! 1 ./hello) = 23 exit_group(0) = ? write
- 7. Topic 1 Linux /X86 CPU Application Binary Interface System Call Numbers X86 Registers KEYWORDS
- 8. ABI: Application BinaryInterface
- 11. https://github.com/torvalds/linux/blob/v4.14/arch/x86/entry/syscalls/syscall_32.tbl 0 i386 restart_syscallsys_restart_syscall 1 i386 exit sys_exit 2 i386 fork sys_fork sys_fork 3 i386 read sys_read 4 i386 write sys_write 5 i386 open sys_open compat_sys_open
- 12.
- 13. Topic 2 ptrace ptrace systemcall https://github.com/c-bata/systrace/ KEYWORDS
- 14.
- 15. https://github.com/c-bata/systracer Target(Traced) ProcessTracing Process ptrace(PTRACE_TRACEME,…) waitpid(pid, &status, 0) if WIFEXITED(status) { break; } ptrace(PTRACE_GETREGS, …) ptrace(PTRACE_SYSCALL, …) execve(…) fork() while(1) SIGCONT ! ! ! ! !
- 16.