Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
950 views
in Technique[技术] by (71.8m points)

c - system call tracing using ptrace

I wrote a program to list all the system calls executed by a command (say /bin/ls). Now what I am trying to do is find all the system call arguments, environment variables, command line arguments that may be passed to it

Example: If I open a file. The system call sys_access will open the file right ? But how to get these values?
Want to do this for system calls like open, read, write, close.

As per my study these must be in the registers (ebx - edx) If so what does these register values signify? I got this link.
But I really couldn't get much from there. Also any further references for this would be much helpful.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

(Revised form of comments above (so you can accept it)):

Detailed syscall parameters can be looked up in Linux kernel header syscalls.h. In above case, as sys_access (#33 on x86) has only two parameters:

  • first is the pointer to filename, so your file name was stored at address 0x4c4d8e
  • Second parameter is file mode (see mode flag defines)
  • as there is no third parameter to this syscall, edx is not relevant and contains some undefined value

Return value of this syscall is -2 (ENOENT, defined in errno-base.h), which signifies error (no such file or directory).

Also note (see Basile's comment above) that you are duplicating the functionality of strace utility.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...