1
我試圖檢索系統調用的所有數字,最終使用ptrace檢索所有系統調用的名稱。我在64位系統上,所以我使用ORIG_RAX * 8使用ptrace查找系統調用。我目前只能檢索第一個系統調用,下面是一個樣例運行的輸出。有任何想法嗎?使用Ptrace檢索系統調用,在第一個之後停止
謝謝!
輸出: griffinm @ $以及G ++ mystrace.cc
~/cs153/assn2
[email protected] $ a.out ls
Please wait
The child made a system call 59
a.out mystrace.cc mystrace.cc~
Number of machine instructions : 252376
~/cs153/assn2
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <errno.h>
#define ORIG_RAX 120
int main(int argc, char* argv[])
{
long long counter = 0; /* machine instruction counter */
int wait_val; /* child's return value */
int pid;
long orig_eax; /* child's process id */
puts("Please wait");
switch (pid = fork()) {
case -1:
perror("fork");
break;
case 0:
ptrace(PTRACE_TRACEME, 0, 0, 0);
execvp(argv[1], NULL);
break;
default:
wait(&wait_val);
orig_eax = ptrace(PTRACE_PEEKUSER,
pid, ORIG_RAX,
NULL);
printf("The child made a "
"system call %ld\n", orig_eax);
while (wait_val == 1407) {
counter++;
if (ptrace(PTRACE_SINGLESTEP, pid, 0, 0) != 0)
perror("ptrace");
wait(&wait_val);
}
}
printf("Number of machine instructions : %lld\n", counter);
return 0;
}
Update Default Case:
Default:
wait(&wait_val);
while (wait_val == 1407) {
counter++;
if (ptrace(PTRACE_SYSCALL, pid, 0, 0) != 0)
perror("ptrace");
orig_eax = ptrace(PTRACE_PEEKUSER,
pid, 8*ORIG_RAX,
NULL);
cout<<orig_eax<<endl;
wait(&wait_val);
}
}
編輯:
Output:
[email protected] $ a.out pwd
Please wait
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
/home/csmajs/griffinm/cs153/assn2
-1
-1
-1
-1
-1
-1
我認爲8 * Orig_RAX是問題,機器是64位,就像我說的。有任何想法嗎?
您不應該對數字1407進行硬編碼以比較['wait(2)'](http://linux.die.net/man/2/wait)的返回值 - 這是一個實現細節。相反,你應該測試'while(WIFSTOPPED(wait_val)&& WSTOPSIG(wait_val)== SIGTRAP)'。 – 2012-04-15 02:24:30
謝謝!我的教授給了我們一些關於while循環條件的代碼。我有一種感覺,有辦法讓它更通用。 – 2012-04-15 03:05:43