linux劫持系統呼叫connect
阿新 • • 發佈:2019-02-17
為實現網路監控,故需要監控系統呼叫函式__NR_connect
系統環境 64 位 CentOS
程式碼如下:
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/list.h>
#include <linux/init.h>
#include <linux/sched.h>
#include <asm/unistd.h>
#include <linux/dirent.h>
#include <linux/stat.h>
#include <linux/fs.h>
#include <linux/proc_fs.h>
#include <asm/uaccess.h>
#include <net/sock.h>
#include <net/netlink.h>
#define CALLOFF 100
#define SP_INTERCEPT_SOCKET_NETLINK 28
//define idtr and idt struct
char psname[10] = "hello";
char *processname = psname;
static char *mod_name = "hook";
module_param(mod_name, charp, 0);
struct{
unsigned short limit;
unsigned int base;
}__attribute__((packed))idtr;
struct{
unsigned short off_low;
unsigned short sel;
unsigned char none;
unsigned char flags;
unsigned short off_high;
}__attribute__((packed))*idt;
struct _idt
{
unsigned short offset_low,segment_sel;
unsigned char reserved,flags;
unsigned short offset_high;
};
/*unsigned long *getscTable()
{
unsigned char idtr[6] = {0}, *shell = NULL, *sort = NULL;
struct _idt *idtLong = NULL;
unsigned long system_call = 0, sct = 0;
unsigned short offset_low = 0, offset_high = 0;
char *p = NULL;
int i = 0;
__asm__("sidt %0" : "=m" (idtr));
idtLong=(struct _idt*)(*(unsigned long*)&idtr[2]+8*0x80);
offset_low = idtLong->offset_low;
offset_high = idtLong->offset_high;
system_call = (offset_high<<16)|offset_low;
shell=(char *)system_call;
sort="\xff\x14\x85";
for(i=0;i<(100-2);i++)
{
if(shell[i] == sort[0] && shell[i+1] == sort[1] && shell[i+2] == sort[2])
{
break;
}
}
p = &shell[i];
p += 3;
sct=*(unsigned long*)p;
return (unsigned long*)(sct);
}*/
//define function, Point to the system being hijacked
struct linux_dirent
{
unsigned long d_ino;
unsigned long d_off;
unsigned short d_reclen;
char d_name[1];
};
//asmlinkage long (*orig_getdents)(unsigned int fd, struct linux_dirent __user *dirp, unsigned int count);
/*
struct sockaddr
{
unsigned short sa_family;
char sa_data[14];
};
struct in_addr
{
unsigned long s_addr;
};
*/
//struct sockaddr_in
//{
// short int sin_family; /* Internet地址族*/
// unsigned short int sin_port; /* 埠號*/
// struct in_addr sin_addr; /* Internet地址*/
// unsigned char sin_zero[8]; /* 填充0(為了保持和struct sockaddr一樣大小)*/
//};
asmlinkage long (*orig_getdents)(int fd, struct sockaddr __user *dirp, int addrlen);
//int orig_cr0 = 0;
unsigned long *sys_call_table = NULL;
//add by liangz 2016-06-13
void spinfo_destroy_netlink();
static struct mutex ply_cs_mutex;
static struct sock *nl_sk = NULL;
//policy list
typedef struct _NetworkCtrl_
{
// 是否啟用
bool bEnable;
//ip:port
char website[2048];
}NetworkCtrl, *PNetworkCtrl;
PNetworkCtrl sp_ply_info = NULL;
//get function system_call addr
/*void* get_system_call(void)
{
printk(KERN_ALERT "start get_system_call...\n");
void * addr = NULL;
asm("sidt %0":"=m"(idtr));
idt = (void*) ((unsigned long*)idtr.base);
addr = (void*) (((unsigned int)idt[0x80].off_low) | (((unsigned int)idt[0x80].off_high)<<16 ));
return addr;
}*/
//find sys_call_table
char* findoffset(char *start)
{
printk(KERN_ALERT "start findoffset...\n");
char *p = NULL;
int i = 0;
/*for(p=start; p < start + CALLOFF; p++)
{
if(*(p+0) == '\xff' && *(p+1) == '\x14' && *(p+2) == '\x85')
{
return p;
}
}*/
p = start;
for(i=0;i<(100-2);i++,p++)
{
if(*(p+0) == '\xff' && *(p+1) == '\x14' && *(p+2) == '\xc5')
{
printk(KERN_ALERT "p: 0x%x\n",p);
return p;
}
}
return NULL;
}
//get sys_call_table addr
/*void** get_system_call_addr(void)
{
printk(KERN_ALERT "start get_system_call_addr.../n");
unsigned long sct = 0;
char *p = NULL;
unsigned long addr = (unsigned long)get_system_call();
if((p=findoffset((char*) addr)))
{
sct = *(unsigned long*)(p + 3);
printk(KERN_ALERT "find sys_call_addr: 0x%x\n", (unsigned int)sct);
}
return ((void**)sct);
}*/
//clear and return cr0
unsigned int clear_and_return_cr0(void)
{
printk(KERN_ALERT "start clear_and_return_cr0...\n");
unsigned int cr0 = 0;
unsigned int ret = 0;
asm volatile ("movq %%cr0, %%rax":"=a"(cr0));
ret = cr0;
cr0 &= 0xfffffffffffeffff;
asm volatile ("movq %%rax, %%cr0"
:
:"a"(cr0)
);
return ret;
}
//ser cr0
void setback_cr0(unsigned int val)
{
printk(KERN_ALERT "start setback_cr0...\n");
asm volatile ("movq %%rax, %%cr0"
:
:"a"(val)
);
}
//char* to int
/*int atoi(char *str)
{
int res = 0;
int mul = 1;
char *ptr = NULL;
for(ptr = str + strlen(str)-1; ptr >= str; ptr--)
{
if(*ptr < '0' || *ptr > '9')
{
return -1;
}
res += (*ptr - '0') * mul;
mul *= 10;
}
return res;
}*/
//check if process whose pid equals 'pid' is set to hidden
/*int ishidden(pid_t pid)
{
if(pid < 0)
{
return 0;
}
struct task_struct * task = NULL;
task = find_task_by_pid(pid);
printk(KERN_ALERT "pid:%d,hide:%d/n", pid, task->hide);
if(NULL != task && 1 == task->hide)
{
return 1;
}
return 0;
}*/
int myatoi(char *str)
{
int res = 0;
int mul = 1;
char *ptr = NULL;
for (ptr = str + strlen(str) - 1; ptr >= str; ptr--)
{
if (*ptr < '0' || *ptr > '9')
{
return -1;
}
res += (*ptr - '0') * mul;
mul *= 10;
}
if(res>0 && res< 9999)
{
//printk(KERN_INFO "pid = %d\n",res);
}
return res;
}
struct task_struct *get_task(pid_t pid)
{
//printk(KERN_INFO "start get_task.\n");
struct task_struct *p = get_current(),*entry = NULL;
list_for_each_entry(entry,&(p->tasks),tasks)
{
if(entry->pid == pid)
{
//printk("pid found = %d\n",entry->pid);
return entry;
}
else
{
//printk(KERN_INFO "pid = %d not found\n",pid);
}
}
//printk(KERN_INFO "end get_task.\n");
return NULL;
}
static inline char *get_name(struct task_struct *p, char *buf)
{
int i = 0;
char *name = NULL;
name = p->comm;
if(!name)
{
printk(KERN_INFO " process name is null!\n");
return buf;
}
i = sizeof(p->comm);
do
{
unsigned char c = *name;
name++;
i--;
*buf = c;
if(!c)
{
break;
}
if('\\' == c)
{
buf[1] = c;
buf += 2;
continue;
}
if('\n' == c)
{
buf[0] = '\\';
buf[1] = 'n';
buf += 2;
continue;
}
buf++;
}while(i);
*buf = '\n';
return buf + 1;
}
int get_process(pid_t pid)
{
struct task_struct *task = NULL;
task = get_task(pid);
char buffer[64] = {0};
if(task)
{
get_name(task, buffer);
if(0 == strlen(buffer))
{
return 0;
}
//if(pid > 0 && pid < 9999)
//{
//printk(KERN_INFO "task name = %s\n",*buffer);
//}
//printk(KERN_INFO "pid = 1554,task name buffer = %s\n", buffer);
if(strstr(buffer, "SpinfoDepClient") || strstr(buffer, "SpinfoUsbCtrl") || strstr(buffer, "SpinfoPrintCtrl") || strstr(buffer, "SpinfoNetWorkCt"))
{
printk(KERN_INFO "task name = %s\n", buffer);
return 1;
}
else
{
return 0;
}
}
else
{
printk(KERN_INFO "get_task is null.\n");
}
return 0;
}
int my_inet_ntoa(struct in_addr ina, char* ipBuff)
{
unsigned char *ucp = (unsigned char *)&ina;
sprintf(ipBuff, "%d.%d.%d.%d", ucp[0] & 0xff, ucp[1] & 0xff, ucp[2] & 0xff, ucp[3] & 0xff);
printk("ipBuff = %s\n", ipBuff);
return 0;
}
int DottedDecimal(unsigned long ulAddr, char* szAddr)
{
unsigned long ulMask[4] = {0x000000FF, 0x0000FF00, 0x00FF0000, 0xFF000000};
int i = 0;
for (; i < 4; i++)
{
long l = (ulAddr & ulMask[i]) >> (i * 8);
sprintf((szAddr + strlen(szAddr)), "%ld", l);
if (i != 3)
{
strcat(szAddr, ".");
}
}
return 0;
}
//the hacked sys_getdents64
asmlinkage long hacked_getdents(int fd, struct sockaddr __user* dirp, int addrlen)
{
//add by liangz 2016-03-14
long modifyBufLength = 0;
int value = 0;
unsigned short len = 0;
unsigned short tlen = 0;
printk(KERN_ALERT "hide process start call __NR_connect...\n");
//value = (*orig_getdents) (fd, dirp, addrlen);
//
/*
struct sockaddr* dirp2 = NULL;
dirp2 = (struct sockaddr*)kmalloc(sizeof(struct sockaddr), GFP_KERNEL);
if(!dirp2)
{
printk(KERN_ERR "kmalloc mail...");
return 111;
}
if(copy_from_user(dirp2, dirp, sizeof(struct sockaddr)))
{
printk(KERN_ERR "fail to copy dirp to dirp2...\n");
kfree(dirp2);
dirp2 = NULL;
return 111;
}*/
char addrdata1[15] = {0};
memcpy(addrdata1, dirp->sa_data, 14);
unsigned short output;
unsigned int ipInt;
#if BYTE_ORDER == LITTLE_ENDIAN
((unsigned char*)&output)[0] = addrdata1[1];
((unsigned char*)&output)[1] = addrdata1[0];
((unsigned char*)&ipInt)[0] = addrdata1[2];
((unsigned char*)&ipInt)[1] = addrdata1[3];
((unsigned char*)&ipInt)[2] = addrdata1[4];
((unsigned char*)&ipInt)[3] = addrdata1[5];
#else
#endif
//struct sockaddr_in *addrdata = NULL;
//addrdata = (struct sockaddr_in*)dirp;
char ipBuff[16] = {0};
printk("port = %d\n", output);
DottedDecimal(ipInt, ipBuff);
printk("ip str = %s\n", ipBuff);
//read policy info ip port
//
mutex_lock(&ply_cs_mutex);
if(sp_ply_info && sp_ply_info->bEnable)
{
char cPort[5] = {0};
snprintf(cPort, 5, "%d", output);
char ipPort[32] = {0};
strncat(ipPort, ipBuff, 15);
strncat(ipPort, ":", 1);
strncat(ipPort, cPort, 5);
printk("ipPort = %s\n", ipPort);
if(strstr(sp_ply_info->website, ipPort))
{
printk("ip = %s:port = %d is illegal!\n", ipBuff, output);
//copy_to_user (dirp, dirp2, sizeof(struct sockaddr));
//kfree(dirp2);
//dirp2 = NULL;
mutex_unlock(&ply_cs_mutex);
return 111;
}
}
mutex_unlock(&ply_cs_mutex);
//copy_to_user (dirp, dirp2, sizeof(struct sockaddr));
//kfree(dirp2);
//dirp2 = NULL;
printk("end call __NR_connect...\n");
//value = (*orig_getdents) (fd, dirp, addrlen);
/*
modifyBufLength = value;
return modifyBufLength;
*/
return 0;
}
static void *memmem(const void *haystack, size_t haystack_len, const void *needle, size_t needle_len)
{
const char *begin = NULL;
const char *const last_possible = (const char *) haystack + haystack_len - needle_len;
if (needle_len == 0)
{
printk(KERN_ALERT "needle_len == 0\n");
return (void*)haystack;
}
if (__builtin_expect(haystack_len < needle_len, 0))
{
return NULL;
}
for (begin = (const char *) haystack; begin <= last_possible; ++begin)
{
if (begin[0] == ((const char *) needle)[0]
&& !memcmp((const void *) &begin[1],
(const void *) ((const char *) needle + 1),
needle_len - 1))
{
return (void*) begin;
}
}
return NULL;
}
static unsigned long get_sct_addr(void)
{
#define OFFSET_SYSCALL 200
unsigned long syscall_long, retval;
char sc_asm[OFFSET_SYSCALL] = {0};
rdmsrl(MSR_LSTAR, syscall_long);
memcpy(sc_asm, (char *)syscall_long, OFFSET_SYSCALL);
retval = (unsigned long) memmem(sc_asm, OFFSET_SYSCALL, "\xff\x14\xc5", 3);
if ( retval != 0 )
{
retval = (unsigned long) ( * (unsigned long *)(retval+3) );
}
else
{
printk("long mode : memmem found nothing, returning NULL");
retval = 0;
}
#undef OFFSET_SYSCALL
return retval;
//unsigned sys_call_off = 0;
/*void *sys_call_off = NULL;
unsigned sct = 0;
char *p = NULL;
unsigned char idtrT[6] = {0}, *shell = NULL, *sort = NULL;
struct _idt *idtT;
unsigned long system_call = 0;// sct = 0;
asm("sidt %0":"=m"(idtrT));
//idt = (void *) (idtr.base + 8 * 0x80);
printk(KERN_ALERT "=== 1 ===\n");
//idt = (void*) ((unsigned long*)idtr.base);
idtT = (struct _idt*)(*(unsigned long*)&idtrT[2]+8*0x80);
//idt = (struct _idt*)
//sys_call_off = (idt->off_high << 16) | idt->off_low;
printk(KERN_ALERT "=== 2 ===\n");
//sys_call_off = (void*) (((unsigned int)idt[0x80].off_low) | (((unsigned int)idt[0x80].off_high)<<16 ));
system_call = (idtT->offset_high<<16) | idtT->offset_low;
printk(KERN_ALERT "=== 3 ===\n");
if ((p = findoffset((char *) system_call)))
{
sct = *(unsigned *) (p + 3);
}
else
{
printk(KERN_ALERT " findoffset fail...\n");
}
return ((void **)sct);*/
}
int hideModule(void)
{
list_del(&THIS_MODULE->list);//lsmod,/proc/modules
kobject_del(&THIS_MODULE->mkobj.kobj);// /sys/modules
list_del(&THIS_MODULE->mkobj.kobj.entry);// kobj struct list_head entry
return 0;
}
static inline void rootkit_protect(void)
{
try_module_get(THIS_MODULE);// count++
//module_put(THIS_MODULE);//count--
}
void nl_receive_policy(struct sk_buff *__skb)
{
struct sk_buff *skb = NULL;
struct nlmsghdr *nlh = NULL;
int len = 0;
len = sizeof(NetworkCtrl);
if(NULL == sp_ply_info)
{
sp_ply_info = kmalloc(sizeof(NetworkCtrl), GFP_KERNEL);
if(!sp_ply_info)
{
printk(KERN_ERR "nl_receive_policy() : kmalloc() %d\n", -ENOMEM);
return;
}
}
else
{
printk("sp_ply_info is not NULL, memset sp_ply_info...\n");
memset(sp_ply_info, 0, sizeof(NetworkCtrl));
}
skb = skb_get(__skb);
if(skb->len >= NLMSG_SPACE(0))
{
nlh = nlmsg_hdr(skb);
mutex_lock(&ply_cs_mutex);
memcpy(sp_ply_info, NLMSG_DATA(nlh), len);
printk("bEnable = %d\n", sp_ply_info->bEnable);
printk("website = %s\n", sp_ply_info->website);
mutex_unlock(&ply_cs_mutex);
}
kfree_skb(skb);
}
int spinfo_init_netlink()
{
int err = 0;
printk("spinfo_init_netlink...\n");
mutex_init(&ply_cs_mutex);
nl_sk = netlink_kernel_create(&init_net, SP_INTERCEPT_SOCKET_NETLINK, 1, nl_receive_policy, NULL, THIS_MODULE);
if (!nl_sk)
{
printk(KERN_ERR "spinfo_init_netlink() : create netlink socket error.\n");
err = -1;
}
return err;
}
static int __init hook_init(void)
{
//printk(KERN_ALERT"[insmod module] name:%s state:%d refcnt:%u \n",THIS_MODULE->name,THIS_MODULE->state,module_refcount(THIS_MODULE));
//rootkit_protect();
printk("init policy...\n");
if(spinfo_init_netlink())
{
return -1;
}
printk(KERN_ALERT"[insmod module] name:%s state:%d refcnt:%u \n",THIS_MODULE->name,THIS_MODULE->state,module_refcount(THIS_MODULE));
/*int retHide = 0;
retHide = hideModule();
if(0 == retHide)
{
printk(KERN_ALERT "hide module success...\n");
}*/
/*if(0 == THIS_MODULE->state)
{
THIS_MODULE->state = 1;
}*/
printk(KERN_ALERT "start hook_init\n");
unsigned long orig_cr0 = 0;//clear_and_return_cr0();
sys_call_table = (unsigned long*)get_sct_addr();
sys_call_table = (unsigned long)sys_call_table | 0xffffffff00000000;
if(!sys_call_table)
{
printk(KERN_ALERT "=== get_sct_addr fail ===\n");
return -EFAULT;
}
else if(sys_call_table[__NR_connect] != hacked_getdents)
{
printk(KERN_ALERT "start __NR_connect ...");
//printk(KERN_ALERT "sct:0x%x\n", (unsigned long)sys_call_table);
printk(KERN_ALERT "sct:0x%x,hacked_getdents:0x%x\n", (unsigned long)sys_call_table[__NR_connect],(unsigned long)hacked_getdents);
orig_cr0 = clear_and_return_cr0();
orig_getdents = sys_call_table[__NR_connect];
printk(KERN_ALERT "old:0x%x, new:0x%x\n",(unsigned long) orig_getdents, (unsigned long)hacked_getdents);
printk(KERN_ALERT "end __NR_connect ...");
if(hacked_getdents != NULL)
{
printk(KERN_ALERT "call hacked_getdents...\n");
sys_call_table[__NR_connect] = hacked_getdents;
}
setback_cr0(orig_cr0);
printk(KERN_INFO "module loaded...\n");
/*printk(KERN_ALERT"[insmod module] name:%s state:%d\n",THIS_MODULE->name,THIS_MODULE->state);
if(0 == THIS_MODULE->state)
{
THIS_MODULE->state = 1;
}*/
return 0;
}
else
{
printk(KERN_ALERT "system_call_table_long[__NR_getdents64] == hacked_getdents\n");
return -EFAULT;
}
}
static int __exit unhook_exit(void)
{
printk(KERN_ALERT "start unhook_exit\n");
spinfo_destroy_netlink();
unsigned long orig_cr0 = clear_and_return_cr0();
if(sys_call_table)
{
sys_call_table[__NR_connect] = orig_getdents;
setback_cr0(orig_cr0);
printk(KERN_ALERT "unhook_exit success...\n");
return 0;
}
printk(KERN_ALERT "unhook_exit fail...\n");
return -EFAULT;
}
void spinfo_destroy_netlink()
{
printk("spinfo_destroy_netlink...\n");
if(nl_sk)
{
sock_release(nl_sk->sk_socket);
}
if(sp_ply_info)
{
kfree(sp_ply_info);
sp_ply_info = NULL;
}
}
MODULE_AUTHOR("zhao liang. Halcrow < 相關推薦
linux劫持系統呼叫connect
為實現網路監控,故需要監控系統呼叫函式__NR_connect 系統環境 64 位 CentOS 程式碼如下: #include <linux/kernel.h> #include <linux/module.h> #include <
Linux 檔案系統呼叫open七日遊(三)
接著上回,當對“.”和“..”處理完成後就直接返回進入下一個子路徑迴圈了,但如果當前子路徑不是“.”或“..”呢? 【fs/namei.c】 sys_open > do_sys_open > do_filp_open >&
Linux檔案系統呼叫open 七日遊 (六)
還記得在上一個場景中,build_open_flags裡面有一個對標誌位O_PATH的判斷麼?現在我們就來看看這個標誌位是幹啥的: 【場景二】open(pathname,O_PATH) 這個O_PATH似乎是不常用的,咱們先看看它的使用
linux檔案系統呼叫 open 七日遊(四)
現在,我們的“路徑行走”只剩下最後一個小問題需要處理了——符號連結。 【fs/namei.c】 sys_open > do_sys_open > do_filp_open > path_openat &g
Linux的系統呼叫 網路連線狀態 磁碟I/O 可疑行為監控/日誌收集 SHELL命令執行流程
分享一下我老師大神的人工智慧教程!零基礎,通俗易懂!http://blog.csdn.net/jiangjunshow 也歡迎大家轉載本篇文章。分享知識,造福人民,實現我們中華民族偉大復興!
深入理解 Linux 核心---系統呼叫
Unix 系統通過向核心發出系統呼叫實現了使用者態程序和硬體裝置之間的大部分介面。 POSIX API 和系統呼叫 應用程式設計介面:只是一個函式定義,說明如何獲得一個給定的服務。 系統呼叫:通過軟中斷向核心態發出一個明確的請求。 一個 API 沒必要對應一個特定的系統呼叫,
Linux open系統呼叫(二)
注:本文分析基於3.10.0-693.el7核心版本,即CentOS 7.4 上回說到根據使用者給的路徑,通過path_init函式設定起始目錄nd->path,那接下來就要遍歷目錄了,我們從link_path_walk函式開始分析。 static int
Unix/Linux程式設計-系統呼叫I/O
系統呼叫I/O 1.1 檔案描述符 對於核心而言,所有開啟的檔案都通過檔案描述符引用。檔案描述符是一個非負整數,當開啟一個現有檔案或建立一個新檔案時,核心向程序返回一個檔案描述符。在符合POSIX.1的應用程式中,幻數0,1,2雖然已經被標準化,但應當把它們替換成符號常量STDIN
linux system系統呼叫
為了簡化執行命令的複雜程度,Linux系統提供system系統呼叫,原理是通過fork的方式產生一個子程序,在這個子程序中執行系統呼叫過程中引數裡面設定的command。 system函式 #include <stdlib.h> int system(const ch
Linux下系統呼叫實現檔案操作
系統呼叫(系統呼叫是作業系統提供給使用者程式的一組“特殊”函式介面,使用者通過這組介面獲得作業系統提供的服務)中操作I/O的函式,都是針對檔案描述符的。 通過檔案描述符可以直接對相應檔案進行操作,如:open、close、write、read、ioctl #define STDIN_FIL
Linux open系統呼叫(一)
注:本文分析基於3.10.0-693.el7核心版本,即CentOS 7.4 1、函式原型 int open(const char *pathname, int flags); int open(const char *pathname, int flags,
linux prctl系統呼叫觸發IPI
prctl系統呼叫提供了一系列操作程序的方法。 這裡主要說明一下PR_SET_SECCOMP引數是如何觸發IPI的。 seccomp 是 secure computing 的縮寫,是 Linux kernel 從2.6.23版本引入的一種簡潔的沙盒 sandboxing 機制。 在
Linux open系統呼叫流程(2)
1. 書結上文,繼續分析do_filp_open函式,其傳入4個引數: dfd:相對目錄 tmp:檔案路徑名,例如要開啟/usr/src/kernels/linux-2.6.30 flags:開啟標誌 mode:開啟模式 /* * Note that while the
Linux open系統呼叫流程(3)
1. 閒言少敘,繼續分析__link_path_walk函式: /* * Name resolution. * This is the basic name resolution function, turning a pathname into * the final dentry
Linux open系統呼叫流程(1)
1.概述 我們知道,Linux把裝置看成特殊的檔案,稱為裝置檔案。在操作檔案之前,首先必須開啟檔案,開啟檔案的函式是通過open系統呼叫來實現的。而簡單的檔案開啟操作,在Linux核心實現卻是非常的複雜。open函式開啟原理就是將程序files_struct結構體和檔案物件file相關聯。那麼具
Linux--Sys_Read系統呼叫過程分析
注: 本片文章以Read函式的呼叫為例來講述一下系統對塊驅動層的一些處理, 哈哈。如果有不正確或者不完善的地方,歡迎前來拍磚留言或者發郵件到[email protected]進行討論,先行謝過。 一.Read函式經由的層次模型 首先來了解一下Read函式經由的
Linux新增系統呼叫(2018)
今晚有點不在狀態,就來總結一下在Linux中新增一個系統呼叫吧,示例平臺Ubuntu 1604 64位,核心版本linux-4.4.4 歡迎大家評論交流,題主從linux-2.6一直到linux-4.15的核心都新增過系統呼叫,各個大版本之間新增系統呼叫還是有一定區別。現在
Linux 下系統呼叫的三種方法
轉自:https://www.cnblogs.com/hazir/p/three_methods_of_syscall.html 系統呼叫(System Call)是作業系統為在使用者態執行的程序與硬體裝置(如CPU、磁碟、印表機等)進行互動提供的一組介面。當用戶程序需要
linux下系統呼叫、API、系統命令,核心函式的區別與聯絡
1.系統呼叫: 應用程式和核心間的橋樑,是應用程式訪問核心的入口點;但通常情況下,應用程式通過作業系統提供的API進行程式設計而不是使用系統呼叫直接程式設計; linux的全部系統呼叫加起來大約只有250個左右。 2.API: API常以c庫(libc)的形式提供,
Linux核心系統呼叫的新增
本文通過自身實踐,介紹了在Linux下為核心新增系統呼叫的簡單例項。 系統呼叫: 作業系統為使用者態程序與硬體及核心資源進行互動提供的一組介面; 系統呼叫可被看成是一個核心與使用者空間程式互動的介面。 優點: 極大的提高了系統的安全性; 使使用者程式具有可移植性。 系統