我试图使用ptrace检索给定程序调用的所有系统调用的数字,最终目的是找到这些系统调用的名称。我在64位系统上工作,因此我使用ORIG_RAX * 8来使用ptrace查找系统调用。目前我只能检索到第一个系统调用,示例运行输出如下。有什么想法吗?
谢谢!
输出: griffinm@well $ g++ mystrace.cc
谢谢!
输出: griffinm@well $ g++ mystrace.cc
~/cs153/assn2
griffinm@well $ a.out ls
Please wait
The child made a system call 59
a.out mystrace.cc mystrace.cc~
Number of machine instructions : 252376
~/cs153/assn2
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <errno.h>
#define ORIG_RAX 120
int main( int argc, char* argv[])
{
long long counter = 0; /* machine instruction counter */
int wait_val; /* child's return value */
int pid;
long orig_eax; /* child's process id */
puts("Please wait");
switch (pid = fork()) {
case -1:
perror("fork");
break;
case 0:
ptrace(PTRACE_TRACEME, 0, 0, 0);
execvp(argv[1], NULL);
break;
default:
wait(&wait_val);
orig_eax = ptrace(PTRACE_PEEKUSER,
pid, ORIG_RAX,
NULL);
printf("The child made a "
"system call %ld\n", orig_eax);
while (wait_val == 1407 ) {
counter++;
if (ptrace(PTRACE_SINGLESTEP, pid, 0, 0) != 0)
perror("ptrace");
wait(&wait_val);
}
}
printf("Number of machine instructions : %lld\n", counter);
return 0;
}
Update Default Case:
Default:
wait(&wait_val);
while (wait_val == 1407 ) {
counter++;
if (ptrace(PTRACE_SYSCALL, pid, 0, 0) != 0)
perror("ptrace");
orig_eax = ptrace(PTRACE_PEEKUSER,
pid, 8*ORIG_RAX,
NULL);
cout<<orig_eax<<endl;
wait(&wait_val);
}
}
编辑:
Output:
griffinm@well $ a.out pwd
Please wait
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
/home/csmajs/griffinm/cs153/assn2
-1
-1
-1
-1
-1
-1
我认为8*Orig_RAX是问题所在,机器是64位的,正如我之前说的。你有什么想法吗?
wait(2)的返回值进行比较,这是一个实现细节。相反,你应该测试while (WIFSTOPPED(wait_val) && WSTOPSIG(wait_val) == SIGTRAP)。 - Adam Rosenfield