2019-2020-1 20199319 "Linux kernel principle and Analysis" in the fifth week of work

Others 2019-10-18 14:12:45 views: null

Three-tier mechanism (on) system calls

Basics

1, by way of a system call library function, library function calls to the system used to encapsulate.
2, CPU to perform four different levels: 0,1,2,3, the smaller the number, the higher the privilege. Linux operating system uses two privilege levels 0 and 3, corresponding to the kernel mode and user mode.
3, macro Linux operating system architecture is divided into: user mode and kernel mode.
The method to distinguish between user mode and kernel mode is the CS: EIP points of the range.

  • Kernel mode (high-level instruction execution): comprising a privileged instruction can execute all the instructions, CS: EIP values ​​may be arbitrary address
  • User mode (low-level instructions): For 32-bit address space of the process of 4GB, 0x00000000 ~ 0xbfffffff can only access the address space.

4, interrupts: from user mode to enter the main mode kernel mode.
5, system calls: the user mode processes to interact with a hardware device provides a set of interfaces.
6, features and characteristics of the system call:

  • It frees users from the underlying hardware of the programming;
  • Greatly improve system security;
  • It allows the user to program portability.

Relations 7, API and system calls:
API: Application Programming Interface, simply defined functions.

  • System calls to the kernel interrupt request issued by soft interrupt, int instruction execution will trigger an interrupt request.
  • Some internal API libc libraries defined using routine encapsulation system call, its main purpose is to call distribution system that allows programmers to write code does not require the assembly instructions and registers for passing parameters call trigger system.
  • An API may correspond to only a system call may also be a plurality of internal system call; system call may also be a plurality of API calls.
  • Relate to the interaction with the kernel API internal space of the packaging system will call does not involve interacting with the kernel API interior space packaging system does not call.
  • If the kernel adds a new system call, but did not update libc libraries written for API functions, you can use a direct call syscall function provided by libc.

8, three-tier mechanism system call: xyz (), system_call and sys_xyz ()
9, the kernel knows how user mode process which wish to call the system call?
By calling the kernel to distinguish a number for each system, i.e., system calls, the API function XYZ () system call kernel function sys_xyz () associate with a calling number parameter transmitting system EAX register.

Use the API library functions and C code embedded assembly code triggers the same system calls

Use the API library functions to trigger

The following call to the library function getpid () to get the process ID, for example.

Execution results are as follows:

C code embedded in the trigger assembly code

Query linux system call number table shows, getpid () system call number is 20, that is, hexadecimal 0x14.

Assembly code analysis:

asm volatile(
    "mov $0,%%ebx\n\t"           /*把EBX寄存器清零*/
    "mov $0x14,%%eax\n\t"     /*把0x14放到EAX寄存器中,EAX寄存器用于传递系统调用号,getpid()系统调用号为20,十六进制即0x14*/
    "int $0x80"                          /*触发系统调用陷入内核执行20号系统调用的内核处理函数*/
    :"=a"(pid) 
                 );

Here the code beginning with a movl compiled prompt an error, later renamed mov through.

Execution results are as follows:

With two parameters of the system call rename

rename system call handler in the kernel function SYS_RENAME (), the system call number 38, whose function is to rename a file.

  • Create a file fxn.c

  • Embedded assembly code to trigger

Assembly code analysis:

asm volatile( 
    "movl %1,%%ebx\n\t"                /*把oldname存入EBX寄存器中*/
    "movl %2,%%ecx\n\t"                /*把newname存入ECX寄存器中*/
    "movl $0x26,%%eax\n\t"           /*把系统调用号38存入EAX寄存器中*/
    "int $0x80\n\t"                            /*触发系统调用陷入内核执行38号系统调用的内核处理函数*/
    :"=a"(ret) 
    :"b"(oldname),"c"(newname) );


The results are as follows:
the success of the renamed file fxn.c fxn20199319.c

  • API library functions to trigger

Using the API library functions to trigger rename system call fxn0199319.c renamed after the above change back fxn.c.

Execution results are as follows:

to sum up

  Linux下的系统调用是通过中断(int 0x80)来实现的。在执行int 0x80 指令时,寄存器EAX中存放系统调用号,而传给系统调用的参数则按顺序赋值给EBX,ECX,EDX,ESI,EDI,EBP中,参数个数不能超过6个,如果超过则要把某一个寄存器作为指针指向内存。

Guess you like

Origin www.cnblogs.com/fanxiaonan/p/11697849.html
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com