Chapter three mechanisms (on) system calls
Knowledge summary:
- System call : system call is the operating system provides a set of interfaces for interactive user mode processes and hardware devices.
- Features of the system call:
- It frees users from the underlying hardware of the programming;
- Greatly improve the security of the system;
- It allows the user to program portability.
- API: Application Programming Interface (application program interface)
- An API may correspond to only a system call may also be called by a plurality of internal system implementation;
- A system call may also be multiple API calls;
- It does not involve interaction with the kernel API calls inside the packaging system does not, as required mathematical function of the absolute value abs ().
- System call three mechanisms :
- API
- Interrupt vector corresponding system_call. (The system_call is the entry point for all the linux system calls, each system has at least one call parameter, i.e., the system call number transmitted by the eax )
- Kernel system call handler sys_xyz ()
- What is the user mode and kernel mode:
- Low-level user mode :( instruction) to process 32-bit 4GB address space 0x00000000 ~ 0xbfffffff can only access the address space.
- Kernel mode :( high-level instructions for execution) performed at a high-level code may execute a privileged instruction , access to any physical address , then the CPU execution levels corresponding to kernel mode. CS: EIP value can be any address.
- The main way to enter the user mode kernel mode: interrupt handling
- Interrupt / int instruction occurs after the first thing is to protect the scene, before the end of treatment interruption last thing is to restore the site.
- Call transfer parameters of the system :
- Parameter can not push the way, but by way of the parameters passed special registers.
- Transfer parameters register has the following limitations:
- 1) length of each parameter can not exceed the length of the register, i.e., 32
- 2) outside the system call number (eax), the number of parameters can not be over 6 (ebx, ecx, edx, esi, edi, ebp)
An experiment: the use of library functions API time () to get the current system time
Problems encountered during the experiment &
2. Solution
See below a solution experiment.
3. Code Analysis
#include<stdio.h>
#include<time.h>
int main()
{
time_t tt; //t是一个int型的数值,记录当前系统的时间,
struct tm *t; //定义一个 struct tm 类型的指针变量 t
tt = time(NULL); //使用库函数 API time() 来获取 tt
t = localtime(&tt); //调用 localtime() 把tt变成 struct tm 这种结构的格式便于输出为可读格式
printf("time:%d:%d:%d:%d:%d:%d:\n",t->tm_year+1900,t->tm_mon,t->tm_mday,t->tm_hour,t->tm_min,t->tm_sec);
return 0;
}Two experiments: trigger system call to get the current time in assembly mode
1. encountered problems
Solution
Modify the code as follows:
runs correctly:
2. inline assembly code
asm volatile(
"mov $0,%%ebx\n\t" //把EBX寄存器清零
"mov $0xd,%%eax\n\t" //EAX寄存器传递系统调用号13
"int $0x80\n\t" //触发系统调用陷入内核执行13号系统调用的内核处理函数
"mov %%eax,%0\n\t" //通过EAX寄存器返系统调用值,把EAX寄存器的值放到tt变量中,即完成了C代码中嵌入汇编代码触发13号系统调用time
:"=m"(tt)
);Three experiments: system call with two parameters (a)
First use the API library functions to trigger rename system call.
code show as below:
#include<stdio.h>
int main()
{
int ret;
char *oldname = "hello.c";
char *newname = "newhello.c";
ret = rename(oldname,newname);
if(ret == 0
printf("Renamed successfully\n");
else
printf("Unable to rename the file\n");
return 0;
}experiment procedure
Four experiments: with two parameters of system calls (ii)
With embedded assembly code triggers rename call.
code show as below:
#include<stdio.h>
int main()
{
int ret;
char *oldname = "hello.c";
char *newname = "newhello.c";
asm volatile(
"movl %2,%%ecx\n\t" //将newname存入ecx寄存器
"movl %1,%%ebx\n\t" //将oldname存入ebx寄存器
"movl $0x26,%%eax\n\t" //把系统调用号38存入EAX寄存器中
"int $0x80" //执行系统调用陷入内核态,执行38号系统调用的内核处理函数
:"=a"(ret)
:"b"(oldname),"c"(newname)
);
if(ret == 0)
printf("Renamed successfully\n");
else
printf("Unable to rename the file\n");
return 0;
}experiment procedure
After the assembly code "= a" replaced by "= m", compiled again, the results as shown below:
Can be found, hello.c into a newhello.c, but showed no modification is successful. In fact, actually it made the sys_rename, the return value is 0 to save the EAX register. Here failure means ret modification is not equal to 0.
ret qualifier is m, that is to say a memory variable ret. Ret want to make a value of 0, it is necessary to make the value 0 is passed to the EAX register ret. Adding code "movl %% eax,% 0" is as follows:
Compile and run again:
Problems encountered
Problem Cause : In 64-bit systems down to compile 32-bit object files, this is illegal.
Solution : The "-m32" forced to use 32-bit ABI compiler can compile.
Solution : The new added code "movl %% eax,% 0" on a compilation of the end of the language did not add "\ n \ t", can be added after the normal compiler.
Five experiments: syscall library function call common trigger system
If the kernel to add a new system call, library libc version is not up to date for the preparation of API functions, you can use libc syscall function provides immediate caller.
syscall function prototype:
extern long int syscall(long int sysno,...) __THROWsysno system call number, an argument which is "..." is the system call.
To rename an example look at the code to achieve:
