Analysis of Linux kernel process create a new process
2019/10/28 18:34:58
Notes section
- The first is to view the process descriptor (used to describe the process, its code is relatively large) some content
System call Review
fork, vfork, clone three system calls can create a new process, but also through do_fork to implement the process. Linux creates a new process by copying the parent process and set up pid, set eip in the thread, esp.
- Browsing the process of creating the relevant code
Experimental part
- Tracking kernel fork function processing procedure
- First delete the menu, and clone a new one, and then overwrite test.c file to test the impact from the front, then compiled.
- Use help command to view and found more than a fork function creates a child process after execution, you can see both the parent and child processes the information output.
- Start debugging, the kernel is loaded, load the kernel symbol table and connect.
- Set breakpoints, followed by stops in do_fork, copy_process, dup_task_struct, copy_thread, ret_from_fork, until it can no longer track sys_call
