首页 > 代码库 > Linux Kernel sys_call_table、Kernel Symbols Export Table Generation Principle、Difference Between System Calls Entrance In 32bit、64bit Linux(undone)
Linux Kernel sys_call_table、Kernel Symbols Export Table Generation Principle、Difference Between System Calls Entrance In 32bit、64bit Linux(undone)
目录
1. sys_call_table:系统调用表
2. 内核符号导出表、kallsyms_lookup_name
3. Linux 32bit、64bit下系统调用入口的异同
1. sys_call_table:系统调用表
Relevant Link:
2. 内核符号导出表、kallsyms_lookup_name
Relevant Link:
3. Linux 32bit、64bit下系统调用入口的异同
以sys_execve、sys_socketcall、sys_init_module这三个系统调用作为研究对象
0x1: Linux 32bit
1. sys_execve
对于Linux 32bit操作系统来说,sys_execve的系统调用号保存在:
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_32.h
#define __NR_execve 11系统调用处理函数在内核内存中的地址可以通过以下方式得到
cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_execve//c0408150 T sys_execve
在正常情况下(当前linux没有被rootkit、sys_call_table没有被hooked),sys_call_table(系统调用表)中的函数地址和内核导出符号表中的函数地址应该是相同的,即
sys_call_table[__NR_sys_execve] = cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_execve
系统调用函数的入口点跟踪如下
linux-3.15.5\fs\exec.c
SYSCALL_DEFINE3(execve, const char __user *, filename, const char __user *const __user *, argv, const char __user *const __user *, envp){ return do_execve(getname(filename), argv, envp);}
这是个宏定义,等价于对sys_execve的声明
int do_execve(struct filename *filename, const char __user *const __user *__argv, const char __user *const __user *__envp){ struct user_arg_ptr argv = { .ptr.native = __argv }; struct user_arg_ptr envp = { .ptr.native = __envp }; return do_execve_common(filename, argv, envp);}
2. sys_socketcall
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_32.h
#define __NR_socketcall 102在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_socketcall//c078fd70 T sys_socketcall
\linux-3.15.5\net\socket.c
/*进行socket调用派发*/SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args){ unsigned long a[AUDITSC_ARGS]; unsigned long a0, a1; int err; unsigned int len; if (call < 1 || call > SYS_SENDMMSG) return -EINVAL; len = nargs[call]; if (len > sizeof(a)) return -EINVAL; /* copy_from_user should be SMP safe. */ if (copy_from_user(a, args, len)) return -EFAULT; err = audit_socketcall(nargs[call] / sizeof(unsigned long), a); if (err) return err; a0 = a[0]; a1 = a[1]; switch (call) { case SYS_SOCKET: err = sys_socket(a0, a1, a[2]); break; case SYS_BIND: err = sys_bind(a0, (struct sockaddr __user *)a1, a[2]); break; case SYS_CONNECT: err = sys_connect(a0, (struct sockaddr __user *)a1, a[2]); break; case SYS_LISTEN: err = sys_listen(a0, a1); break; case SYS_ACCEPT: err = sys_accept4(a0, (struct sockaddr __user *)a1, (int __user *)a[2], 0); break; case SYS_GETSOCKNAME: err = sys_getsockname(a0, (struct sockaddr __user *)a1, (int __user *)a[2]); break; case SYS_GETPEERNAME: err = sys_getpeername(a0, (struct sockaddr __user *)a1, (int __user *)a[2]); break; case SYS_SOCKETPAIR: err = sys_socketpair(a0, a1, a[2], (int __user *)a[3]); break; case SYS_SEND: err = sys_send(a0, (void __user *)a1, a[2], a[3]); break; case SYS_SENDTO: err = sys_sendto(a0, (void __user *)a1, a[2], a[3], (struct sockaddr __user *)a[4], a[5]); break; case SYS_RECV: err = sys_recv(a0, (void __user *)a1, a[2], a[3]); break; case SYS_RECVFROM: err = sys_recvfrom(a0, (void __user *)a1, a[2], a[3], (struct sockaddr __user *)a[4], (int __user *)a[5]); break; case SYS_SHUTDOWN: err = sys_shutdown(a0, a1); break; case SYS_SETSOCKOPT: err = sys_setsockopt(a0, a1, a[2], (char __user *)a[3], a[4]); break; case SYS_GETSOCKOPT: err = sys_getsockopt(a0, a1, a[2], (char __user *)a[3], (int __user *)a[4]); break; case SYS_SENDMSG: err = sys_sendmsg(a0, (struct msghdr __user *)a1, a[2]); break; case SYS_SENDMMSG: err = sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3]); break; case SYS_RECVMSG: err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]); break; case SYS_RECVMMSG: err = sys_recvmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3], (struct timespec __user *)a[4]); break; case SYS_ACCEPT4: err = sys_accept4(a0, (struct sockaddr __user *)a1, (int __user *)a[2], a[3]); break; default: err = -EINVAL; break; } return err;}
3. sys_init_module
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_32.h
#define __NR_init_module 128在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_init_module//c04975a0 T sys_init_module
\linux-3.15.5\kernel\module.c
SYSCALL_DEFINE3(init_module, void __user *, umod, unsigned long, len, const char __user *, uargs){ int err; struct load_info info = { }; err = may_init_module(); if (err) return err; pr_debug("init_module: umod=%p, len=%lu, uargs=%p\n", umod, len, uargs); err = copy_module_from_user(umod, len, &info); if (err) return err; return load_module(&info, uargs, 0);}
0x2: Linux 64bit
在Linux 64bit下,系统调用的入口点和32bit下有一点区别
1. sys_execve
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_64.h
#define __NR_execve 11//和32bit下一样
在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep stub_execveffffffff8100b4e0 T stub_execvecat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_execveffffffff810095b0 T sys_execve
对于64bit的Linux系统来说,在系统调用外层使用了stub(wrapper functions),我们打印一下Linux 64bit的sys_call_table
find_sys_call_table.c
#include <linux/module.h>#include <linux/init.h>#include <linux/types.h>#include <asm/uaccess.h>#include <asm/cacheflush.h>#include <linux/syscalls.h>#include <linux/delay.h> // loops_per_jiffy/* Just so we do not taint the kernel */MODULE_LICENSE("GPL");void **syscall_table;unsigned long **find_sys_call_table(void);unsigned long **find_sys_call_table() { unsigned long ptr; unsigned long *p; for (ptr = (unsigned long)sys_close; ptr < (unsigned long)&loops_per_jiffy; ptr += sizeof(void *)) { p = (unsigned long *)ptr; if (p[__NR_close] == (unsigned long)sys_close) { printk(KERN_DEBUG "Found the sys_call_table!!!\n"); return (unsigned long **)p; } } return NULL;} static int __init syscall_init(void){ int ret; unsigned long addr; unsigned long cr0; int num = 0; syscall_table = (void **)find_sys_call_table(); if (!syscall_table) { printk(KERN_DEBUG "Cannot find the system call address\n"); return -1; } do { printk("%d: the address is: %16x\n", num, syscall_table[num]); num++; } while (num < 400); return 0;}static void __exit syscall_release(void){ }module_init(syscall_init);module_exit(syscall_release);
Makefile
obj-m := find_sys_call_table.o PWD := $(shell pwd)all: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modulesclean: rm -rf *.o *~ core .*.cmd *.mod.c ./tmp_version *.ko modules.order Module.symversclean_omit: rm -rf *.o *~ core .*.cmd *.mod.c ./tmp_version modules.order Module.symvers
打印64bit上的sys_call_table的函数地址
[924227.139499] 0: the address is: 811788a0[924227.139500] 1: the address is: 81178930[924227.139501] 2: the address is: 81175690[924227.139503] 3: the address is: 81175430[924227.139504] 4: the address is: 8117d420[924227.139505] 5: the address is: 8117d520[924227.139506] 6: the address is: 8117d360[924227.139508] 7: the address is: 8118dbe0[924227.139509] 8: the address is: 81178280[924227.139510] 9: the address is: 81010450[924227.139511] 10: the address is: 81144710[924227.139512] 11: the address is: 81142f50[924227.139514] 12: the address is: 81143320[924227.139515] 13: the address is: 81080d70[924227.139516] 14: the address is: 81081ee0[924227.139517] 15: the address is: 8100b5a0[924227.139518] 16: the address is: 8118b3c0[924227.139520] 17: the address is: 81178a60[924227.139521] 18: the address is: 811789c0[924227.139522] 19: the address is: 81178fe0[924227.139523] 20: the address is: 81178e10[924227.139525] 21: the address is: 81176500[924227.139526] 22: the address is: 811827a0[924227.139527] 23: the address is: 8118e220[924227.139528] 24: the address is: 810612b0[924227.139529] 25: the address is: 81145a20[924227.139531] 26: the address is: 81145c10[924227.139532] 27: the address is: 8113e7e0[924227.139533] 28: the address is: 811374b0[924227.139534] 29: the address is: 81205d50[924227.139535] 30: the address is: 81206fd0[924227.139537] 31: the address is: 81206360[924227.139538] 32: the address is: 8118a920[924227.139539] 33: the address is: 8118ab20[924227.139540] 34: the address is: 81080950[924227.139542] 35: the address is: 81096780[924227.139543] 36: the address is: 810700a0[924227.139544] 37: the address is: 8107c9c0[924227.139545] 38: the address is: 8106fcf0[924227.139546] 39: the address is: 8107c990[924227.139548] 40: the address is: 811784f0[924227.139549] 41: the address is: 8140a210[924227.139550] 42: the address is: 8140bfb0[924227.139551] 43: the address is: 8140c810[924227.139552] 44: the address is: 8140b490[924227.139554] 45: the address is: 8140b890[924227.139555] 46: the address is: 8140bdd0[924227.139556] 47: the address is: 8140bd40[924227.139557] 48: the address is: 8140be60[924227.139558] 49: the address is: 8140c0a0[924227.139560] 50: the address is: 8140b800[924227.139561] 51: the address is: 8140c190[924227.139562] 52: the address is: 8140c830[924227.139563] 53: the address is: 8140a040[924227.139565] 54: the address is: 8140c480[924227.139566] 55: the address is: 8140bee0[924227.139567] 56: the address is: 8100b400[924227.139568] 57: the address is: 8100b420[924227.139569] 58: the address is: 8100b440[924227.139571] 59: the address is: 8100b4e0[924227.139572] 60: the address is: 8106f540[924227.139573] 61: the address is: 8106e350[924227.139574] 62: the address is: 810833b0[924227.139575] 63: the address is: 810103a0[924227.139577] 64: the address is: 81203c40[924227.139578] 65: the address is: 812053f0[924227.139579] 66: the address is: 81204ac0[924227.139580] 67: the address is: 81205ab0[924227.139582] 68: the address is: 81202a50[924227.139583] 69: the address is: 812028d0[924227.139584] 70: the address is: 812024b0[924227.139585] 71: the address is: 81202fb0[924227.139586] 72: the address is: 8118a3f0[924227.139588] 73: the address is: 811c4000[924227.139589] 74: the address is: 811a7130[924227.139590] 75: the address is: 811a7110[924227.139591] 76: the address is: 811767c0[924227.139592] 77: the address is: 81176960[924227.139594] 78: the address is: 8118c150[924227.139595] 79: the address is: 8118f9b0[924227.139596] 80: the address is: 811762a0[924227.139597] 81: the address is: 81176200[924227.139599] 82: the address is: 81187e00[924227.139600] 83: the address is: 811882a0[924227.139601] 84: the address is: 81188160[924227.139602] 85: the address is: 811756c0[924227.139603] 86: the address is: 81188880[924227.139605] 87: the address is: 81187fe0[924227.139606] 88: the address is: 81188660[924227.139607] 89: the address is: 8117cf80[924227.139608] 90: the address is: 81176120[924227.139609] 91: the address is: 81175d00[924227.139611] 92: the address is: 81175f80[924227.139612] 93: the address is: 81175c40[924227.139613] 94: the address is: 81175e30[924227.139614] 95: the address is: 81084d90[924227.139615] 96: the address is: 81070fb0[924227.139617] 97: the address is: 81088280[924227.139618] 98: the address is: 81087f30[924227.139619] 99: the address is: 8107c790[924227.139620] 100: the address is: 81088ae0[924227.139622] 101: the address is: 81077910[924227.139623] 102: the address is: 81077f90[924227.139624] 103: the address is: 8106bc40[924227.139625] 104: the address is: 81077fd0[924227.139627] 105: the address is: 810892e0[924227.139628] 106: the address is: 81088d70[924227.139629] 107: the address is: 81077fb0[924227.139630] 108: the address is: 81077ff0[924227.139631] 109: the address is: 81088840[924227.139633] 110: the address is: 8107c960[924227.139634] 111: the address is: 81088820[924227.139635] 112: the address is: 81088640[924227.139636] 113: the address is: 810893e0[924227.139638] 114: the address is: 81088e50[924227.139639] 115: the address is: 81099f10[924227.139640] 116: the address is: 8109a360[924227.139641] 117: the address is: 81089160[924227.139642] 118: the address is: 81087860[924227.139644] 119: the address is: 81088c30[924227.139645] 120: the address is: 810877c0[924227.139646] 121: the address is: 810887a0[924227.139647] 122: the address is: 81088fa0[924227.139649] 123: the address is: 81088b50[924227.139650] 124: the address is: 81088720[924227.139651] 125: the address is: 81077340[924227.139652] 126: the address is: 810771a0[924227.139653] 127: the address is: 81080a60[924227.139655] 128: the address is: 81084580[924227.139656] 129: the address is: 81083210[924227.139657] 130: the address is: 81081af0[924227.139658] 131: the address is: 8100b460[924227.139660] 132: the address is: 811a7f30[924227.139661] 133: the address is: 81188530[924227.139662] 134: the address is: 810927d0[924227.139663] 135: the address is: 81069c80[924227.139665] 136: the address is: 811a8d90[924227.139666] 137: the address is: 811a9280[924227.139667] 138: the address is: 811a91f0[924227.139668] 139: the address is: 81195730[924227.139669] 140: the address is: 81089a20[924227.139671] 141: the address is: 81089d00[924227.139672] 142: the address is: 810663d0[924227.139673] 143: the address is: 81056590[924227.139674] 144: the address is: 810663f0[924227.139676] 145: the address is: 81056610[924227.139677] 146: the address is: 8104cf10[924227.139678] 147: the address is: 8104cf40[924227.139679] 148: the address is: 810564c0[924227.139680] 149: the address is: 81140120[924227.139682] 150: the address is: 81140090[924227.139683] 151: the address is: 8113fe90[924227.139684] 152: the address is: 8113fe30[924227.139685] 153: the address is: 81175240[924227.139687] 154: the address is: 8100ef20[924227.139688] 155: the address is: 81198120[924227.139689] 156: the address is: 81075800[924227.139690] 157: the address is: 81087900[924227.139691] 158: the address is: 810094a0[924227.139693] 159: the address is: 81070d40[924227.139694] 160: the address is: 81088120[924227.139695] 161: the address is: 81176140[924227.139696] 162: the address is: 811a73c0[924227.139698] 163: the address is: 810b8cd0[924227.139699] 164: the address is: 81070f00[924227.139700] 165: the address is: 81199a10[924227.139701] 166: the address is: 81197ce0[924227.139702] 167: the address is: 811502e0[924227.139704] 168: the address is: 8114fbb0[924227.139705] 169: the address is: 810897f0[924227.139706] 170: the address is: 81088430[924227.139707] 171: the address is: 81088330[924227.139709] 172: the address is: 8100b480[924227.139710] 173: the address is: 8100e860[924227.139711] 174: the address is: 810927d0[924227.139712] 175: the address is: 810afe50[924227.139714] 176: the address is: 810acea0[924227.139715] 177: the address is: 810927d0[924227.139716] 178: the address is: 810927d0[924227.139717] 179: the address is: 811db160[924227.139718] 180: the address is: 811cbb30[924227.139720] 181: the address is: 810927d0[924227.139721] 182: the address is: 810927d0[924227.139722] 183: the address is: 810927d0[924227.139723] 184: the address is: 810927d0[924227.139725] 185: the address is: 810927d0[924227.139726] 186: the address is: 8107c7e0[924227.139727] 187: the address is: 81111570[924227.139728] 188: the address is: 8119d020[924227.139729] 189: the address is: 8119cf60[924227.139731] 190: the address is: 8119ce80[924227.139732] 191: the address is: 8119c930[924227.139733] 192: the address is: 8119c8b0[924227.139734] 193: the address is: 8119ca70[924227.139736] 194: the address is: 8119d2e0[924227.139737] 195: the address is: 8119d270[924227.139738] 196: the address is: 8119d1d0[924227.139739] 197: the address is: 8119c4a0[924227.139740] 198: the address is: 8119c410[924227.139742] 199: the address is: 8119c9b0[924227.139743] 200: the address is: 81083030[924227.139744] 201: the address is: 810710b0[924227.139745] 202: the address is: 810a5f50[924227.139747] 203: the address is: 81066910[924227.139748] 204: the address is: 8105dee0[924227.139749] 205: the address is: 810927d0[924227.139750] 206: the address is: 811c06e0[924227.139751] 207: the address is: 811c02a0[924227.139753] 208: the address is: 811c1710[924227.139754] 209: the address is: 811c28d0[924227.139755] 210: the address is: 811bfde0[924227.139756] 211: the address is: 810927d0[924227.139758] 212: the address is: 811f61f0[924227.139759] 213: the address is: 811bc620[924227.139760] 214: the address is: 810927d0[924227.139761] 215: the address is: 810927d0[924227.139762] 216: the address is: 81136e10[924227.139764] 217: the address is: 8118c070[924227.139765] 218: the address is: 81066f90[924227.139766] 219: the address is: 8107ddd0[924227.139767] 220: the address is: 81204b60[924227.139769] 221: the address is: 81115c90[924227.139770] 222: the address is: 810905e0[924227.139771] 223: the address is: 81090200[924227.139772] 224: the address is: 81090500[924227.139773] 225: the address is: 81090060[924227.139775] 226: the address is: 81090c30[924227.139776] 227: the address is: 8108fd60[924227.139777] 228: the address is: 8108fc80[924227.139778] 229: the address is: 8108fbc0[924227.139780] 230: the address is: 8108fab0[924227.139781] 231: the address is: 8106f520[924227.139782] 232: the address is: 811bbaa0[924227.139783] 233: the address is: 811bbf90[924227.139784] 234: the address is: 81083060[924227.139786] 235: the address is: 811a7e80[924227.139787] 236: the address is: 810927d0[924227.139788] 237: the address is: 8115a480[924227.139789] 238: the address is: 811597d0[924227.139791] 239: the address is: 81156f90[924227.139792] 240: the address is: 81209c70[924227.139793] 241: the address is: 81208db0[924227.139794] 242: the address is: 812098e0[924227.139795] 243: the address is: 81209520[924227.139797] 244: the address is: 812086e0[924227.139798] 245: the address is: 812084d0[924227.139799] 246: the address is: 810ba480[924227.139800] 247: the address is: 8106e470[924227.139802] 248: the address is: 8120ea40[924227.139803] 249: the address is: 8120e7c0[924227.139804] 250: the address is: 8120ee10[924227.139805] 251: the address is: 811b56b0[924227.139807] 252: the address is: 811b52a0[924227.139808] 253: the address is: 811ba9b0[924227.139809] 254: the address is: 811ba3b0[924227.139810] 255: the address is: 811ba1f0[924227.139811] 256: the address is: 811592d0[924227.139813] 257: the address is: 81175670[924227.139814] 258: the address is: 81188180[924227.139815] 259: the address is: 811882c0[924227.139816] 260: the address is: 81175ed0[924227.139818] 261: the address is: 811a7dd0[924227.139819] 262: the address is: 8117d2f0[924227.139820] 263: the address is: 81188120[924227.139821] 264: the address is: 81187ba0[924227.139822] 265: the address is: 81188720[924227.139824] 266: the address is: 81188550[924227.139825] 267: the address is: 8117cec0[924227.139826] 268: the address is: 81176020[924227.139827] 269: the address is: 81176330[924227.139829] 270: the address is: 8118e010[924227.139830] 271: the address is: 8118da60[924227.139831] 272: the address is: 81067480[924227.139832] 273: the address is: 810a2b90[924227.139833] 274: the address is: 810a3120[924227.139835] 275: the address is: 811a5500[924227.139836] 276: the address is: 811a63f0[924227.139837] 277: the address is: 811a6e30[924227.139838] 278: the address is: 811a5ad0[924227.139840] 279: the address is: 81165d40[924227.139841] 280: the address is: 811a7ea0[924227.139842] 281: the address is: 811bbda0[924227.139843] 282: the address is: 811bd380[924227.139844] 283: the address is: 811bdd90[924227.139846] 284: the address is: 811bee20[924227.139847] 285: the address is: 81176630[924227.139848] 286: the address is: 811bd920[924227.139849] 287: the address is: 811bded0[924227.139851] 288: the address is: 8140c560[924227.139852] 289: the address is: 811bd1a0[924227.139853] 290: the address is: 811beda0[924227.139854] 291: the address is: 811bc490[924227.139856] 292: the address is: 8118a990[924227.139857] 293: the address is: 81182720[924227.139858] 294: the address is: 811ba800[924227.139859] 295: the address is: 81178f20[924227.139860] 296: the address is: 81178d50[924227.139862] 297: the address is: 81082f20[924227.139863] 298: the address is: 81110160[924227.139864] 299: the address is: 8140bc70[924227.139865] 300: the address is: 810927d0[924227.139867] 301: the address is: 810927d0[924227.139868] 302: the address is: 810927d0[924227.139869] 303: the address is: 810927d0[924227.139870] 304: the address is: 810927d0[924227.139871] 305: the address is: 810927d0[924227.139873] 306: the address is: 811a7470[924227.139874] 307: the address is: 8140b7e0[924227.139875] 308: the address is: 810118ef[924227.139876] 309: the address is: 810119d0[924227.139878] 310: the address is: 81011980[924227.139879] 311: the address is: 81011923[924227.139880] 312: the address is: 810118f6[924227.139881] 313: the address is: 810118c4[924227.139882] 314: the address is: 81011b30[924227.139884] 315: the address is: 81011b28[924227.139885] 316: the address is: 81011b38[924227.139886] 317: the address is: 81011af8[924227.139887] 318: the address is: 81011aa8[924227.139889] 319: the address is: 81011af0[924227.139890] 320: the address is: 81011ae8[924227.139891] 321: the address is: 81011ae0
通过对比sys_call_table和内核符号导出表的关系,我们可以发现Linux 64bit下的系统调用映射关系是这样的
sys_call_table[59] = stub_execve = ffffffff8100b4e0sys_execve = 在sys_call_table中不存在
在Linux 64bit下,stub_execve就是sys_execve的wrapper函数
/source/arch/x86/um/sys_call_table_64.c
#define stub_execve sys_execve这也意味着在Linux 64bit下,sys_execeve在sys_call_table里不存在了,而是用stub_execve取代了,
2. sys_socketcall
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_64.h
#define __NR_socketcall 102 /* old implementation of socket systemcall *///和Linux 32bit的一样
在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_socketcallffffffff8140c950 T sys_socketcall
ffffffff8143a130 T compat_sys_socketcall需要明白的是,sys_socketcall只适用于x86-32平台下适用,在非x86-32平台下,sys_socketcall是不存在的,Linux 64bit将sys_socketcall的"系统调用派发机制"拆分成了分别独立的系统调用,例如sys_socket、sys_bind、sys_connect
1. sys_socketcat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_socketffffffff8140a210 T sys_socket[924227.139549] 41: the address is: 8140a2102. sys_connectcat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_connectffffffff8140bfb0 T sys_connect[924227.139550] 42: the address is: 8140bfb03. sys_bindcat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_bindffffffff8140c0a0 T sys_bind[924227.139558] 49: the address is: 8140c0a0
3. sys_init_module
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_64.h
#define __NR_init_module 128//和Linux 32bit的一样
在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_init_moduleffffffff810afe50 T sys_init_module[924227.139712] 175: the address is: 810afe50
Relevant Link:
http://stackoverflow.com/questions/9940391/looking-for-a-detailed-document-on-linux-system-calls
Copyright (c) 2014 LittleHann All rights reserved
Linux Kernel sys_call_table、Kernel Symbols Export Table Generation Principle、Difference Between System Calls Entrance In 32bit、64bit Linux(undone)
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。