标签:style blog http io ar color os 使用 sp
目录
1. sys_call_table:系统调用表
2. 内核符号导出表、kallsyms_lookup_name
3. Linux 32bit、64bit下系统调用入口的异同
1. sys_call_table:系统调用表
Relevant Link:
2. 内核符号导出表、kallsyms_lookup_name
Relevant Link:
3. Linux 32bit、64bit下系统调用入口的异同
以sys_execve、sys_socketcall、sys_init_module这三个系统调用作为研究对象
0x1: Linux 32bit
1. sys_execve
对于Linux 32bit操作系统来说,sys_execve的系统调用号保存在:
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_32.h
#define __NR_execve 11
系统调用处理函数在内核内存中的地址可以通过以下方式得到
cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_execve //c0408150 T sys_execve
在正常情况下(当前linux没有被rootkit、sys_call_table没有被hooked),sys_call_table(系统调用表)中的函数地址和内核导出符号表中的函数地址应该是相同的,即
sys_call_table[__NR_sys_execve] = cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_execve
系统调用函数的入口点跟踪如下
linux-3.15.5\fs\exec.c
SYSCALL_DEFINE3(execve, const char __user *, filename, const char __user *const __user *, argv, const char __user *const __user *, envp) { return do_execve(getname(filename), argv, envp); }
这是个宏定义,等价于对sys_execve的声明
int do_execve(struct filename *filename, const char __user *const __user *__argv, const char __user *const __user *__envp) { struct user_arg_ptr argv = { .ptr.native = __argv }; struct user_arg_ptr envp = { .ptr.native = __envp }; return do_execve_common(filename, argv, envp); }
2. sys_socketcall
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_32.h
#define __NR_socketcall 102
在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_socketcall //c078fd70 T sys_socketcall
\linux-3.15.5\net\socket.c
/* 进行socket调用派发 */ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args) { unsigned long a[AUDITSC_ARGS]; unsigned long a0, a1; int err; unsigned int len; if (call < 1 || call > SYS_SENDMMSG) return -EINVAL; len = nargs[call]; if (len > sizeof(a)) return -EINVAL; /* copy_from_user should be SMP safe. */ if (copy_from_user(a, args, len)) return -EFAULT; err = audit_socketcall(nargs[call] / sizeof(unsigned long), a); if (err) return err; a0 = a[0]; a1 = a[1]; switch (call) { case SYS_SOCKET: err = sys_socket(a0, a1, a[2]); break; case SYS_BIND: err = sys_bind(a0, (struct sockaddr __user *)a1, a[2]); break; case SYS_CONNECT: err = sys_connect(a0, (struct sockaddr __user *)a1, a[2]); break; case SYS_LISTEN: err = sys_listen(a0, a1); break; case SYS_ACCEPT: err = sys_accept4(a0, (struct sockaddr __user *)a1, (int __user *)a[2], 0); break; case SYS_GETSOCKNAME: err = sys_getsockname(a0, (struct sockaddr __user *)a1, (int __user *)a[2]); break; case SYS_GETPEERNAME: err = sys_getpeername(a0, (struct sockaddr __user *)a1, (int __user *)a[2]); break; case SYS_SOCKETPAIR: err = sys_socketpair(a0, a1, a[2], (int __user *)a[3]); break; case SYS_SEND: err = sys_send(a0, (void __user *)a1, a[2], a[3]); break; case SYS_SENDTO: err = sys_sendto(a0, (void __user *)a1, a[2], a[3], (struct sockaddr __user *)a[4], a[5]); break; case SYS_RECV: err = sys_recv(a0, (void __user *)a1, a[2], a[3]); break; case SYS_RECVFROM: err = sys_recvfrom(a0, (void __user *)a1, a[2], a[3], (struct sockaddr __user *)a[4], (int __user *)a[5]); break; case SYS_SHUTDOWN: err = sys_shutdown(a0, a1); break; case SYS_SETSOCKOPT: err = sys_setsockopt(a0, a1, a[2], (char __user *)a[3], a[4]); break; case SYS_GETSOCKOPT: err = sys_getsockopt(a0, a1, a[2], (char __user *)a[3], (int __user *)a[4]); break; case SYS_SENDMSG: err = sys_sendmsg(a0, (struct msghdr __user *)a1, a[2]); break; case SYS_SENDMMSG: err = sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3]); break; case SYS_RECVMSG: err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]); break; case SYS_RECVMMSG: err = sys_recvmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3], (struct timespec __user *)a[4]); break; case SYS_ACCEPT4: err = sys_accept4(a0, (struct sockaddr __user *)a1, (int __user *)a[2], a[3]); break; default: err = -EINVAL; break; } return err; }
3. sys_init_module
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_32.h
#define __NR_init_module 128
在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_init_module //c04975a0 T sys_init_module
\linux-3.15.5\kernel\module.c
SYSCALL_DEFINE3(init_module, void __user *, umod, unsigned long, len, const char __user *, uargs) { int err; struct load_info info = { }; err = may_init_module(); if (err) return err; pr_debug("init_module: umod=%p, len=%lu, uargs=%p\n", umod, len, uargs); err = copy_module_from_user(umod, len, &info); if (err) return err; return load_module(&info, uargs, 0); }
0x2: Linux 64bit
在Linux 64bit下,系统调用的入口点和32bit下有一点区别
1. sys_execve
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_64.h
#define __NR_execve 11 //和32bit下一样
在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep stub_execve ffffffff8100b4e0 T stub_execve cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_execve ffffffff810095b0 T sys_execve
对于64bit的Linux系统来说,在系统调用外层使用了stub(wrapper functions),我们打印一下Linux 64bit的sys_call_table
find_sys_call_table.c
#include <linux/module.h> #include <linux/init.h> #include <linux/types.h> #include <asm/uaccess.h> #include <asm/cacheflush.h> #include <linux/syscalls.h> #include <linux/delay.h> // loops_per_jiffy /* Just so we do not taint the kernel */ MODULE_LICENSE("GPL"); void **syscall_table; unsigned long **find_sys_call_table(void); unsigned long **find_sys_call_table() { unsigned long ptr; unsigned long *p; for (ptr = (unsigned long)sys_close; ptr < (unsigned long)&loops_per_jiffy; ptr += sizeof(void *)) { p = (unsigned long *)ptr; if (p[__NR_close] == (unsigned long)sys_close) { printk(KERN_DEBUG "Found the sys_call_table!!!\n"); return (unsigned long **)p; } } return NULL; } static int __init syscall_init(void) { int ret; unsigned long addr; unsigned long cr0; int num = 0; syscall_table = (void **)find_sys_call_table(); if (!syscall_table) { printk(KERN_DEBUG "Cannot find the system call address\n"); return -1; } do { printk("%d: the address is: %16x\n", num, syscall_table[num]); num++; } while (num < 400); return 0; } static void __exit syscall_release(void) { } module_init(syscall_init); module_exit(syscall_release);
Makefile
obj-m := find_sys_call_table.o PWD := $(shell pwd) all: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules clean: rm -rf *.o *~ core .*.cmd *.mod.c ./tmp_version *.ko modules.order Module.symvers clean_omit: rm -rf *.o *~ core .*.cmd *.mod.c ./tmp_version modules.order Module.symvers
打印64bit上的sys_call_table的函数地址
[924227.139499] 0: the address is: 811788a0 [924227.139500] 1: the address is: 81178930 [924227.139501] 2: the address is: 81175690 [924227.139503] 3: the address is: 81175430 [924227.139504] 4: the address is: 8117d420 [924227.139505] 5: the address is: 8117d520 [924227.139506] 6: the address is: 8117d360 [924227.139508] 7: the address is: 8118dbe0 [924227.139509] 8: the address is: 81178280 [924227.139510] 9: the address is: 81010450 [924227.139511] 10: the address is: 81144710 [924227.139512] 11: the address is: 81142f50 [924227.139514] 12: the address is: 81143320 [924227.139515] 13: the address is: 81080d70 [924227.139516] 14: the address is: 81081ee0 [924227.139517] 15: the address is: 8100b5a0 [924227.139518] 16: the address is: 8118b3c0 [924227.139520] 17: the address is: 81178a60 [924227.139521] 18: the address is: 811789c0 [924227.139522] 19: the address is: 81178fe0 [924227.139523] 20: the address is: 81178e10 [924227.139525] 21: the address is: 81176500 [924227.139526] 22: the address is: 811827a0 [924227.139527] 23: the address is: 8118e220 [924227.139528] 24: the address is: 810612b0 [924227.139529] 25: the address is: 81145a20 [924227.139531] 26: the address is: 81145c10 [924227.139532] 27: the address is: 8113e7e0 [924227.139533] 28: the address is: 811374b0 [924227.139534] 29: the address is: 81205d50 [924227.139535] 30: the address is: 81206fd0 [924227.139537] 31: the address is: 81206360 [924227.139538] 32: the address is: 8118a920 [924227.139539] 33: the address is: 8118ab20 [924227.139540] 34: the address is: 81080950 [924227.139542] 35: the address is: 81096780 [924227.139543] 36: the address is: 810700a0 [924227.139544] 37: the address is: 8107c9c0 [924227.139545] 38: the address is: 8106fcf0 [924227.139546] 39: the address is: 8107c990 [924227.139548] 40: the address is: 811784f0 [924227.139549] 41: the address is: 8140a210 [924227.139550] 42: the address is: 8140bfb0 [924227.139551] 43: the address is: 8140c810 [924227.139552] 44: the address is: 8140b490 [924227.139554] 45: the address is: 8140b890 [924227.139555] 46: the address is: 8140bdd0 [924227.139556] 47: the address is: 8140bd40 [924227.139557] 48: the address is: 8140be60 [924227.139558] 49: the address is: 8140c0a0 [924227.139560] 50: the address is: 8140b800 [924227.139561] 51: the address is: 8140c190 [924227.139562] 52: the address is: 8140c830 [924227.139563] 53: the address is: 8140a040 [924227.139565] 54: the address is: 8140c480 [924227.139566] 55: the address is: 8140bee0 [924227.139567] 56: the address is: 8100b400 [924227.139568] 57: the address is: 8100b420 [924227.139569] 58: the address is: 8100b440 [924227.139571] 59: the address is: 8100b4e0 [924227.139572] 60: the address is: 8106f540 [924227.139573] 61: the address is: 8106e350 [924227.139574] 62: the address is: 810833b0 [924227.139575] 63: the address is: 810103a0 [924227.139577] 64: the address is: 81203c40 [924227.139578] 65: the address is: 812053f0 [924227.139579] 66: the address is: 81204ac0 [924227.139580] 67: the address is: 81205ab0 [924227.139582] 68: the address is: 81202a50 [924227.139583] 69: the address is: 812028d0 [924227.139584] 70: the address is: 812024b0 [924227.139585] 71: the address is: 81202fb0 [924227.139586] 72: the address is: 8118a3f0 [924227.139588] 73: the address is: 811c4000 [924227.139589] 74: the address is: 811a7130 [924227.139590] 75: the address is: 811a7110 [924227.139591] 76: the address is: 811767c0 [924227.139592] 77: the address is: 81176960 [924227.139594] 78: the address is: 8118c150 [924227.139595] 79: the address is: 8118f9b0 [924227.139596] 80: the address is: 811762a0 [924227.139597] 81: the address is: 81176200 [924227.139599] 82: the address is: 81187e00 [924227.139600] 83: the address is: 811882a0 [924227.139601] 84: the address is: 81188160 [924227.139602] 85: the address is: 811756c0 [924227.139603] 86: the address is: 81188880 [924227.139605] 87: the address is: 81187fe0 [924227.139606] 88: the address is: 81188660 [924227.139607] 89: the address is: 8117cf80 [924227.139608] 90: the address is: 81176120 [924227.139609] 91: the address is: 81175d00 [924227.139611] 92: the address is: 81175f80 [924227.139612] 93: the address is: 81175c40 [924227.139613] 94: the address is: 81175e30 [924227.139614] 95: the address is: 81084d90 [924227.139615] 96: the address is: 81070fb0 [924227.139617] 97: the address is: 81088280 [924227.139618] 98: the address is: 81087f30 [924227.139619] 99: the address is: 8107c790 [924227.139620] 100: the address is: 81088ae0 [924227.139622] 101: the address is: 81077910 [924227.139623] 102: the address is: 81077f90 [924227.139624] 103: the address is: 8106bc40 [924227.139625] 104: the address is: 81077fd0 [924227.139627] 105: the address is: 810892e0 [924227.139628] 106: the address is: 81088d70 [924227.139629] 107: the address is: 81077fb0 [924227.139630] 108: the address is: 81077ff0 [924227.139631] 109: the address is: 81088840 [924227.139633] 110: the address is: 8107c960 [924227.139634] 111: the address is: 81088820 [924227.139635] 112: the address is: 81088640 [924227.139636] 113: the address is: 810893e0 [924227.139638] 114: the address is: 81088e50 [924227.139639] 115: the address is: 81099f10 [924227.139640] 116: the address is: 8109a360 [924227.139641] 117: the address is: 81089160 [924227.139642] 118: the address is: 81087860 [924227.139644] 119: the address is: 81088c30 [924227.139645] 120: the address is: 810877c0 [924227.139646] 121: the address is: 810887a0 [924227.139647] 122: the address is: 81088fa0 [924227.139649] 123: the address is: 81088b50 [924227.139650] 124: the address is: 81088720 [924227.139651] 125: the address is: 81077340 [924227.139652] 126: the address is: 810771a0 [924227.139653] 127: the address is: 81080a60 [924227.139655] 128: the address is: 81084580 [924227.139656] 129: the address is: 81083210 [924227.139657] 130: the address is: 81081af0 [924227.139658] 131: the address is: 8100b460 [924227.139660] 132: the address is: 811a7f30 [924227.139661] 133: the address is: 81188530 [924227.139662] 134: the address is: 810927d0 [924227.139663] 135: the address is: 81069c80 [924227.139665] 136: the address is: 811a8d90 [924227.139666] 137: the address is: 811a9280 [924227.139667] 138: the address is: 811a91f0 [924227.139668] 139: the address is: 81195730 [924227.139669] 140: the address is: 81089a20 [924227.139671] 141: the address is: 81089d00 [924227.139672] 142: the address is: 810663d0 [924227.139673] 143: the address is: 81056590 [924227.139674] 144: the address is: 810663f0 [924227.139676] 145: the address is: 81056610 [924227.139677] 146: the address is: 8104cf10 [924227.139678] 147: the address is: 8104cf40 [924227.139679] 148: the address is: 810564c0 [924227.139680] 149: the address is: 81140120 [924227.139682] 150: the address is: 81140090 [924227.139683] 151: the address is: 8113fe90 [924227.139684] 152: the address is: 8113fe30 [924227.139685] 153: the address is: 81175240 [924227.139687] 154: the address is: 8100ef20 [924227.139688] 155: the address is: 81198120 [924227.139689] 156: the address is: 81075800 [924227.139690] 157: the address is: 81087900 [924227.139691] 158: the address is: 810094a0 [924227.139693] 159: the address is: 81070d40 [924227.139694] 160: the address is: 81088120 [924227.139695] 161: the address is: 81176140 [924227.139696] 162: the address is: 811a73c0 [924227.139698] 163: the address is: 810b8cd0 [924227.139699] 164: the address is: 81070f00 [924227.139700] 165: the address is: 81199a10 [924227.139701] 166: the address is: 81197ce0 [924227.139702] 167: the address is: 811502e0 [924227.139704] 168: the address is: 8114fbb0 [924227.139705] 169: the address is: 810897f0 [924227.139706] 170: the address is: 81088430 [924227.139707] 171: the address is: 81088330 [924227.139709] 172: the address is: 8100b480 [924227.139710] 173: the address is: 8100e860 [924227.139711] 174: the address is: 810927d0 [924227.139712] 175: the address is: 810afe50 [924227.139714] 176: the address is: 810acea0 [924227.139715] 177: the address is: 810927d0 [924227.139716] 178: the address is: 810927d0 [924227.139717] 179: the address is: 811db160 [924227.139718] 180: the address is: 811cbb30 [924227.139720] 181: the address is: 810927d0 [924227.139721] 182: the address is: 810927d0 [924227.139722] 183: the address is: 810927d0 [924227.139723] 184: the address is: 810927d0 [924227.139725] 185: the address is: 810927d0 [924227.139726] 186: the address is: 8107c7e0 [924227.139727] 187: the address is: 81111570 [924227.139728] 188: the address is: 8119d020 [924227.139729] 189: the address is: 8119cf60 [924227.139731] 190: the address is: 8119ce80 [924227.139732] 191: the address is: 8119c930 [924227.139733] 192: the address is: 8119c8b0 [924227.139734] 193: the address is: 8119ca70 [924227.139736] 194: the address is: 8119d2e0 [924227.139737] 195: the address is: 8119d270 [924227.139738] 196: the address is: 8119d1d0 [924227.139739] 197: the address is: 8119c4a0 [924227.139740] 198: the address is: 8119c410 [924227.139742] 199: the address is: 8119c9b0 [924227.139743] 200: the address is: 81083030 [924227.139744] 201: the address is: 810710b0 [924227.139745] 202: the address is: 810a5f50 [924227.139747] 203: the address is: 81066910 [924227.139748] 204: the address is: 8105dee0 [924227.139749] 205: the address is: 810927d0 [924227.139750] 206: the address is: 811c06e0 [924227.139751] 207: the address is: 811c02a0 [924227.139753] 208: the address is: 811c1710 [924227.139754] 209: the address is: 811c28d0 [924227.139755] 210: the address is: 811bfde0 [924227.139756] 211: the address is: 810927d0 [924227.139758] 212: the address is: 811f61f0 [924227.139759] 213: the address is: 811bc620 [924227.139760] 214: the address is: 810927d0 [924227.139761] 215: the address is: 810927d0 [924227.139762] 216: the address is: 81136e10 [924227.139764] 217: the address is: 8118c070 [924227.139765] 218: the address is: 81066f90 [924227.139766] 219: the address is: 8107ddd0 [924227.139767] 220: the address is: 81204b60 [924227.139769] 221: the address is: 81115c90 [924227.139770] 222: the address is: 810905e0 [924227.139771] 223: the address is: 81090200 [924227.139772] 224: the address is: 81090500 [924227.139773] 225: the address is: 81090060 [924227.139775] 226: the address is: 81090c30 [924227.139776] 227: the address is: 8108fd60 [924227.139777] 228: the address is: 8108fc80 [924227.139778] 229: the address is: 8108fbc0 [924227.139780] 230: the address is: 8108fab0 [924227.139781] 231: the address is: 8106f520 [924227.139782] 232: the address is: 811bbaa0 [924227.139783] 233: the address is: 811bbf90 [924227.139784] 234: the address is: 81083060 [924227.139786] 235: the address is: 811a7e80 [924227.139787] 236: the address is: 810927d0 [924227.139788] 237: the address is: 8115a480 [924227.139789] 238: the address is: 811597d0 [924227.139791] 239: the address is: 81156f90 [924227.139792] 240: the address is: 81209c70 [924227.139793] 241: the address is: 81208db0 [924227.139794] 242: the address is: 812098e0 [924227.139795] 243: the address is: 81209520 [924227.139797] 244: the address is: 812086e0 [924227.139798] 245: the address is: 812084d0 [924227.139799] 246: the address is: 810ba480 [924227.139800] 247: the address is: 8106e470 [924227.139802] 248: the address is: 8120ea40 [924227.139803] 249: the address is: 8120e7c0 [924227.139804] 250: the address is: 8120ee10 [924227.139805] 251: the address is: 811b56b0 [924227.139807] 252: the address is: 811b52a0 [924227.139808] 253: the address is: 811ba9b0 [924227.139809] 254: the address is: 811ba3b0 [924227.139810] 255: the address is: 811ba1f0 [924227.139811] 256: the address is: 811592d0 [924227.139813] 257: the address is: 81175670 [924227.139814] 258: the address is: 81188180 [924227.139815] 259: the address is: 811882c0 [924227.139816] 260: the address is: 81175ed0 [924227.139818] 261: the address is: 811a7dd0 [924227.139819] 262: the address is: 8117d2f0 [924227.139820] 263: the address is: 81188120 [924227.139821] 264: the address is: 81187ba0 [924227.139822] 265: the address is: 81188720 [924227.139824] 266: the address is: 81188550 [924227.139825] 267: the address is: 8117cec0 [924227.139826] 268: the address is: 81176020 [924227.139827] 269: the address is: 81176330 [924227.139829] 270: the address is: 8118e010 [924227.139830] 271: the address is: 8118da60 [924227.139831] 272: the address is: 81067480 [924227.139832] 273: the address is: 810a2b90 [924227.139833] 274: the address is: 810a3120 [924227.139835] 275: the address is: 811a5500 [924227.139836] 276: the address is: 811a63f0 [924227.139837] 277: the address is: 811a6e30 [924227.139838] 278: the address is: 811a5ad0 [924227.139840] 279: the address is: 81165d40 [924227.139841] 280: the address is: 811a7ea0 [924227.139842] 281: the address is: 811bbda0 [924227.139843] 282: the address is: 811bd380 [924227.139844] 283: the address is: 811bdd90 [924227.139846] 284: the address is: 811bee20 [924227.139847] 285: the address is: 81176630 [924227.139848] 286: the address is: 811bd920 [924227.139849] 287: the address is: 811bded0 [924227.139851] 288: the address is: 8140c560 [924227.139852] 289: the address is: 811bd1a0 [924227.139853] 290: the address is: 811beda0 [924227.139854] 291: the address is: 811bc490 [924227.139856] 292: the address is: 8118a990 [924227.139857] 293: the address is: 81182720 [924227.139858] 294: the address is: 811ba800 [924227.139859] 295: the address is: 81178f20 [924227.139860] 296: the address is: 81178d50 [924227.139862] 297: the address is: 81082f20 [924227.139863] 298: the address is: 81110160 [924227.139864] 299: the address is: 8140bc70 [924227.139865] 300: the address is: 810927d0 [924227.139867] 301: the address is: 810927d0 [924227.139868] 302: the address is: 810927d0 [924227.139869] 303: the address is: 810927d0 [924227.139870] 304: the address is: 810927d0 [924227.139871] 305: the address is: 810927d0 [924227.139873] 306: the address is: 811a7470 [924227.139874] 307: the address is: 8140b7e0 [924227.139875] 308: the address is: 810118ef [924227.139876] 309: the address is: 810119d0 [924227.139878] 310: the address is: 81011980 [924227.139879] 311: the address is: 81011923 [924227.139880] 312: the address is: 810118f6 [924227.139881] 313: the address is: 810118c4 [924227.139882] 314: the address is: 81011b30 [924227.139884] 315: the address is: 81011b28 [924227.139885] 316: the address is: 81011b38 [924227.139886] 317: the address is: 81011af8 [924227.139887] 318: the address is: 81011aa8 [924227.139889] 319: the address is: 81011af0 [924227.139890] 320: the address is: 81011ae8 [924227.139891] 321: the address is: 81011ae0
通过对比sys_call_table和内核符号导出表的关系,我们可以发现Linux 64bit下的系统调用映射关系是这样的
sys_call_table[59] = stub_execve = ffffffff8100b4e0 sys_execve = 在sys_call_table中不存在
在Linux 64bit下,stub_execve就是sys_execve的wrapper函数
/source/arch/x86/um/sys_call_table_64.c
#define stub_execve sys_execve
这也意味着在Linux 64bit下,sys_execeve在sys_call_table里不存在了,而是用stub_execve取代了,
2. sys_socketcall
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_64.h
#define __NR_socketcall 102 /* old implementation of socket systemcall */ //和Linux 32bit的一样
在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_socketcall
ffffffff8140c950 T sys_socketcall
ffffffff8143a130 T compat_sys_socketcall
需要明白的是,sys_socketcall只适用于x86-32平台下适用,在非x86-32平台下,sys_socketcall是不存在的,Linux 64bit将sys_socketcall的"系统调用派发机制"拆分成了分别独立的系统调用,例如sys_socket、sys_bind、sys_connect
1. sys_socket cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_socket ffffffff8140a210 T sys_socket [924227.139549] 41: the address is: 8140a210 2. sys_connect cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_connect ffffffff8140bfb0 T sys_connect [924227.139550] 42: the address is: 8140bfb0 3. sys_bind cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_bind ffffffff8140c0a0 T sys_bind [924227.139558] 49: the address is: 8140c0a0
3. sys_init_module
\linux-3.15.5\arch\sh\include\uapi\asm\unistd_64.h
#define __NR_init_module 128 //和Linux 32bit的一样
在内核符号导出表中得到的内核内存地址
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_init_module ffffffff810afe50 T sys_init_module [924227.139712] 175: the address is: 810afe50
Relevant Link:
http://stackoverflow.com/questions/9940391/looking-for-a-detailed-document-on-linux-system-calls
Copyright (c) 2014 LittleHann All rights reserved
标签:style blog http io ar color os 使用 sp
原文地址:http://www.cnblogs.com/LittleHann/p/4127096.html
