我们可以在内核空间中调用系统调用吗? [英] Can we call system call in kernel space?

问题描述

有时候，当我们不得不在内核系统中调用系统调用时，我们会调用它的助手或相关的内核函数，而不是执行"syscall".我仍然想知道我们可以在内核空间中调用系统调用吗?如果没有，那么阻止我们这样做的原因.

Sometimes, when we have to call system call in kernel system, we invoke it's helper or related kernel functions, instead do 'syscall'. I am still wondering can we call system call in kernel space? If not, what stops us doing that.

我的问题有点奇怪.

推荐答案

实际上，与流行的看法(以及此处的一些答案)相反，答案是可以的，但是取决于哪个操作系统:

Actually, contrary to popular belief (and some answers here), the answer is, yes, you can, but depending on which OS:

• 在Linux中，如果可以找到它们的内核导出，则可以调用几乎所有系统调用(例如，执行cat /proc/kallsysms | grep sys_).通过设置数据段(KERNEL_DS)，在大多数系统调用(接受用户模式*的系统调用)中，都有一个较小的技巧"可以解决保护问题.不完全建议这样做，但是如果您需要从内核(例如SELinux)访问文件，那肯定是有道理的.

• In Linux, you can call almost all system calls if you can find their kernel export (do cat /proc/kallsysms | grep sys_ for an example). There is a minor "trick" to get around a protection in most syscalls (those which accept a user mode *), by setting the data segment (KERNEL_DS). It's not exactly recommended, but certainly makes sense if you need to access files from the kernel (e.g. SELinux).

在Windows中，内核中的大多数Nt *调用也可以作为Zw *调用使用-为以下命令执行"dumpbin/exports C:\ windows \ system32 \ ntoskrnl.exe | findstr Zw(或Nt)"一个例子.

In Windows, most of the Nt* calls in the kernel are also available as Zw* calls - do "dumpbin /exports C:\windows\system32\ntoskrnl.exe | findstr Zw (or Nt)" for an example.

在Mac OS X中，尽管有一些聪明的技巧可以解决，但从技术上讲，它是不允许的.

In Mac OS X, it technically shouldn't be allowed, though there are clever hacks to get around it.

即使系统调用确实是用户模式和内核之间的接口，但令人惊讶的是，在很多情况下，即使是具有生产价值的代码也可以这样做-但要仔细注意一些警告.

Even though system calls are indeed the interface between user mode and the kernel, there are surprisingly quite a few cases where even production-worthy code does so -- but through careful observance of caveats.

这篇关于我们可以在内核空间中调用系统调用吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！