哪个linux进程处理syscalls? [英] Which linux process handles syscalls?

问题描述

这可能是一个愚蠢的问题，但是我正在使用gdb调试二进制文件，试图对其进行反向工程"，并达到了一条指令，该指令进行syscall，然后出现要反向工程的效果.我以为是另一个进程接管了工作，所以我想知道是否可以用gdb调试处理syscall的内核代码.

This might be a silly question, but I was debugging a binary with gdb trying to "reverse engineer" it and reached an instruction that makes a syscall after which the effect I want to reverse engineer appears. I assume that another process is taking over and does the job so I was wondering if it was possible to debug the kernel code that handles the syscall with gdb.

这是进行syscall的x86汇编代码段(似乎是sys_getpid):

Here is the x86 assembly snippet that makes the syscall (it appears that it is sys_getpid):

0x00007ffff7660d3e <+14>:   movsxd rdx,edx
0x00007ffff7660d41 <+17>:   movsxd rdi,edi
0x00007ffff7660d44 <+20>:   mov    eax,0x14
0x00007ffff7660d49 <+25>:   syscall 

推荐答案

syscall(或sysenter或int 0x80等...)机器指令用于制作 x86-64 ABI规范中定义.阅读高级Linux编程以获得其中大多数的概述.另请参见 Linux汇编方法.

The syscall (or sysenter or int 0x80 etc...) machine instruction is for making syscalls which by definition are handled by the Linux kernel. Details are defined in the x86-64 ABI specification. Read Advanced Linux Programming to get an overview of most of them. See also Linux Assembly HowTo.

^{从用户应用程序的角度来看，系统调用是虚拟的原子指令.}

没有特定的userland进程在处理系统调用，这是内核的工作，而这几乎是应用程序与内核进行交互的唯一方式.

No specific userland process is handling syscalls, it is the job of the kernel to handle them, and it is nearly the sole way for an application to interact with the kernel.

^{内核针对给定进程进行的系统调用处理记为系统CPU时间，例如通过 time(1)}

syscalls(2)中给出了已记录的syscall列表..另请参见<asm/unistd.h>和<asm/unistd_64.h>等...标题.

The list of documented syscalls is given in syscalls(2). See also <asm/unistd.h> and <asm/unistd_64.h> etc... headers.

您可以使用 strace(1)来了解由特定运行(某个进程)完成的系统调用序列.

You could use strace(1) to understand the sequence of syscalls done by a particular run (of some process).

另请参见 vdso(7).

这篇关于哪个linux进程处理syscalls?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！