如何反汇编系统调用 [英] How to disassemble a system call

问题描述

如果我有系统调用的虚拟地址，可以反汇编该系统调用吗?我想在运行的内核上执行此操作，以查找运行时特定系统调用处理的所有地址.

If I have the virtual address of system call, can I disassemble that system call? I want to do it on running kernel to find what all address are handled by the particular system call while running.

我正在运行32位2.6.38内核(x86).

I am running 32 bit 2.6.38 kernel (x86).

推荐答案

我不确定您的问题是否有意义.

I am not sure you question is very meaningful.

请阅读有关系统调用的更多信息. wikipedia.org/wiki/Kernel_%28computing%29"rel =" nofollow>内核，正在运行系统， Linux 和

Please read more about system calls, kernels, operating systems, linux, and the linux kernel

从本质上讲，从应用程序的角度来看，系统调用是由一条机器指令(int 0x80，syscall等)实现的原子操作，之前带有一些簿记指令(例如，加载系统)调用寄存器的参数)和之后(例如设置errno).发生这种情况时，控制权进入内核，具有不同的地址空间和不同的 Linux系统调用列表

Essentially, a system call is (from the application point of view) an atomic operation implemented by one machine instruction (int 0x80, syscall, etc.) with a few book-keeping instructions before (e.g. loading the system call arguments to registers) and after (e.g. setting errno). When it happens, control goes into the kernel, with a (sort-of) different address space and a different protection ring; here is the list of linux syscalls

进行系统调用的实际代码在内核内部.您可以在 kernel.org

The real code doing the system call is inside the kernel. You can get the Linux kernel code on kernel.org

另请参见 Linux汇编方法和要了解系统调用给定应用程序或进程正在做什么，请使用 strace

To understand what system calls a given application or process is doing, use strace

这篇关于如何反汇编系统调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！