Chen Tie + Original works reproduced please specify the source + "Linux kernel analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000
The difficulty of the work is increasing, the virtual machine of the experiment building is not very stable, often use to use can not operate. No detailed research, so in the VirtualBox under the new virtual machine, still smooth. Downloaded Ubuntu Mini.iso, the results of the interface is all Debian, select High-level XFCE, although all the download so that the installation process is a bit long, but after installation did not have too many problems, it reached the same effect of the experimental building. Then downloaded the latest Kernel,git clone of the teacher's minimum Linux menuos. Add your own system program. The environment is ready to play.
There is a picture of the truth.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5C/90/wKioL1UdZDLQ1e2bAAPa9AcUtVM679.jpg "title=" Getuid . PNG "alt=" Wkiol1udzdlq1e2baapa9acutvm679.jpg "/>
The system is up and running:
650) this.width=650; "style=" width:582px;height:281px; "src=" http://s3.51cto.com/wyfs02/M01/5C/90/ Wkiol1udzghg3lw0aanfmvwatke353.jpg "title=" menu. PNG "border=" 0 "height=" 281 "hspace=" 0 "vspace=" 0 "width=" 582 "alt=" Wkiol1udzghg3lw0aanfmvwatke353.jpg "/>
Restart GDB to set the breakpoint Sys_getuid.
(GDB) Break Sys_getuid
Breakpoint 1 at 0xc1054340:file kernel/sys.c, line 857.
The code is as follows:
SYSCALL_DEFINE0 (Getuid)
{
/* Only We change this so SMP safe */
Return from_kuid_munged (Current_user_ns (), Current_uid ());
}
Execute the GDB command finish with the following results:
Run till exit from #0 sys_getuid () at kernel/sys.c:859
<signal Handler Called>
Value returned is $ = 0
Returns the ID of the current user in the variable that is 0;
Show me the code.
(GDB) List
424 Sysenter_do_call:
425 Cmpl $ (nr_syscalls),%eax
426 Jae Sysenter_badsys
427Call *sys_call_table (,%eax,4)
428 Sysenter_after_call:
429 MOVL%eax,pt_eax (%ESP)
430 Lockdep_sys_exit
431 disable_interrupts (Clbr_any)
432 Trace_irqs_off
433 MOVL Ti_flags (%EBP),%ecx
Because the GETUID command calls directly to the SYS_GETUID system call routine, it can be directly interrupted to the corresponding function, but GETUID-ASM uses the interrupt int 0x80 directly. So you can use break Sysenter_do_call.
Summary, through their own use of the teacher's code, can be used in the smallest Linux system to write the underlying commands, although not fully understand the operation of the mechanism, but a rough understanding of the system calls the approximate process, the kernel will often use and hardware to interact with the code encapsulated as a service routine, and to provide the system call table to the user, as long as the corresponding number corresponding to what system function, you can pass the number to the EAX register, using the system call interrupt number int0x80 can be to the desired result. Further, you can even save your own specific code as a kernel routine, compiled in the kernel, and ready for user invocation.
This article is from the "Studypark" blog, make sure to keep this source http://swordautumn.blog.51cto.com/1485402/1627866
A brief analysis of the system call process using GDB