In the analysis of the virus samples found that some of the system functions are necessary, some extraordinary, now listed, hoping to communicate with you
Reprint please indicate source: http://blog.csdn.net/u010484477 O (∩_∩) o Thank you
Process ControlFork creates a new process clone creates a child process with the specified criteria Execve run the executable file exit aborts the process _exit immediately aborts the maximum number of files that the current process can open getdtablesize the process Getpgid Gets the specified process group identification number Setpgid Sets the specified process group flag number GETPGRP Gets the current process group ID number SETPGRP Sets the current Process group flag number Getpid Gets the process identification number Getppid Gets the parent process identification number getpriority Get scheduling Priority setpriority Set Schedule Priority Modify_ldt Local Description table for read and write processes nanosleep make process sleep Specify the time that nice changes the priority of the tick process, pause suspend process, wait for signal personality set process run domain Prctl Specific operations on a process PTRACE process tracking Sched_get_priority_max get the upper bound of the static priority sched_get_priority_min get the lower bound of the static priority Sched_getparam The scheduling parameters of the process are obtained sched_getscheduler the scheduling policy of the specified process Sched_rr_get_interval obtain the time slice length of the real-time process scheduled by the RR algorithm sched_setparam the scheduling parameters of the set process Sched_ Setscheduler Sets the scheduling policy and parameters for the specified process Sched_yield process actively yields the processor and waits for the queue to dispatch itself Vfork Create a child process to execute a new program, often with EXECVE and so on while waiting for the child process to terminate wait3 see Waitwaitpid waiting for the specified child process to terminate WAIT4 see Waitpidcapget get Process Permissions Capset Set process permissions GetSID get meeting identification number SETSID set meeting identification numberfile read and write operationsFcntl file Control Open File creat create new file close Close file description Word read read file Write file Readv Reading data from a file into a buffered array Writev Writes the data in the buffer array to the file Pread Random Read of files Pwrite Random write to file lseek move file pointer _llseek Move file pointer in 64-bit address space DUP copy open file description word dup2 Copy file description Word flock file Plus/unlock poll I/O multiplexing truncate truncate files by specified criteria Ftruncate See Truncateumask Set file permission mask Fsync write the file back to disk in the memory sectionFile System OperationsAccess determines the accessibility of the file chdir changes the current working directory Fchdir See Chdirchmod changing file Mode Fchmod See Chmodchown change a file's owner or user group Fchown See chownlchown see chownchroot Changing the root directory stat fetching file status information lstat see Statfstat See Statstatfs Fetch file System Information Fstatfs See Statfsreaddir reading directory entries getdents reading directory entries mkdir creating a directory Mknod creating an index node rmdir deleting a directory rename file renaming link creating links symlink creating Symbolic links unlink Delete link Readlink read symbolic link value Mount file system umount Remove file system ustat Fetch file System Information utime change file access modification time utimes see Utimequotactl control disk quotasSystem ControlIOCTL I/O total control function _sysctl read/write system parameters Acct Enable or disable process accounting getrlimit Get system Resource Cap Setrlimit set system resource cap Getrusage get system Resource Usage Uselib Select the binary library you want to use Ioperm set port I/O permissions iopl change process I/O permission level OUTB low-level port operation reboot Restart Swapon open swap file and device Swapoff Close Interchange file and device Bdflush control Bdflush daemon SYSFS take core supported file system type SysInfo get system Information Adjtimex Adjust the system clock alarm set the process alarm Getitimer get the timer value Setitimer Set timer value Gettimeofday time and time zone Settimeofday Set time and TimeZone stime Set the system date and time to get the system time times to take the process run time uname get the current UNIX system name, version and host information Vhangup suspend the current terminal Nfsservctl to control the NFS daemon vm86 Enter analog 8086 mode create_module Create loadable module Item delete_module Delete loadable Module item init_module Initialize module Query_module query module information *get_kernel_syms get core symbol , has been replaced by Query_moduleMemory ManagementBRK change the allocation of data segment space SBRK See Brkmlock memory page lock munlock memory page unlock Mlockall call process all memory page lock Munlockall call process all memory page unlock mmap map virtual memory page Munmap Remove memory page mappings Mremap remap virtual memory address Msync write data from mapped memory back to disk Mprotect set memory image protection GetPageSize Get page size sync writes memory buffer data back to the hard disk Cacheflush writes the contents of the specified buffer back to diskNetworkGetdomainname domain name setdomainname set domain name Gethostid get host identification number Sethostid set host identification number GetHostName get this host name SetHostName set host nameSocket SocketsSocketcall socket system call socket to establish socketbind bind socket to port Connect connection remote host accept response socket connection request send message via socket sendto Send UDP message sendmsg See SENDRECV receiving information via socket recvfrom receiving UDP information recvmsg see Recvlisten Monitor socket Port Select to poll for multiple synchronous I/O shutdown Close the connection on the socket getsockname get the local socket name Getpeername get communication each other's socket name getsockopt port settings setsockopt set Port parameters sendfile Transferring data between files or ports Socketpair Create a pair of nameless sockets that have been joinedUser ManagementGetuid get the User ID number Setuid Set the user flag number Getgid get the group identification number Setgid set Group flag number Getegid Get valid group identification number Setegid set valid group identification number GETEUID Get valid User ID number Seteuid Set valid user identification number Setregid set the actual and valid group identification number SETREUID respectively set the real and valid user identification number Getresgid get the actual, valid, and saved group identification numbers respectively Setresgid Set the actual, valid, and saved group identification numbers GETRESUID respectively to get the real, valid and saved user identification number Setresuid set the actual, valid and saved user identification number respectively Setfsgid Set the group identification number used when file system checks Setfsuid set the user identification number used when the file system checks GetGroups Get post-complement Group Flag list setgroups set post-complement Group flag listinter-process communicationIpc Inter-process communication total Control callSignalSigaction sets the processing method of the specified signal sigprocmask the blocking/unblocking of signals in the signal set according to the parameters sigpending set the queue for the specified blocked signal sigsuspend Suspend process waits for a specific signal signal see signalkill signal to process or process group *sigblock add signal to blocked signal mask, has been sigprocmask instead of *siggetmask to obtain an existing blocking signal mask, Replaced by Sigprocmask with a given signal mask to replace the existing blocking signal mask, has been sigprocmask instead of *sigmask to convert the given signal to a mask, has been sigprocmask instead of *sigpause function with Sigsuspend, has been replaced by Sigsuspend Sigvec for BSD-compliant signal processing function, similar to the Sigactionssetmask ANSI C signal processing function, the role of similar sigactionmessageMSGCTL Message Control Operation Msgget Get Message Queue msgsnd Send message MSGRCV fetch messagePipingPipe Creation PipelineSignal VolumeSemctl Semaphore control Semget Get a set of semaphores Semop Semaphore operationShared MemoryShmctl control shared memory Shmget get shared memory Shmat Connect shared memory SHMDT remove shared memory so next time you don't have to find O (∩_∩) o
In the end, send a sentence:
Take the best of yourself and face the world! Because after the warm and cold only you know, with thousands of sadness, than a lifetime of sunshine!