시스템콜과 레지스터에 대한 질문..

110 views

Skip to first unread message

쏭알

unread,

Nov 10, 2009, 3:58:34 AM11/10/09

to 어셈러브

안녕하세요. 항상 눈팅만하다가 모르는게 있어 메일링에 글을쓰게 되네요^^

Arbitrary 프로그램을 보안상 안전하게 실행시켜주는 sandbox 프로그램을 짜고 있는데요.

sandbox는 fork후 execv로 실행시킨 자식프로세스를 ptrace로 감시를 하면서 System call에 따라서 허용/
불허 여부를 결정하게 됩니다.

제가 막으려는 시스템콜은 파일열기와 fork 인데요.

파일열기는 ptrace로 시스템콜을 받았을때 레지스테의 orig_eax가 SYS_open인지를 확인하여 판단합니다.

그런데 대부분의 프로그램이 동적 라이브러리를 사용하기 때문에 라이브러리의 파일열기는 허용해주어야 합니다.

결국 open 시스템콜시 ebx레지스터에 파일경로의 주소가 저장되어 있다는것을 어렵게 찾아내어

자식프로세스의 데이터영역에서 ebx위치에서 데이터를 읽어와 동적라이브러리 open의 경우는 허용하도록 하였습니다.

fork를 수행하는 프로그램의 경우 fork된 프로세스에서 파일열기를 하는것을 막을 수가 없기에 fork또한 제한을 해야합니
다.

그런데 fork의 경우 orig_eax에 SYS_fork가 셋팅되지 않고 SYS_clone이 셋팅이 됩니다.

이건 strace를 돌려보아서 확인한것입니다.

하지만 절망적인것은 php 프로그램을 감시해보니 fork가 들어있지 않은 php코드를 수행할 경우에도

SYS_clone이 리턴되는 것입니다.

이 sandbox는 c로 짜여진 프로그램만이 아니라 php스크립트나 perl스크립트도 감시하도록 만들 예정입니다.

그렇다면 SYS_clone이 리턴시 각 레지스터에는 어떠한 정보가 셋팅되어있는지를 알면 될텐데, 그게 적혀있는 문서를 모르겠습니
다.

SYS_open시 ebx에 파일경로의 주소가 셋팅되어있다는 것 외에도 O_RDONLY인지여부, 그리고 descriptor번호등
도 알고 싶은데 다른레지스터값을 찍어보아도 알수가 없군요.

그런데 strace는 그걸 다 보여주고 있습니다.

그래서 시도한것이 c로 fork하는 프로그램을 짜서 -S 옵션을 주어 어셈코드를 분석해보았으나 어느 레지스터에 어떤 정보가 들어
가는지는 확인하기 어렵더군요.(제가 보고도 모를수도 있지만요..)

글이 길어졌네요..

요약하면 제가 알고 싶은것은 각 시스템콜에서의 레지스터의 용도를 정리한 책이 있는가..(예전에 어셈블리 책들 보면 도스인터럽트
시 각 레지스터에 무엇을 셋팅하고 int 21h하면 된다는 내용이 있는데..) 입니다.

만약 그런 책이 없다면 알아낼수 있는 방법은 없을 까요.

이 문제때문에 여러사람에게 메일도 보내보고 KLDP에 글도 써보고 했지만 아무도 확실한 대답은 못해주더군요..

어셈러브에 마지막 희망을 걸어봅니다.ㅠ.ㅠ

날씨가 쌀쌀해졌는데 건강유의 하시고 오늘 하루도 마무리 잘하세요^^

조재혁

unread,

Nov 10, 2009, 5:54:39 AM11/10/09

to asm...@googlegroups.com

어셈러브인들 모두 항상 행복하시고 원하는바 원하는 정보 얻을수 있으면 좋겠습니다. ㅎㅎㅎ

Linux System Call Table

The following table lists the system calls for the Linux 2.2 kernel. It could also be thought of as an API for the interface between user space and kernel space. My motivation for making this table was to make programming in assembly language easier when using only system calls and not the C library (for more information on this topic, go to http://www.linuxassembly.org/). On the left are the numbers of the system calls. This number will be put in register %eax. On the right of the table are the types of values to be put into the remaining registers before calling the software interrupt 'int 0x80'. After each syscall, an integer is returned in %eax.

For convenience, the kernel source file where each system call is located is linked to in the column labelled "Source". In order to use the hyperlinks, you must first copy this page to your own machine because the links take you directly to the source code on your system. You must have the kernel source installed (or linked from) under '/usr/src/linux' for this to work.

%eax	Name	Source	%ebx	%ecx	%edx	%esx	%edi
1	sys_exit	kernel/exit.c	int	-	-	-	-
2	sys_fork	arch/i386/kernel/process.c	struct pt_regs	-	-	-	-
3	sys_read	fs/read_write.c	unsigned int	char *	size_t	-	-
4	sys_write	fs/read_write.c	unsigned int	const char *	size_t	-	-
5	sys_open	fs/open.c	const char *	int	int	-	-
6	sys_close	fs/open.c	unsigned int	-	-	-	-
7	sys_waitpid	kernel/exit.c	pid_t	unsigned int *	int	-	-
8	sys_creat	fs/open.c	const char *	int	-	-	-
9	sys_link	fs/namei.c	const char *	const char *	-	-	-
10	sys_unlink	fs/namei.c	const char *	-	-	-	-
11	sys_execve	arch/i386/kernel/process.c	struct pt_regs	-	-	-	-
12	sys_chdir	fs/open.c	const char *	-	-	-	-
13	sys_time	kernel/time.c	int *	-	-	-	-
14	sys_mknod	fs/namei.c	const char *	int	dev_t	-	-
15	sys_chmod	fs/open.c	const char *	mode_t	-	-	-
16	sys_lchown	fs/open.c	const char *	uid_t	gid_t	-	-
18	sys_stat	fs/stat.c	char *	struct __old_kernel_stat *	-	-	-
19	sys_lseek	fs/read_write.c	unsigned int	off_t	unsigned int	-	-
20	sys_getpid	kernel/sched.c	-	-	-	-	-
21	sys_mount	fs/super.c	char *	char *	char *	-	-
22	sys_oldumount	fs/super.c	char *	-	-	-	-
23	sys_setuid	kernel/sys.c	uid_t	-	-	-	-
24	sys_getuid	kernel/sched.c	-	-	-	-	-
25	sys_stime	kernel/time.c	int *	-	-	-	-
26	sys_ptrace	arch/i386/kernel/ptrace.c	long	long	long	long	-
27	sys_alarm	kernel/sched.c	unsigned int	-	-	-	-
28	sys_fstat	fs/stat.c	unsigned int	struct __old_kernel_stat *	-	-	-
29	sys_pause	arch/i386/kernel/sys_i386.c	-	-	-	-	-
30	sys_utime	fs/open.c	char *	struct utimbuf *	-	-	-
33	sys_access	fs/open.c	const char *	int	-	-	-
34	sys_nice	kernel/sched.c	int	-	-	-	-
36	sys_sync	fs/buffer.c	-	-	-	-	-
37	sys_kill	kernel/signal.c	int	int	-	-	-
38	sys_rename	fs/namei.c	const char *	const char *	-	-	-
39	sys_mkdir	fs/namei.c	const char *	int	-	-	-
40	sys_rmdir	fs/namei.c	const char *	-	-	-	-
41	sys_dup	fs/fcntl.c	unsigned int	-	-	-	-
42	sys_pipe	arch/i386/kernel/sys_i386.c	unsigned long *	-	-	-	-
43	sys_times	kernel/sys.c	struct tms *	-	-	-	-
45	sys_brk	mm/mmap.c	unsigned long	-	-	-	-
46	sys_setgid	kernel/sys.c	gid_t	-	-	-	-
47	sys_getgid	kernel/sched.c	-	-	-	-	-
48	sys_signal	kernel/signal.c	int	__sighandler_t	-	-	-
49	sys_geteuid	kernel/sched.c	-	-	-	-	-
50	sys_getegid	kernel/sched.c	-	-	-	-	-
51	sys_acct	kernel/acct.c	const char *	-	-	-	-
52	sys_umount	fs/super.c	char *	int	-	-	-
54	sys_ioctl	fs/ioctl.c	unsigned int	unsigned int	unsigned long	-	-
55	sys_fcntl	fs/fcntl.c	unsigned int	unsigned int	unsigned long	-	-
57	sys_setpgid	kernel/sys.c	pid_t	pid_t	-	-	-
59	sys_olduname	arch/i386/kernel/sys_i386.c	struct oldold_utsname *	-	-	-	-
60	sys_umask	kernel/sys.c	int	-	-	-	-
61	sys_chroot	fs/open.c	const char *	-	-	-	-
62	sys_ustat	fs/super.c	dev_t	struct ustat *	-	-	-
63	sys_dup2	fs/fcntl.c	unsigned int	unsigned int	-	-	-
64	sys_getppid	kernel/sched.c	-	-	-	-	-
65	sys_getpgrp	kernel/sys.c	-	-	-	-	-
66	sys_setsid	kernel/sys.c	-	-	-	-	-
67	sys_sigaction	arch/i386/kernel/signal.c	int	const struct old_sigaction *	struct old_sigaction *	-	-
68	sys_sgetmask	kernel/signal.c	-	-	-	-	-
69	sys_ssetmask	kernel/signal.c	int	-	-	-	-
70	sys_setreuid	kernel/sys.c	uid_t	uid_t	-	-	-
71	sys_setregid	kernel/sys.c	gid_t	gid_t	-	-	-
72	sys_sigsuspend	arch/i386/kernel/signal.c	int	int	old_sigset_t	-	-
73	sys_sigpending	kernel/signal.c	old_sigset_t *	-	-	-	-
74	sys_sethostname	kernel/sys.c	char *	int	-	-	-
75	sys_setrlimit	kernel/sys.c	unsigned int	struct rlimit *	-	-	-
76	sys_getrlimit	kernel/sys.c	unsigned int	struct rlimit *	-	-	-
77	sys_getrusage	kernel/sys.c	int	struct rusage *	-	-	-
78	sys_gettimeofday	kernel/time.c	struct timeval *	struct timezone *	-	-	-
79	sys_settimeofday	kernel/time.c	struct timeval *	struct timezone *	-	-	-
80	sys_getgroups	kernel/sys.c	int	gid_t *	-	-	-
81	sys_setgroups	kernel/sys.c	int	gid_t *	-	-	-
82	old_select	arch/i386/kernel/sys_i386.c	struct sel_arg_struct *	-	-	-	-
83	sys_symlink	fs/namei.c	const char *	const char *	-	-	-
84	sys_lstat	fs/stat.c	char *	struct __old_kernel_stat *	-	-	-
85	sys_readlink	fs/stat.c	const char *	char *	int	-	-
86	sys_uselib	fs/exec.c	const char *	-	-	-	-
87	sys_swapon	mm/swapfile.c	const char *	int	-	-	-
88	sys_reboot	kernel/sys.c	int	int	int	void *	-
89	old_readdir	fs/readdir.c	unsigned int	void *	unsigned int	-	-
90	old_mmap	arch/i386/kernel/sys_i386.c	struct mmap_arg_struct *	-	-	-	-
91	sys_munmap	mm/mmap.c	unsigned long	size_t	-	-	-
92	sys_truncate	fs/open.c	const char *	unsigned long	-	-	-
93	sys_ftruncate	fs/open.c	unsigned int	unsigned long	-	-	-
94	sys_fchmod	fs/open.c	unsigned int	mode_t	-	-	-
95	sys_fchown	fs/open.c	unsigned int	uid_t	gid_t	-	-
96	sys_getpriority	kernel/sys.c	int	int	-	-	-
97	sys_setpriority	kernel/sys.c	int	int	int	-	-
99	sys_statfs	fs/open.c	const char *	struct statfs *	-	-	-
100	sys_fstatfs	fs/open.c	unsigned int	struct statfs *	-	-	-
101	sys_ioperm	arch/i386/kernel/ioport.c	unsigned long	unsigned long	int	-	-
102	sys_socketcall	net/socket.c	int	unsigned long *	-	-	-
103	sys_syslog	kernel/printk.c	int	char *	int	-	-
104	sys_setitimer	kernel/itimer.c	int	struct itimerval *	struct itimerval *	-	-
105	sys_getitimer	kernel/itimer.c	int	struct itimerval *	-	-	-
106	sys_newstat	fs/stat.c	char *	struct stat *	-	-	-
107	sys_newlstat	fs/stat.c	char *	struct stat *	-	-	-
108	sys_newfstat	fs/stat.c	unsigned int	struct stat *	-	-	-
109	sys_uname	arch/i386/kernel/sys_i386.c	struct old_utsname *	-	-	-	-
110	sys_iopl	arch/i386/kernel/ioport.c	unsigned long	-	-	-	-
111	sys_vhangup	fs/open.c	-	-	-	-	-
112	sys_idle	arch/i386/kernel/process.c	-	-	-	-	-
113	sys_vm86old	arch/i386/kernel/vm86.c	unsigned long	struct vm86plus_struct *	-	-	-
114	sys_wait4	kernel/exit.c	pid_t	unsigned long *	int options	struct rusage *	-
115	sys_swapoff	mm/swapfile.c	const char *	-	-	-	-
116	sys_sysinfo	kernel/info.c	struct sysinfo *	-	-	-	-
117	sys_ipc (*Note)	arch/i386/kernel/sys_i386.c	uint	int	int	int	void *
118	sys_fsync	fs/buffer.c	unsigned int	-	-	-	-
119	sys_sigreturn	arch/i386/kernel/signal.c	unsigned long	-	-	-	-
120	sys_clone	arch/i386/kernel/process.c	struct pt_regs	-	-	-	-
121	sys_setdomainname	kernel/sys.c	char *	int	-	-	-
122	sys_newuname	kernel/sys.c	struct new_utsname *	-	-	-	-
123	sys_modify_ldt	arch/i386/kernel/ldt.c	int	void *	unsigned long	-	-
124	sys_adjtimex	kernel/time.c	struct timex *	-	-	-	-
125	sys_mprotect	mm/mprotect.c	unsigned long	size_t	unsigned long	-	-
126	sys_sigprocmask	kernel/signal.c	int	old_sigset_t *	old_sigset_t *	-	-
127	sys_create_module	kernel/module.c	const char *	size_t	-	-	-
128	sys_init_module	kernel/module.c	const char *	struct module *	-	-	-
129	sys_delete_module	kernel/module.c	const char *	-	-	-	-
130	sys_get_kernel_syms	kernel/module.c	struct kernel_sym *	-	-	-	-
131	sys_quotactl	fs/dquot.c	int	const char *	int	caddr_t	-
132	sys_getpgid	kernel/sys.c	pid_t	-	-	-	-
133	sys_fchdir	fs/open.c	unsigned int	-	-	-	-
134	sys_bdflush	fs/buffer.c	int	long	-	-	-
135	sys_sysfs	fs/super.c	int	unsigned long	unsigned long	-	-
136	sys_personality	kernel/exec_domain.c	unsigned long	-	-	-	-
138	sys_setfsuid	kernel/sys.c	uid_t	-	-	-	-
139	sys_setfsgid	kernel/sys.c	gid_t	-	-	-	-
140	sys_llseek	fs/read_write.c	unsigned int	unsigned long	unsigned long	loff_t *	unsigned int
141	sys_getdents	fs/readdir.c	unsigned int	void *	unsigned int	-	-
142	sys_select	fs/select.c	int	fd_set *	fd_set *	fd_set *	struct timeval *
143	sys_flock	fs/locks.c	unsigned int	unsigned int	-	-	-
144	sys_msync	mm/filemap.c	unsigned long	size_t	int	-	-
145	sys_readv	fs/read_write.c	unsigned long	const struct iovec *	unsigned long	-	-
146	sys_writev	fs/read_write.c	unsigned long	const struct iovec *	unsigned long	-	-
147	sys_getsid	kernel/sys.c	pid_t	-	-	-	-
148	sys_fdatasync	fs/buffer.c	unsigned int	-	-	-	-
149	sys_sysctl	kernel/sysctl.c	struct __sysctl_args *	-	-	-	-
150	sys_mlock	mm/mlock.c	unsigned long	size_t	-	-	-
151	sys_munlock	mm/mlock.c	unsigned long	size_t	-	-	-
152	sys_mlockall	mm/mlock.c	int	-	-	-	-
153	sys_munlockall	mm/mlock.c	-	-	-	-	-
154	sys_sched_setparam	kernel/sched.c	pid_t	struct sched_param *	-	-	-
155	sys_sched_getparam	kernel/sched.c	pid_t	struct sched_param *	-	-	-
156	sys_sched_setscheduler	kernel/sched.c	pid_t	int	struct sched_param *	-	-
157	sys_sched_getscheduler	kernel/sched.c	pid_t	-	-	-	-
158	sys_sched_yield	kernel/sched.c	-	-	-	-	-
159	sys_sched_get_priority_max	kernel/sched.c	int	-	-	-	-
160	sys_sched_get_priority_min	kernel/sched.c	int	-	-	-	-
161	sys_sched_rr_get_interval	kernel/sched.c	pid_t	struct timespec *	-	-	-
162	sys_nanosleep	kernel/sched.c	struct timespec *	struct timespec *	-	-	-
163	sys_mremap	mm/mremap.c	unsigned long	unsigned long	unsigned long	unsigned long	-
164	sys_setresuid	kernel/sys.c	uid_t	uid_t	uid_t	-	-
165	sys_getresuid	kernel/sys.c	uid_t *	uid_t *	uid_t *	-	-
166	sys_vm86	arch/i386/kernel/vm86.c	struct vm86_struct *	-	-	-	-
167	sys_query_module	kernel/module.c	const char *	int	char *	size_t	size_t *
168	sys_poll	fs/select.c	struct pollfd *	unsigned int	long	-	-
169	sys_nfsservctl	fs/filesystems.c	int	void *	void *	-	-
170	sys_setresgid	kernel/sys.c	gid_t	gid_t	gid_t	-	-
171	sys_getresgid	kernel/sys.c	gid_t *	gid_t *	gid_t *	-	-
172	sys_prctl	kernel/sys.c	int	unsigned long	unsigned long	unsigned long	unsigned long
173	sys_rt_sigreturn	arch/i386/kernel/signal.c	unsigned long	-	-	-	-
174	sys_rt_sigaction	kernel/signal.c	int	const struct sigaction *	struct sigaction *	size_t	-
175	sys_rt_sigprocmask	kernel/signal.c	int	sigset_t *	sigset_t *	size_t	-
176	sys_rt_sigpending	kernel/signal.c	sigset_t *	size_t	-	-	-
177	sys_rt_sigtimedwait	kernel/signal.c	const sigset_t *	siginfo_t *	const struct timespec *	size_t	-
178	sys_rt_sigqueueinfo	kernel/signal.c	int	int	siginfo_t *	-	-
179	sys_rt_sigsuspend	arch/i386/kernel/signal.c	sigset_t *	size_t	-	-	-
180	sys_pread	fs/read_write.c	unsigned int	char *	size_t	loff_t	-
181	sys_pwrite	fs/read_write.c	unsigned int	const char *	size_t	loff_t	-
182	sys_chown	fs/open.c	const char *	uid_t	gid_t	-	-
183	sys_getcwd	fs/dcache.c	char *	unsigned long	-	-	-
184	sys_capget	kernel/capability.c	cap_user_header_t	cap_user_data_t	-	-	-
185	sys_capset	kernel/capability.c	cap_user_header_t	const cap_user_data_t	-	-	-
186	sys_sigaltstack	arch/i386/kernel/signal.c	const stack_t *	stack_t *	-	-	-
187	sys_sendfile	mm/filemap.c	int	int	off_t *	size_t	-
190	sys_vfork	arch/i386/kernel/process.c	struct pt_regs	-	-	-	-

Note for sys_ipc (117): this syscall takes six arguments, so it can't fit into the five registers %ebx - %edi; the last parameter (not shown) is of type 'long'. This syscall requires a special call method where a pointer is put in %ebx which points to an array containing the six arguments.

I will now explain exactly where in the kernel source that I got the information in the table above. I do this because 1) changes in the source are bound to happen, 2) you might be curious, or 3) I might've made an error.

System Call Numbers

For the numbers of the syscalls, look in arch/i386/kernel/entry.S for sys_call_table. The syscall numbers are offsets into that table. Several spots in the table are occupied by the syscall sys_ni_syscall. This is a placeholder that either replaces an obsolete syscall or reserves a spot for future syscalls.

Incidentally, the system calls are called from the function system_call in the same file; in particular, they are called with the assembly instruction 'call *SYMBOL_NAME(sys_call_table)(,%eax,4)'. The part '*SYMBOL_NAME(sys_call_table)' just gets replaced by a symbol name in sys_call_table. SYMBOL_NAME is a macro defined in include/linux/linkage.h, and it just replaces itself with its argument.

Typedefs

Here are the typedef declarations in the prototypes above:

atomic_t	include/asm/atomic.h: #ifdef __SMP__ typedef struct { volatile int counter; } atomic_t; #else typedef struct { int counter; } atomic_t; #endif
caddr_t	include/asm/posix_types.h:typedef char * __kernel_caddr_t; include/linux/types.h:typedef __kernel_caddr_t caddr_t;
cap_user_header_t	include/linux/capability.h: typedef struct __user_cap_header_struct { __u32 version; int pid; } *cap_user_header_t;
cap_user_data_t	include/linux/capability.h: typedef struct __user_cap_data_struct { __u32 effective; __u32 permitted; __u32 inheritable; } *cap_user_data_t;
clock_t	include/asm/posix_types.h:typedef long __kernel_clock_t; include/linux/types.h:typedef __kernel_clock_t clock_t;
dev_t	include/asm/posix_types.h:typedef unsigned short __kernel_dev_t; include/linux/types.h:typedef __kernel_dev_t dev_t;
fdset	include/linux/posix_types.h #define __FD_SETSIZE 1024 #define __NFDBITS (8 * sizeof(unsigned long)) #define __FDSET_LONGS (__FD_SETSIZE/__NFDBITS) (==> __FDSET_LONGS == 32) typedef struct { unsigned long fds_bits [__FDSET_LONGS]; } __kernel_fd_set; include/linux/types.h:typedef __kernel_fd_set fd_set;
gid_t	include/asm/posix_types.h:typedef unsigned short __kernel_gid_t; include/linux/types.h:typedef __kernel_gid_t gid_t;
__kernel_daddr_t	include/asm/posix_types.h:typedef int __kernel_daddr_t;
__kernel_fsid_t	include/asm/posix_types.h: typedef struct { int __val[2]; } __kernel_fsid_t;
__kernel_ino_t	include/asm/posix_types.h:typedef unsigned long __kernel_ino_t;
__kernel_size_t	include/asm/posix_types.h:typedef unsigned int __kernel_size_t;
loff_t	include/asm/posix_types.h:typedef long long __kernel_loff_t; include/linux/types.h:typedef __kernel_loff_t loff_t;
mode_t	include/asm/posix_types.h:typedef unsigned short __kernel_mode_t; include/linux/types.h:typedef __kernel_mode_t mode_t;
off_t	include/asm/posix_types.h:typedef long __kernel_off_t; include/linux/types.h:typedef __kernel_off_t off_t;
old_sigset_t	include/asm/signal.h:typedef unsigned long old_sigset_t;
pid_t	include/asm/posix_types.h:typedef int __kernel_pid_t; include/linux/types.h:typedef __kernel_pid_t pid_t;
__sighandler_t	include/asm/signal.h:typedef void (*__sighandler_t)(int);
siginfo_t	include/asm/siginfo.h: #define SI_MAX_SIZE 128 #define SI_PAD_SIZE ((SI_MAX_SIZE/sizeof(int)) - 3) (==> SI_PAD_SIZE == 29) typedef struct siginfo { int si_signo; int si_errno; int si_code; union { int _pad[SI_PAD_SIZE]; /* kill() / struct { pid_t _pid; / sender's pid / uid_t _uid; / sender's uid / } _kill; / POSIX.1b timers / struct { unsigned int _timer1; unsigned int _timer2; } _timer; / POSIX.1b signals / struct { pid_t _pid; / sender's pid / uid_t _uid; / sender's uid / sigval_t _sigval; } _rt; / SIGCHLD / struct { pid_t _pid; / which child / uid_t _uid; / sender's uid / int _status; / exit code / clock_t _utime; clock_t _stime; } _sigchld; / SIGILL, SIGFPE, SIGSEGV, SIGBUS / struct { void _addr; /* faulting insn/memory ref. / } _sigfault; / SIGPOLL / struct { int _band; / POLL_IN, POLL_OUT, POLL_MSG */ int _fd; } _sigpoll; } _sifields; } siginfo_t;
sigset_t	include/asm/signal.h:typedef unsigned long sigset_t;
size_t	include/asm/posix_types.h:typedef unsigned int __kernel_size_t; include/linux/types.h:typedef __kernel_size_t size_t;
ssize_t	include/asm/posix_types.h:typedef int __kernel_ssize_t; include/linux/types.h:typedef __kernel_ssize_t ssize_t;
stack_t	include/asm/signal.h: typedef struct sigaltstack { void *ss_sp; int ss_flags; size_t ss_size; } stack_t;
suseconds_t	include/asm/posix_types.h:typedef long __kernel_suseconds_t; include/linux/types.h:typedef __kernel_suseconds_t suseconds_t;
time_t	include/asm/posix_types.h:typedef long __kernel_time_t; include/linux/types.h:typedef __kernel_time_t time_t;
uid_t	include/asm/posix_types.h:typedef unsigned short __kernel_uid_t; include/linux/types.h:typedef __kernel_uid_t uid_t;
uint	include/linux/types.h:typedef unsigned int uint;
__u32	include/asm/types.h:typedef unsigned int __u32;

Struct Declarations

Here are the struct declarations for the table at the top:

exception_table_entry	include/linux/module.h: struct exception_table_entry { unsigned long insn, fixup; };
iovec	include/linux/uio.h: struct iovec { void *iov_base; __kernel_size_t iov_len; };
itimerval	include/linux/time.h: struct itimerval { struct timeval it_interval; /* timer interval / struct timeval it_value; / current value */ };
kernel_sym	include/linux/module.h: struct kernel_sym { unsigned long value; char name[60]; };
mmap_arg_struct	arch/i386/kernel/sys_i386.c: struct mmap_arg_struct { unsigned long addr; unsigned long len; unsigned long prot; unsigned long flags; unsigned long fd; unsigned long offset; };
module	include/linux/module.h: struct module { unsigned long size_of_struct; /* sizeof(module) / struct module next; const char name; unsigned long size; union { atomic_t usecount; long pad; } uc; unsigned long flags; / AUTOCLEAN et al / unsigned nsyms; unsigned ndeps; struct module_symbol syms; struct module_ref deps; struct module_ref refs; int (init)(void); void (cleanup)(void); const struct exception_table_entry ex_table_start; const struct exception_table_entry ex_table_end; /* Members past this point are extensions to the basic module support and are optional. Use mod_opt_member() to examine them. / const struct module_persist persist_start; const struct module_persist persist_end; int (can_unload)(void); };
module_persist	include/linux/module.h: struct module_persist; /* yes, it's empty */
module_ref	include/linux/module.h: struct module_ref { struct module dep; / "parent" pointer / struct module ref; /* "child" pointer / struct module_ref next_ref; };
module_symbol	include/linux/module.h: struct module_symbol { unsigned long value; const char *name; };
new_utsname	include/linux/utsname.h: struct new_utsname { char sysname[65]; char nodename[65]; char release[65]; char version[65]; char machine[65]; char domainname[65]; };
__old_kernel_stat	include/asm/stat.h: struct __old_kernel_stat { unsigned short st_dev; unsigned short st_ino; unsigned short st_mode; unsigned short st_nlink; unsigned short st_uid; unsigned short st_gid; unsigned short st_rdev; unsigned long st_size; unsigned long st_atime; unsigned long st_mtime; unsigned long st_ctime; };
oldold_utsname	include/linux/utsname.h: struct oldold_utsname { char sysname[9]; char nodename[9]; char release[9]; char version[9]; char machine[9]; };
old_sigaction	include/asm/signal.h: struct old_sigaction { __sighandler_t sa_handler; old_sigset_t sa_mask; unsigned long sa_flags; void (*sa_restorer)(void); };
old_utsname	include/linux/utsname.h: struct old_utsname { char sysname[65]; char nodename[65]; char release[65]; char version[65]; char machine[65]; };
pollfd	include/asm/poll.h: struct pollfd { int fd; short events; short revents; };
pt_regs	include/asm/ptrace.h: struct pt_regs { long ebx; long ecx; long edx; long esi; long edi; long ebp; long eax; int xds; int xes; long orig_eax; long eip; int xcs; long eflags; long esp; int xss; };
revectored_struct	include/asm/vm86.h: struct revectored_struct { unsigned long __map[8]; };
rlimit	include/linux/resource.h: struct rlimit { long rlim_cur; long rlim_max; };
rusage	include/linux/resource.h: struct rusage { struct timeval ru_utime; /* user time used / struct timeval ru_stime; / system time used / long ru_maxrss; / maximum resident set size / long ru_ixrss; / integral shared memory size / long ru_idrss; / integral unshared data size / long ru_isrss; / integral unshared stack size / long ru_minflt; / page reclaims / long ru_majflt; / page faults / long ru_nswap; / swaps / long ru_inblock; / block input operations / long ru_oublock; / block output operations / long ru_msgsnd; / messages sent / long ru_msgrcv; / messages received / long ru_nsignals; / signals received / long ru_nvcsw; / voluntary context switches / long ru_nivcsw; / involuntary '' */ };
sched_param	include/linux/sched.h: struct sched_param { int sched_priority; };
sel_arg_struct	arch/i386/kernel/sys_i386.c: struct sel_arg_struct { unsigned long n; fd_set inp, outp, exp; struct timeval tvp; };
sigaction	include/asm/signal.h: struct sigaction { __sighandler_t sa_handler; unsigned long sa_flags; void (sa_restorer)(void); sigset_t sa_mask; / mask last for extensibility */ };
stat	include/asm/stat.h: struct stat { unsigned short st_dev; unsigned short __pad1; unsigned long st_ino; unsigned short st_mode; unsigned short st_nlink; unsigned short st_uid; unsigned short st_gid; unsigned short st_rdev; unsigned short __pad2; unsigned long st_size; unsigned long st_blksize; unsigned long st_blocks; unsigned long st_atime; unsigned long __unused1; unsigned long st_mtime; unsigned long __unused2; unsigned long st_ctime; unsigned long __unused3; unsigned long __unused4; unsigned long __unused5;
statfs	include/asm/statfs.h: struct statfs { long f_type; long f_bsize; long f_blocks; long f_bfree; long f_bavail; long f_files; long f_ffree; __kernel_fsid_t f_fsid; long f_namelen; long f_spare[6]; };
__sysctl_args	include/linux/sysctl.h struct __sysctl_args { int name; int nlen; void oldval; size_t oldlenp; void newval; size_t newlen; unsigned long __unused[4]; };
sysinfo	include/linux/kernel.h: struct sysinfo { long uptime; /* Seconds since boot / unsigned long loads[3]; / 1, 5, and 15 minute load averages / unsigned long totalram; / Total usable main memory size / unsigned long freeram; / Available memory size / unsigned long sharedram; / Amount of shared memory / unsigned long bufferram; / Memory used by buffers / unsigned long totalswap; / Total swap space size / unsigned long freeswap; / swap space still available / unsigned short procs; / Number of current processes / char _f[22]; / Pads structure to 64 bytes */ };
timex	include/linux/timex.h: struct timex { unsigned int modes; /* mode selector / long offset; / time offset (usec) / long freq; / frequency offset (scaled ppm) / long maxerror; / maximum error (usec) / long esterror; / estimated error (usec) / int status; / clock command/status / long constant; / pll time constant / long precision; / clock precision (usec) (read only) / long tolerance; / clock frequency tolerance (ppm) * (read only) / struct timeval time; / (read only) / long tick; / (modified) usecs between clock ticks / long ppsfreq; / pps frequency (scaled ppm) (ro) / long jitter; / pps jitter (us) (ro) / int shift; / interval duration (s) (shift) (ro) / long stabil; / pps stability (scaled ppm) (ro) / long jitcnt; / jitter limit exceeded (ro) / long calcnt; / calibration intervals (ro) / long errcnt; / calibration errors (ro) / long stbcnt; / stability limit exceeded (ro) */ int :32; int :32; int :32; int :32; int :32; int :32; int :32; int :32; int :32; int :32; int :32; int :32; };
timespec	include/linux/time.h: struct timespec { time_t tv_sec; /* seconds / long tv_nsec; / nanoseconds */ };
timeval	include/linux/time.h: struct timeval { time_t tv_sec; /* seconds / suseconds_t tv_usec; / microseconds */ };
timezone	include/linux/time.h: struct timezone { int tz_minuteswest; /* minutes west of Greenwich / int tz_dsttime; / type of dst correction */ };
tms	include/linux/times.h struct tms { clock_t tms_utime; clock_t tms_stime; clock_t tms_cutime; clock_t tms_cstime; };
ustat	include/linux/types.h: struct ustat { __kernel_daddr_t f_tfree; __kernel_ino_t f_tinode; char f_fname[6]; char f_fpack[6]; };
utimbuf	include/linux/utime.h: struct utimbuf { time_t actime; time_t modtime; };
vm86plus_info_struct	include/asm/vm86.h: struct vm86plus_info_struct { unsigned long force_return_for_pic:1; unsigned long vm86dbg_active:1; unsigned long vm86dbg_TFpendig:1; unsigned long unused:28; unsigned long is_vm86pus:1; unsigned char vm86dbg_intxxtab[32]; };
vm86plus_struct	include/asm/vm86.h: struct vm86plus_struct { struct vm86_regs regs; unsigned long flags; unsigned long screen_bitmap; unsigned long cpu_type; struct revectored_struct int_revectored; struct revectored_struct int21_revectored; struct vm86plus_info_struct vm86plus; };
vm86_regs	include/asm/vm86.h: struct vm86_regs { /* normal regs, with special meaning for the segment descriptors.. / long ebx; long ecx; long edx; long esi; long edi; long ebp; long eax; long __null_ds; long __null_es; long __null_fs; long __null_gs; long orig_eax; long eip; unsigned short cs, __csh; long eflags; long esp; unsigned short ss, __ssh; / these are specific to v86 mode: */ unsigned short es, __esh; unsigned short ds, __dsh; unsigned short fs, __fsh; unsigned short gs, __gsh; };
vm86_struct	include/asm/vm86.h: struct vm86_struct { struct vm86_regs regs; unsigned long flags; unsigned long screen_bitmap; unsigned long cpu_type; struct revectored_struct int_revectored; struct revectored_struct int21_revectored; };

2009년 11월 10일 오후 5:58, 쏭알 <son...@gmail.com>님의 말:

Mobile: 010-8702-2744 (+82-10-8702-2744)
E-Mail: min...@minzkn.com, min...@hwport.com, min...@gmail.com, min...@arion.co.kr
MSN: minz...@hotmail.com
Homepage: http://www.minzkn.com
=-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-==-+-=
(주)아리온테크놀로지 / 선임연구원 / AV연구소 / 조재혁
경기도 안양시 동안구 호계2동 894 피카빌딩 3층 (431-836)
전화번호/팩스: 031-361-3156 / 031-361-3097

ARION Technology Inc. / Senior Engineer / AV R&D Lab. / Jae-Hyuk Cho
3F, Pica Bldg, 894 Hogye 2-Dong, Dongan-Gu, Anyang-City, Gyeonggi-Do, KOREA(ROK) (431-836)
TEL/FAX: +82-31-361-3156 / +82-31-361-3097

Website: www.arion.co.kr
===============================================================================================

송상욱

unread,

Dec 8, 2009, 9:14:41 PM12/8/09

to asm...@googlegroups.com

감사합니다. 조재혁님께 도움잘 받았습니다.^^

64비트에서도 동작을 시켜야해서 64비트 syscall_table을 찾아봤는데 찾기가 힘드네요

근데, 여러번의 테스트를 통해서 32비트의 ebx의 내용은 64비트의 rdi에 존재한다는걸 알아냈습니다.

그럼 날씨가 추운데 어셈러브 여러분 감기조심하세요.

2009/11/10 조재혁 <min...@gmail.com>

--~--~---------~--~----~------------~-------~--~----~
철학이 있는 개발자 모임 - 어셈러브
공개 웹사이트 http://www.asmlove.co.kr
그룹 : http://groups.google.co.kr/group/asmlove
이메일: asm...@googlegroups.com
-~----------~----~----~----~------~----~------~--~---

Reply all

Reply to author

Forward

0 new messages