04-05-2010
how to distinguish entry/exit of a syscall when using ptrace?
Hi all,
I am using ptrace to keep track of clone syscalls in a program. However, I found that the traced syscall cant be paired. for example, there are some syscalls that have entry, but without exit showing up in the traced sequences. So, is there anyway to distinguish the entry and exit of a system call, when using ptrace? Any idea is appreciated, thanks
Tang
10 More Discussions You Might Find Interesting
1. AIX
Hello,
In a script shell, I have a variable containing the name of a file and I would like to distinguish the name from the extention of the file. For example, the file 'myfile.txt' is in a variable called $VAR. How can I obtain 2 variables, one with 'myfile' and the other with 'txt' ?
Thank you (2 Replies)
Discussion started by: tbeghain
2 Replies
2. Programming
I have a question regarding the recv syscall.
Suppose I have a client/server and the following exchange of message took place:
Client --> Server using multiple send syscalls one after another immediately:
send "Packet1"
send "Packet2"
send "Packet3"
Server receives in the... (2 Replies)
Discussion started by: heljy
2 Replies
3. HP-UX
how to distinguish different files and choose a mode while ftp?means which modes ascii or binary for zip(.gz) ,.txt,.sh,.dat and executable as well as movie files. (1 Reply)
Discussion started by: megh
1 Replies
4. Programming
I am working on solaris 9. and use gmake to compile and linke c/c++ program.
anybody can tell me the distinguish between gmake and make? :confused: (10 Replies)
Discussion started by: robin.zhu
10 Replies
5. Programming
Hi all,
i just started started learning system programming and want to pursue a career in the sys prog area.
below is the program that use a fork() call.
i read in one of the tutorials that parent process and child process uses different address spaces and runs concurrently.
that meas each... (2 Replies)
Discussion started by: MrUser
2 Replies
6. UNIX for Dummies Questions & Answers
I saw somewhere that describe read() as a primitive. But when I lean signals, it says the read() may be interrupted by a signal.
My Question:
1, What is the diffence between primitive and reentrant?
2, Is read() a primitive or reentrant?
3, Are all system calls primitive or reentrant? (2 Replies)
Discussion started by: vistastar
2 Replies
7. SCO
Hello,
is there any command in SCO unix by which I can check if the file system is HTFS or DTFS?
Thanks (1 Reply)
Discussion started by: Mick
1 Replies
8. UNIX for Advanced & Expert Users
Hello Experts,
If a Solaris process is calling some syscall, and right now execution is inside syscall doing only CPU work, for example the inside simplest times syscall,
-> app_func
=> times
<< we are here now, we have entered in the times, but not exited yet
<= times
<- app_func... (9 Replies)
Discussion started by: sant
9 Replies
9. Programming
Hello to all
I want download a file in osx intel 64 with NASM , I want to use socket syscall
This is part of my code
section .data
command db "GET /test/2.gif HTTP/1.1\r\nHost: 10.1.1.187\r\n\r\n", 0
; url db "http://172.16.207.153/test/2.gif", 0
global main... (1 Reply)
Discussion started by: recher.jack
1 Replies
10. How to Post in the The UNIX and Linux Forums
Hi All,
Please help me and guide me to write a bash/shell script on Linux box to delete parent entry with all their child entries.
example:
Parent is :
----------
dn: email=yogesh.kumar@wipro.com, o=wipro, o=in
child is:
----------
dn: cn: yogesh kumar, email=yogesh.kumar@wipro.com,... (1 Reply)
Discussion started by: Chand
1 Replies
LEARN ABOUT CENTOS
ausyscall
AUSYSCALL:(8) System Administration Utilities AUSYSCALL:(8)
NAME
ausyscall - a program that allows mapping syscall names and numbers
SYNOPSIS
ausyscall [arch] name | number | --dump | --exact
DESCRIPTION
ausyscall is a program that prints out the mapping from syscall name to number and reverse for the given arch. The arch can be anything
returned by `uname -m`. If arch is not given, the program will take a guess based on the running image. You may give the syscall name or
number and it will find the opposite. You can also dump the whole table with the --dump option. By default a syscall name lookup will be a
substring match meaning that it will try to match all occurrences of the given name with syscalls. So giving a name of chown will match
both fchown and chown as any other syscall with chown in its name. If this behavior is not desired, pass the --exact flag and it will do an
exact string match.
This program can be used to verify syscall numbers on a biarch platform for rule optimization. For example, suppose you had an auditctl
rule:
-a always, exit -S open -F exit=-EPERM -k fail-open
If you wanted to verify that both 32 and 64 bit programs would be audited, run "ausyscall i386 open" and then "ausyscall x86_64 open". Look
at the returned numbers. If they are different, you will have to write two auditctl rules to get complete coverage.
-a always,exit -F arch=b32 -S open -F exit=-EPERM -k fail-open
-a always,exit -F arch=b64 -S open -F exit=-EPERM -k fail-open
For more information about a specific syscall, use the man program and pass the number 2 as an argument to make sure that you get the
syscall information rather than a shell script program or glibc function call of the same name. For example, if you wanted to learn about
the open syscall, type: man 2 open.
OPTIONS
--dump Print all syscalls for the given arch
--exact
Instead of doing a partial word match, match the given syscall name exactly.
SEE ALSO
ausearch(8), auditctl(8).
AUTHOR
Steve Grubb
Red Hat Nov 2008 AUSYSCALL:(8)