Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

how to distinguish entry/exit of a syscall when using ptrace?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users how to distinguish entry/exit of a syscall when using ptrace?
# 1  
Old 04-05-2010
how to distinguish entry/exit of a syscall when using ptrace?
Hi all,
I am using ptrace to keep track of clone syscalls in a program. However, I found that the traced syscall cant be paired. for example, there are some syscalls that have entry, but without exit showing up in the traced sequences. So, is there anyway to distinguish the entry and exit of a system call, when using ptrace? Any idea is appreciated, thanks

Tang
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. How to Post in the The UNIX and Linux Forums

Help me, write a bash script to delete parent entry with all their child entry in LDAP UNIX server

Hi All, Please help me and guide me to write a bash/shell script on Linux box to delete parent entry with all their child entries. example: Parent is : ---------- dn: email=yogesh.kumar@wipro.com, o=wipro, o=in child is: ---------- dn: cn: yogesh kumar, email=yogesh.kumar@wipro.com,... (1 Reply)
Discussion started by: Chand
1 Replies

2. Programming

Download file with socket syscall

Hello to all I want download a file in osx intel 64 with NASM , I want to use socket syscall This is part of my code section .data command db "GET /test/2.gif HTTP/1.1\r\nHost: 10.1.1.187\r\n\r\n", 0 ; url db "http://172.16.207.153/test/2.gif", 0 global main... (1 Reply)
Discussion started by: recher.jack
1 Replies

3. UNIX for Advanced & Expert Users

Process on CPU inside syscall

Hello Experts, If a Solaris process is calling some syscall, and right now execution is inside syscall doing only CPU work, for example the inside simplest times syscall, -> app_func => times << we are here now, we have entered in the times, but not exited yet <= times <- app_func... (9 Replies)
Discussion started by: sant
9 Replies

4. SCO

Distinguish between file systems

Hello, is there any command in SCO unix by which I can check if the file system is HTFS or DTFS? Thanks (1 Reply)
Discussion started by: Mick
1 Replies

5. UNIX for Dummies Questions & Answers

is read() syscall really a primitive?

I saw somewhere that describe read() as a primitive. But when I lean signals, it says the read() may be interrupted by a signal. My Question: 1, What is the diffence between primitive and reentrant? 2, Is read() a primitive or reentrant? 3, Are all system calls primitive or reentrant? (2 Replies)
Discussion started by: vistastar
2 Replies

6. Programming

Fork syscall and related issues

Hi all, i just started started learning system programming and want to pursue a career in the sys prog area. below is the program that use a fork() call. i read in one of the tutorials that parent process and child process uses different address spaces and runs concurrently. that meas each... (2 Replies)
Discussion started by: MrUser
2 Replies

7. Programming

what is the distinguish between gmake and make?

I am working on solaris 9. and use gmake to compile and linke c/c++ program. anybody can tell me the distinguish between gmake and make? :confused: (10 Replies)
Discussion started by: robin.zhu
10 Replies

8. HP-UX

how to distinguish different files while ftp?

how to distinguish different files and choose a mode while ftp?means which modes ascii or binary for zip(.gz) ,.txt,.sh,.dat and executable as well as movie files. (1 Reply)
Discussion started by: megh
1 Replies

9. Programming

recv syscall for socket programming

I have a question regarding the recv syscall. Suppose I have a client/server and the following exchange of message took place: Client --> Server using multiple send syscalls one after another immediately: send "Packet1" send "Packet2" send "Packet3" Server receives in the... (2 Replies)
Discussion started by: heljy
2 Replies

10. AIX

distinguish the extension of a file

Hello, In a script shell, I have a variable containing the name of a file and I would like to distinguish the name from the extention of the file. For example, the file 'myfile.txt' is in a variable called $VAR. How can I obtain 2 variables, one with 'myfile' and the other with 'txt' ? Thank you (2 Replies)
Discussion started by: tbeghain
2 Replies
Login or Register to Ask a Question

LEARN ABOUT SUSE

ausyscall

AUSYSCALL:(8)						  System Administration Utilities					     AUSYSCALL:(8)

NAME

       ausyscall - a program that allows mapping syscall names and numbers

SYNOPSIS

       ausyscall [arch] name | number | --dump | --exact

DESCRIPTION

       ausyscall  is  a  program  that prints out the mapping from syscall name to number and reverse for the given arch. The arch can be anything
       returned by uname -m. If arch is not given, the program will take a guess based on the running image. You may give the syscall name or num-
       ber  and  it  will  find the opposite. You can also dump the whole table with the --dump option. By default a syscall name lookup will be a
       substring match meaning that it will try to match all occurances of the given name with syscalls. So giving a name of chown will match both
       fchown  and  chown  as  any  other syscall with chown in its name. If this behavior is not desired, pass the --exact flag and it will do an
       exact string match.

       This program can be used to verify syscall numbers on a biarch platform for rule optimization. For example, suppose  you  had  an  auditctl
       rule:

       -a always, exit -S open -F exit=-EPERM -k fail-open

       If you wanted to verify that both 32 and 64 bit programs would be audited, run "ausyscall i386 open" and then "ausyscall x86_64 open". Look
       at the returned numbers. If they are different, you will have to write two auditctl rules to get complete coverage.

       -a always,exit -F arch=b32 -S open -F exit=-EPERM -k fail-open
       -a always,exit -F arch=b64 -S open -F exit=-EPERM -k fail-open

OPTIONS

       --dump Print all syscalls for the given arch

       --exact
	      Instead of doing a partial word match, match the given syscall name exactly.

SEE ALSO

       ausearch(8), auditctl(8).

AUTHOR

       Steve Grubb

Red Hat 							     Nov 2008							     AUSYSCALL:(8)