Next, you have a syscall probe.
接下来是一个syscall探针。
Listing 1: Sample syscall ProbeVue script.
清单1:系统调用ProbeVue脚本示例。
The request_key syscall searches a process keyring for a key.
request_key系统调用搜索一个进程keyring,寻找一个密钥。
The add_key syscall is used to create keys of type type and length plen.
add_key系统调用用来创建类型为type、长度为plen的密钥。
Finally, the syscall keyctl provides a number of functions for managing keys.
最后,系统调用keyctl提供许多用来管理密钥的函数。
The -s socketcall indicates that this audit rule is for the socketcall syscall.
ssocketcall说明了这个审计规则是用于socketcall系统调用的。
Under UNIX, calling the kernel consists of an operation known as a syscall or trap.
UNIX下的内核调用由所谓的syscall或者trap操作构成。
With syscall probes, the input arguments and return values are available to the VUE script.
通过使用系统调用探测,可以在vue脚本中使用输入参数和返回值。
The syscall function is architecture specific but uses a mechanism to transfer control to the kernel.
syscall函数特定于架构,使用一种机制将控制权交给内核。
With the first method, you call your new functions as identified by their index through the syscall function.
使用第一种方法,您可以通过syscall函数调用由其索引所标识的新函数。
As you can see, the syscall function includes as its first argument the index of the system call table to use.
正如您所见,syscall函数使用了系统调用表中使用的索引作为第一个参数。
With the syscall function, you can call a system call by specifying its call index and a set of arguments.
使用syscall函数,您可以通过指定它的调用索引和一组参数来调用系统调用。
I have 2 versions of the syscall vector, with one of them containing addresses of modified sys call code.
我有2个版本的系统调用向量,其中含有改性系统的地址调用代码。
System call probes, or syscall probes, are probes used to probe functions in the libc library as well as the kenel.
系统调用探测(即syscall 探测)用来探测libc库和内核中的函数。
In the end, the syscall interface provides the means to transfer control between the user-space application and the kernel.
最后,系统调用接口提供了在用户空间应用程序和内核之间转移控制的方法。
Note also that the input (syscall number) is consumed (used) before the output (the return value of syscall) is produced.
另请注意,输入(syscall号)在产生输出(syscall的返回值)之前被消耗(使用)。
For example, the mnkod (2) syscall is implemented by creating a plain file, then recording the requested file type in the pseudo database.
例如,mnkod(2)系统调用是通过创建一个纯文本文件来实现,然后在pseudo数据库中记录所请求的文件类型。
The socketcall syscall is multiplexed on the i386 architecture, so the -F a0=2 is required to limit the audit records generated to bind only.
这个 socketcall 系统调用在i386架构上是多元的,因此需要使用-Fa0=2 选项将所生成的审计记录仅仅限制在bind 上。
With syscall probes, a probe can be defined for either the entry or exit of the function call. The general form of a syscall probe is as follows
可以为函数调用的进入或退出定义探测。
According to a report, the problem occurs because the 32-bit call emulation layer does not check whether the call is truly in the Syscall table.
据报道,问题出自32位的调用模拟层没有验证调用是否存在于系统调用表中。
Now that basic explanations of the script syntax and probe types have been covered, let's take a look at a simple ProbeVue script that USES a syscall probe.
前面已经简要解释了脚本语法和探测类型,现在来看一个使用系统调用探测的简单probevue脚本。
During early testing, I ran pseudo with the server modified to randomly crash about one syscall in three, with the intent of carefully testing this functionality.
在早期测试中,我将服务器修改为在大约每三个系统调用中随机崩溃一次,用这种方法来测试重新启动功能。
The Go language on Google App Engine is a subset of the full Go language, avoiding the unsafe and syscall libraries, but including AppEngine specific APIs such as DataStore, Blobstore and so on.
GAE上的Go语言是整个Go语言的一个子集,没有unsafe和syscall库,但是包括了AppEngine特定的API,比如DataStore、Blobstore等等。
The Go language on Google App Engine is a subset of the full Go language, avoiding the unsafe and syscall libraries, but including AppEngine specific APIs such as DataStore, Blobstore and so on.
GAE上的Go语言是整个Go语言的一个子集,没有unsafe和syscall库,但是包括了AppEngine特定的API,比如DataStore、Blobstore等等。
应用推荐