thesis: Start Chapter 1

thesis/src/01.introduction.tex

@@ -3,18 +3,53 @@
 
 Lorem Ipsum.
 
-\section{TODO: Why intercept?}
+
+\section{Motivation and Goal}\label{sec:motivation-and-goal}
 
 Lorem Ipsum.
 
-\section{TODO: Why are current solutions not enough?}
+
+\section{Definitions}\label{sec:definitions}
 
 Lorem Ipsum.
 
-\section{TODO: Linux/C/ELF call structure}
+
+\subsection{System Calls}\label{subsec:system-calls}
 
 Lorem Ipsum.
 
-\section{TODO: System Calls vs. Function Calls}\label{sec:system-calls-vs-function-calls}
+
+\subsection{Function Calls}\label{subsec:function-calls}
 
 Lorem Ipsum.
+
+
+\section{Related Work}\label{sec:related-work}
+
+See also Section~\ref{sec:methods-for-intercepting}.
+
+Lorem Ipsum.
+
+https://dl.acm.org/doi/10.1145/3728874
+
+
+
+What other solutions are available?
+What are the differences?
+What are the characteristics?
+
+
+\subsection{GDB Checker}\label{subsec:gdb-checker}
+
+Lorem Ipsum.
+
+
+\subsection{zpoline}\label{subsec:zpoline}
+
+Lorem Ipsum.
+\cite{zpoline}
+
+\subsection{DataHook}\label{subsec:datahook}
+
+Lorem Ipsum.
+\cite{datahook}

thesis/src/02.intercept.tex

@@ -11,7 +11,7 @@ For that see Chapter~\ref{ch:manipulating-function-calls}.
 \section{Identified Methods for Intercepting Function and System Calls}\label{sec:methods-for-intercepting}
 
 First, one has to answer the question on \textit{how exactly} to intercept function or system calls.
-At the beginning of this work it was not yet determined if the interception of function calls, system calls, or both should be used to achieve the overarching goal (see\todo{Goals}).
+At the beginning of this work it was not yet determined if the interception of function calls, system calls, or both should be used to achieve the overarching goal (see Section~\ref{sec:motivation-and-goal}).
 This first section tries to list all possible methods on how to intercept function or system calls but does not claim completeness.
 The order of the following subsections is roughly based on the thought process on finding the most appropriate method suitable for this work.
 
@@ -217,7 +217,7 @@ Although, one has to be aware that not only function calls inside the targeted b
 \subsection{Conclusion}\label{subsec:methods-for-intercepting-conclusion}
 
 During the research on different approaches to intercepting system and function calls,
-it has been found that the most reliable way to achieve the goals of this work (see \todo{Goals}) is to intercept function calls instead of system calls.
+it has been found that the most reliable way to achieve the goals of this work (see Section~\ref{sec:motivation-and-goal}) is to intercept function calls instead of system calls.
 This is because (as long as the programs to test are dynamically linked), intercepting function calls allows one to intercept many more calls and in a more flexible way.
 Therefore, from now on this work only considers function calls and no system calls directly.
 

thesis/src/03.manipulate.tex

@@ -106,7 +106,7 @@ This may be the case when the following function calls differ from those which w
 
 \subsection{Testing Return Value Checks}\label{subsec:testing-return-value-checks}
 
-Figure~\ref{fig:call-sequence} shows the simplified and collapsed call sequence graph of prior example in Section~\ref{sec:intercepting-example}.
+Figure~\ref{fig:call-sequence} shows the simplified and collapsed call sequence graph of the prior example in Section~\ref{sec:intercepting-example}.
 Each edge between two nodes without any label indicates the next function call on a normal run of the program.
 Edges labeled with ``fail'' indicate the next function call after a mocked failed call.
 In reality, there are multiple failing paths, each for every possible error return value, but in this example they all yield the same resulting path, therefore, they have been collapsed.
@@ -116,8 +116,8 @@ This test seems trivial at first.
 The simplest approach is to verify that after a failing function call only ``cleanup'' function calls (\texttt{free}, \texttt{close}, \texttt{exit}, \dots) follow.
 For simple programs, this assumption may hold, but there are many exceptions.
 For example, what if the program recognizes the failed call correctly as failed but recovers and continues to operate normally?
-Or what if the ``cleanup'' path is very complex and includes function calls not prior marked as valid cleanup functions?
-However, for simple programs (like those mentioned in\todo{Goals}) the simplest approach from above suffices.
+Or what if the ``cleanup'' path is very complex and includes function calls not priorly marked as valid cleanup functions?
+However, for simple programs (like those mentioned in Section~\ref{sec:motivation-and-goal}), the simplest approach from above suffices.
 
 \begin{figure}
   \begin{tikzpicture}[node distance=15mm, thick, main/.style = {draw, circle}, text centered]

thesis/src/04.related-work.tex

@@ -1,18 +0,0 @@
-
-\chapter{Related Work}\label{ch:related-work}
-
-Lorem Ipsum.
-
-What other solutions are available?
-What are the differences?
-What are the characteristics?
-
-
-\section{GDB Checker}\label{sec:gdb-checker}
-
-Lorem Ipsum.
-
-
-\section{zpoline}\label{sec:zpoline}
-
-Lorem Ipsum.

thesis/src/99.intercept.bib

@@ -50,3 +50,32 @@
     title = {Using the GNU Compiler Collection (GCC)},
     url = {https://gcc.gnu.org/onlinedocs/gcc/index.html},
 }
+@inproceedings{zpoline,
+    author = {Kenichi Yasukata and Hajime Tazaki and Pierre-Louis Aublin and Kenta Ishiguro},
+    title = {zpoline: a system call hook mechanism based on binary rewriting},
+    booktitle = {2023 USENIX Annual Technical Conference (USENIX ATC '23)},
+    year = {2023},
+    isbn = {978-1-939133-35-9},
+    address = {Boston, MA},
+    pages = {293--300},
+    url = {https://www.usenix.org/conference/atc23/presentation/yasukata},
+    publisher = {USENIX Association},
+    month = jul,
+}
+@article{datahook,
+    author = {Hong, Quan and Li, Jiaqi and Zhang, Wen and Zhai, Lidong},
+    title = {DataHook: An Efficient and Lightweight System Call Hooking Technique without Instruction Modification},
+    year = {2025},
+    issue_date = {July 2025},
+    publisher = {Association for Computing Machinery},
+    address = {New York, NY, USA},
+    volume = {2},
+    number = {ISSTA},
+    url = {https://doi.org/10.1145/3728874},
+    doi = {10.1145/3728874},
+    journal = {Proc. ACM Softw. Eng.},
+    month = jun,
+    articleno = {ISSTA005},
+    numpages = {21},
+    keywords = {DataHook, Hooking technique, Software analysis, Software debugging, System call}
+}

thesis/thesis.tex

@@ -91,7 +91,7 @@
 
 % Required data.
 \setregnumber{12119052}
-\setdate{01}{06}{2025} % Set date with 3 arguments: {day}{month}{year}.
+\setdate{01}{08}{2025} % Set date with 3 arguments: {day}{month}{year}.
 \settitle{\thesistitle}{Abfangen und Manipulieren von\\System-/Funktionsaufrufen in\\Linux-Systemen} % Sets English and German version of the title (both can be English or German). If your title contains commas, enclose it with additional curvy brackets (i.e., {{your title}}) or define it as a macro as done with \thesistitle.
 %\setsubtitle{Optional Subtitle of the Thesis}{Optionaler Untertitel der Arbeit} % Sets English and German version of the subtitle (both can be English or German).
 
@@ -152,14 +152,13 @@
 \input{src/01.introduction}
 \input{src/02.intercept}
 \input{src/03.manipulate}
-\input{src/04.related-work}
-\input{src/05.conclusion}
+\input{src/04.conclusion}
 \backmatter
 
 % Declare the use of AI tools as mentioned in the statement of originality.
 % Use either the English aitools or the German kitools.
 \begin{aitools}
-\todo{Enter your text here.}
+No generative AI tools were used in and for this work whatsoever.
 \end{aitools}
 
 %\begin{kitools}
@@ -174,8 +173,8 @@
 \listoftables % Starred version, i.e., \listoftables*, removes the toc entry.
 
 % Use an optional list of algorithms.
-\listofalgorithms
-\addcontentsline{toc}{chapter}{List of Algorithms}
+%\listofalgorithms
+%\addcontentsline{toc}{chapter}{List of Algorithms}
 
 % Use an optional list of listings.
 \cleardoublepage