thesis: Complete 1.2
This commit is contained in:
@@ -21,17 +21,38 @@ The availability of source code is a key concern when trying to intercept functi
|
|||||||
|
|
||||||
\section{Definitions}\label{sec:definitions}
|
\section{Definitions}\label{sec:definitions}
|
||||||
|
|
||||||
Lorem Ipsum.
|
First, function calls, system calls and their differences need to be defined.
|
||||||
|
The following subsections concern these definitions.
|
||||||
|
|
||||||
\subsection{System Calls}\label{subsec:system-calls}
|
|
||||||
|
|
||||||
Lorem Ipsum.
|
|
||||||
|
|
||||||
|
|
||||||
\subsection{Function Calls}\label{subsec:function-calls}
|
\subsection{Function Calls}\label{subsec:function-calls}
|
||||||
|
|
||||||
Lorem Ipsum.
|
Generally, a function in C (and also most other programming languages) is a piece of code which may be called and therefore executed from elsewhere.
|
||||||
|
Functions have zero or more arguments and return a single value.
|
||||||
|
When calling a function, the caller places the return address onto the stack.
|
||||||
|
This address indicates where the function should continue executing when it is finished.
|
||||||
|
|
||||||
|
Functions are used to structure programs, reuse functionality, or expose functionality in libraries.
|
||||||
|
Other languages than C differentiate between functions, methods, procedures and so on.
|
||||||
|
A function written in the source code is almost always compiled to a function in the resulting binary.
|
||||||
|
|
||||||
|
Intercepting calls to functions would one allow to see the name of the function, arguments, return value, and return address.
|
||||||
|
|
||||||
|
|
||||||
|
\subsection{System Calls}\label{subsec:system-calls}
|
||||||
|
|
||||||
|
In contrast to functions, system calls are calls to the kernel itself.
|
||||||
|
Many operations on a modern operating system require special privileges, which a simple user-space process does not have.
|
||||||
|
By invoking a system call, the (user-space) process hands control over to the (privileged) kernel and requests an operation to be performed.
|
||||||
|
|
||||||
|
How exactly these system calls work is architecture and system specific.
|
||||||
|
But generally, the process places the system call number, and its arguments in defined registers and then executes a special system call opcode.
|
||||||
|
Then the kernel executes the requested operation and places the return value inside another register, and lastly hands the execution back to the process.
|
||||||
|
|
||||||
|
Intercepting calls to system calls would one allow to see the system call number, arguments and return value.
|
||||||
|
One has to keep in mind, that many system-related functionalities are not in fact translated to system calls one-to-one.
|
||||||
|
For example \texttt{malloc}~\cite{malloc.3} has no dedicated system call, it is managed by the C standard library internally.
|
||||||
|
Many system calls have corresponding wrapper functions in the C standard library (like \texttt{open}, \texttt{close}, \texttt{sem\_wait}).
|
||||||
|
|
||||||
|
|
||||||
\section{Related Work}\label{sec:related-work}
|
\section{Related Work}\label{sec:related-work}
|
||||||
|
|||||||
Reference in New Issue
Block a user