lorenz.stechauner/BSc-Thesis
1
0
Fork 0
Code Activity

thesis: Complete 1.2

Browse Source
This commit is contained in:
Lorenz Stechauner
2025-08-05 14:29:17 +02:00
parent 92487d1d18
commit fdf999d0af
1 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
thesis/src/01.introduction.tex
View File

@@ -21,17 +21,38 @@ The availability of source code is a key concern when trying to intercept functi
\section{Definitions}\label{sec:definitions}
Lorem Ipsum.
\subsection{System Calls}\label{subsec:system-calls}
Lorem Ipsum.
First, function calls, system calls and their differences need to be defined.
The following subsections concern these definitions.
\subsection{Function Calls}\label{subsec:function-calls}
Lorem Ipsum.
Generally, a function in C (and also most other programming languages) is a piece of code which may be called and therefore executed from elsewhere.
Functions have zero or more arguments and return a single value.
When calling a function, the caller places the return address onto the stack.
This address indicates where the function should continue executing when it is finished.
Functions are used to structure programs, reuse functionality, or expose functionality in libraries.
Other languages than C differentiate between functions, methods, procedures and so on.
A function written in the source code is almost always compiled to a function in the resulting binary.
Intercepting calls to functions would one allow to see the name of the function, arguments, return value, and return address.
\subsection{System Calls}\label{subsec:system-calls}
In contrast to functions, system calls are calls to the kernel itself.
Many operations on a modern operating system require special privileges, which a simple user-space process does not have.
By invoking a system call, the (user-space) process hands control over to the (privileged) kernel and requests an operation to be performed.
How exactly these system calls work is architecture and system specific.
But generally, the process places the system call number, and its arguments in defined registers and then executes a special system call opcode.
Then the kernel executes the requested operation and places the return value inside another register, and lastly hands the execution back to the process.
Intercepting calls to system calls would one allow to see the system call number, arguments and return value.
One has to keep in mind, that many system-related functionalities are not in fact translated to system calls one-to-one.
For example \texttt{malloc}~\cite{malloc.3} has no dedicated system call, it is managed by the C standard library internally.
Many system calls have corresponding wrapper functions in the C standard library (like \texttt{open}, \texttt{close}, \texttt{sem\_wait}).
\section{Related Work}\label{sec:related-work}