Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
S
syscall-intercept
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
Simon McVittie
syscall-intercept
Commits
56394581
Commit
56394581
authored
Jul 07, 2017
by
Gabor Buella
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add syscall logging example
parent
0c6d03de
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
601 additions
and
0 deletions
+601
-0
examples/CMakeLists.txt
examples/CMakeLists.txt
+3
-0
examples/syscall_desc.c
examples/syscall_desc.c
+267
-0
examples/syscall_desc.h
examples/syscall_desc.h
+58
-0
examples/syscall_logger.c
examples/syscall_logger.c
+273
-0
No files found.
examples/CMakeLists.txt
View file @
56394581
...
...
@@ -36,3 +36,6 @@ target_link_libraries(icap PRIVATE syscall_intercept_shared)
add_library
(
fork_ban SHARED fork_ban.c
)
target_link_libraries
(
fork_ban PRIVATE syscall_intercept_shared
)
add_library
(
syscall_logger SHARED syscall_logger.c syscall_desc.c
)
target_link_libraries
(
syscall_logger PRIVATE syscall_intercept_shared
)
examples/syscall_desc.c
0 → 100644
View file @
56394581
/*
* Copyright 2017, Intel Corporation
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* * Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "syscall_desc.h"
#include <stddef.h>
#include <syscall.h>
#define SARGS(name, r, ...) \
[SYS_##name] = {#name, r, {__VA_ARGS__, }}
static
const
struct
syscall_desc
table
[]
=
{
SARGS
(
read
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
write
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
open
,
rdec
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
close
,
rdec
,
arg_fd
),
SARGS
(
stat
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
fstat
,
rdec
,
arg_fd
,
arg_
),
SARGS
(
lstat
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
poll
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
lseek
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
mmap
,
rhex
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_fd
,
arg_
),
SARGS
(
mprotect
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
munmap
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_fd
,
arg_
),
SARGS
(
brk
,
rdec
,
arg_
),
SARGS
(
rt_sigaction
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
rt_sigprocmask
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
rt_sigreturn
,
rdec
,
arg_none
),
SARGS
(
ioctl
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
pread64
,
rdec
,
arg_fd
,
arg_
,
arg_
,
arg_
),
SARGS
(
pwrite64
,
rdec
,
arg_fd
,
arg_
,
arg_
,
arg_
),
SARGS
(
readv
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
writev
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
access
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
pipe
,
rdec
,
arg_
),
SARGS
(
select
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
sched_yield
,
rdec
,
arg_none
),
SARGS
(
mremap
,
rhex
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
msync
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
mincore
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
madvise
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
shmget
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
shmat
,
rhex
,
arg_
,
arg_
,
arg_
),
SARGS
(
shmctl
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
dup
,
rdec
,
arg_fd
),
SARGS
(
dup2
,
rdec
,
arg_fd
,
arg_fd
),
SARGS
(
pause
,
rdec
,
arg_none
),
SARGS
(
nanosleep
,
rdec
,
arg_
,
arg_
),
SARGS
(
getitimer
,
rdec
,
arg_
,
arg_
),
SARGS
(
alarm
,
runsigned
,
arg_
),
SARGS
(
setitimer
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
getpid
,
rdec
,
arg_none
),
SARGS
(
sendfile
,
rdec
,
arg_fd
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
socket
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
connect
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
accept
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
sendto
,
rdec
,
arg_fd
,
arg_
,
arg_
,
arg_
),
SARGS
(
recvfrom
,
rdec
,
arg_fd
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
sendmsg
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
recvmsg
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
shutdown
,
rdec
,
arg_fd
,
arg_
),
SARGS
(
bind
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
listen
,
rdec
,
arg_fd
,
arg_
),
SARGS
(
getsockname
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
getpeername
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
socketpair
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
setsockopt
,
rdec
,
arg_fd
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
getsockopt
,
rdec
,
arg_fd
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
clone
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
fork
,
rdec
,
arg_none
),
SARGS
(
vfork
,
rdec
,
arg_none
),
SARGS
(
execve
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
exit
,
rdec
,
arg_
),
SARGS
(
wait4
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
kill
,
rdec
,
arg_
,
arg_
),
SARGS
(
uname
,
rdec
,
arg_
),
SARGS
(
semget
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
semop
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
semctl
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
shmdt
,
rdec
,
arg_
),
SARGS
(
msgget
,
rdec
,
arg_
,
arg_
),
SARGS
(
msgsnd
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
msgrcv
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
msgctl
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
fcntl
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
flock
,
rdec
,
arg_fd
,
arg_
),
SARGS
(
fsync
,
rdec
,
arg_fd
),
SARGS
(
fdatasync
,
rdec
,
arg_fd
),
SARGS
(
truncate
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
ftruncate
,
rdec
,
arg_fd
,
arg_
),
SARGS
(
getdents
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
getcwd
,
rdec
,
arg_
,
arg_
),
SARGS
(
chdir
,
rdec
,
arg_cstr
),
SARGS
(
fchdir
,
rdec
,
arg_fd
),
SARGS
(
rename
,
rdec
,
arg_cstr
,
arg_cstr
),
SARGS
(
mkdir
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
rmdir
,
rdec
,
arg_cstr
),
SARGS
(
creat
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
link
,
rdec
,
arg_cstr
,
arg_cstr
),
SARGS
(
unlink
,
rdec
,
arg_cstr
),
SARGS
(
symlink
,
rdec
,
arg_cstr
,
arg_cstr
),
SARGS
(
readlink
,
rdec
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
chmod
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
fchmod
,
rdec
,
arg_fd
,
arg_
),
SARGS
(
chown
,
rdec
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
fchown
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
lchown
,
rdec
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
umask
,
roct
,
arg_
),
SARGS
(
gettimeofday
,
rdec
,
arg_
,
arg_
),
SARGS
(
getrlimit
,
rdec
,
arg_
,
arg_
),
SARGS
(
getrusage
,
rdec
,
arg_
,
arg_
),
SARGS
(
sysinfo
,
rdec
,
arg_
,
arg_
),
SARGS
(
times
,
rdec
,
arg_
),
SARGS
(
ptrace
,
rhex
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
getuid
,
rdec
,
arg_none
),
SARGS
(
syslog
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
getgid
,
rdec
,
arg_none
),
SARGS
(
setuid
,
rdec
,
arg_
),
SARGS
(
setgid
,
rdec
,
arg_
),
SARGS
(
geteuid
,
rdec
,
arg_none
),
SARGS
(
getegid
,
rdec
,
arg_none
),
SARGS
(
setpgid
,
rdec
,
arg_none
),
SARGS
(
getpgrp
,
rdec
,
arg_none
),
SARGS
(
setsid
,
rdec
,
arg_none
),
SARGS
(
setreuid
,
rdec
,
arg_
,
arg_
),
SARGS
(
setregid
,
rdec
,
arg_
,
arg_
),
SARGS
(
getgroups
,
rdec
,
arg_
,
arg_
),
SARGS
(
setgroups
,
rdec
,
arg_
,
arg_
),
SARGS
(
setresuid
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
getresuid
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
setresgid
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
getresgid
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
getpgid
,
rdec
,
arg_
),
SARGS
(
setfsuid
,
rdec
,
arg_
),
SARGS
(
setfsgid
,
rdec
,
arg_
),
SARGS
(
getsid
,
rdec
,
arg_
),
SARGS
(
capget
,
rdec
,
arg_
,
arg_
),
SARGS
(
capset
,
rdec
,
arg_
,
arg_
),
SARGS
(
rt_sigpending
,
rdec
,
arg_
),
SARGS
(
rt_sigtimedwait
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
rt_sigqueueinfo
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
rt_sigsuspend
,
rdec
,
arg_
,
arg_
),
SARGS
(
sigaltstack
,
rdec
,
arg_
,
arg_
),
SARGS
(
utime
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
mknod
,
rdec
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
uselib
,
rdec
,
arg_cstr
),
SARGS
(
personality
,
rdec
,
arg_
),
SARGS
(
ustat
,
rdec
,
arg_
,
arg_
),
SARGS
(
statfs
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
fstatfs
,
rdec
,
arg_fd
,
arg_
),
SARGS
(
sysfs
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
getpriority
,
rdec
,
arg_
,
arg_
),
SARGS
(
setpriority
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
sched_setparam
,
rdec
,
arg_
,
arg_
),
SARGS
(
sched_getparam
,
rdec
,
arg_
,
arg_
),
SARGS
(
sched_setscheduler
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
sched_getscheduler
,
rdec
,
arg_
),
SARGS
(
sched_get_priority_max
,
rdec
,
arg_
),
SARGS
(
sched_get_priority_min
,
rdec
,
arg_
),
SARGS
(
sched_rr_get_interval
,
rdec
,
arg_
,
arg_
),
SARGS
(
mlock
,
rdec
,
arg_
,
arg_
),
SARGS
(
munlock
,
rdec
,
arg_
,
arg_
),
SARGS
(
mlockall
,
rdec
,
arg_
),
SARGS
(
munlockall
,
rdec
,
arg_none
),
SARGS
(
vhangup
,
rdec
,
arg_none
),
SARGS
(
modify_ldt
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
pivot_root
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
_sysctl
,
rdec
,
arg_
),
SARGS
(
prctl
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
arch_prctl
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
adjtimex
,
rdec
,
arg_
),
SARGS
(
setrlimit
,
rdec
,
arg_
,
arg_
),
SARGS
(
chroot
,
rdec
,
arg_cstr
),
SARGS
(
sync
,
rdec
,
arg_none
),
SARGS
(
acct
,
rdec
,
arg_cstr
),
SARGS
(
settimeofday
,
rdec
,
arg_
,
arg_
),
SARGS
(
mount
,
rdec
,
arg_cstr
,
arg_cstr
,
arg_
,
arg_
,
arg_
),
SARGS
(
umount2
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
swapon
,
rdec
,
arg_cstr
,
arg_
),
SARGS
(
swapoff
,
rdec
,
arg_cstr
),
SARGS
(
reboot
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
sethostname
,
rdec
,
arg_
,
arg_
),
SARGS
(
setdomainname
,
rdec
,
arg_
,
arg_
),
SARGS
(
iopl
,
rdec
,
arg_
),
SARGS
(
ioperm
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
gettid
,
rdec
,
arg_none
),
SARGS
(
readahead
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
setxattr
,
rdec
,
arg_cstr
,
arg_cstr
,
arg_
,
arg_
,
arg_
),
SARGS
(
lsetxattr
,
rdec
,
arg_cstr
,
arg_cstr
,
arg_
,
arg_
,
arg_
),
SARGS
(
fsetxattr
,
rdec
,
arg_fd
,
arg_cstr
,
arg_
,
arg_
,
arg_
),
SARGS
(
getxattr
,
rdec
,
arg_cstr
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
lgetxattr
,
rdec
,
arg_cstr
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
fgetxattr
,
rdec
,
arg_fd
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
listxattr
,
rdec
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
llistxattr
,
rdec
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
flistxattr
,
rdec
,
arg_cstr
,
arg_
,
arg_
),
SARGS
(
removexattr
,
rdec
,
arg_cstr
,
arg_cstr
),
SARGS
(
lremovexattr
,
rdec
,
arg_cstr
,
arg_cstr
),
SARGS
(
fremovexattr
,
rdec
,
arg_fd
,
arg_cstr
),
SARGS
(
tkill
,
rdec
,
arg_
,
arg_
),
SARGS
(
time
,
rdec
,
arg_
),
SARGS
(
futex
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
sched_setaffinity
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
sched_getaffinity
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
set_thread_area
,
rdec
,
arg_
),
SARGS
(
io_setup
,
rdec
,
arg_
,
arg_
),
SARGS
(
io_destroy
,
rdec
,
arg_
),
SARGS
(
io_getevents
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
io_submit
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
io_cancel
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
get_thread_area
,
rdec
,
arg_
),
SARGS
(
lookup_dcookie
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
epoll_create
,
rdec
,
arg_
),
SARGS
(
getdents64
,
rdec
,
arg_fd
,
arg_
,
arg_
),
SARGS
(
set_tid_address
,
rdec
,
arg_
),
SARGS
(
semtimedop
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
fadvise64
,
rdec
,
arg_fd
,
arg_
,
arg_
,
arg_
),
SARGS
(
timer_create
,
rdec
,
arg_
,
arg_
,
arg_
),
SARGS
(
timer_settime
,
rdec
,
arg_
,
arg_
,
arg_
,
arg_
),
SARGS
(
timer_gettime
,
rdec
,
arg_
,
arg_
),
SARGS
(
timer_getoverrun
,
rdec
,
arg_
),
SARGS
(
timer_delete
,
rdec
,
arg_
)
/* to be continued... at this point I got tired */
};
#undef SARGS
const
struct
syscall_desc
*
get_syscall_desc
(
long
syscall_number
)
{
if
(
syscall_number
<
0
)
return
NULL
;
if
((
size_t
)
syscall_number
>=
(
sizeof
(
table
)
/
sizeof
(
table
[
0
])))
return
NULL
;
return
table
+
syscall_number
;
}
examples/syscall_desc.h
0 → 100644
View file @
56394581
/*
* Copyright 2017, Intel Corporation
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* * Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef SYSCALL_INTERCEPT_EXAMPLE_LOGGING_H
#define SYSCALL_INTERCEPT_EXAMPLE_LOGGING_H
enum
arg_type
{
arg_none
,
arg_fd
,
arg_cstr
,
arg_
/* no special formatting implemented yet, print as hex number */
};
enum
return_type
{
rhex
,
rdec
,
runsigned
,
roct
};
struct
syscall_desc
{
const
char
*
name
;
enum
return_type
return_type
;
enum
arg_type
args
[
6
];
};
const
struct
syscall_desc
*
get_syscall_desc
(
long
syscall_number
);
#endif
examples/syscall_logger.c
0 → 100644
View file @
56394581
/*
* Copyright 2017, Intel Corporation
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* * Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "libsyscall_intercept_hook_point.h"
#include "syscall_desc.h"
#include <limits.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <syscall.h>
#include <unistd.h>
#include <fcntl.h>
#include <ctype.h>
#include <string.h>
long
log_fd
;
static
char
buffer
[
0x20000
];
static
char
*
nextc
;
static
size_t
buffer_avaliable
(
void
)
{
return
(
size_t
)(
sizeof
(
buffer
)
-
(
size_t
)(
nextc
-
buffer
));
}
static
const
char
xdigit
[
16
]
=
"0123456789abcdef"
;
static
void
print_fd
(
long
n
)
{
if
(
n
==
AT_FDCWD
)
nextc
+=
sprintf
(
nextc
,
"AT_FDCWD"
);
else
nextc
+=
sprintf
(
nextc
,
"%ld"
,
n
);
}
static
void
print_hex
(
long
n
)
{
nextc
+=
sprintf
(
nextc
,
"0x%lx"
,
n
);
}
#define CSTR_MAX_LEN 0x100
static
void
print_cstr_escaped
(
const
char
*
path
)
{
size_t
len
=
0
;
*
nextc
++
=
'"'
;
while
(
*
path
!=
'\0'
&&
len
<
CSTR_MAX_LEN
)
{
if
(
*
path
==
'\n'
)
{
*
nextc
++
=
'\\'
;
*
nextc
++
=
'n'
;
}
else
if
(
*
path
==
'\\'
)
{
*
nextc
++
=
'\\'
;
*
nextc
++
=
'\\'
;
}
else
if
(
*
path
==
'\t'
)
{
*
nextc
++
=
'\\'
;
*
nextc
++
=
't'
;
}
else
if
(
*
path
==
'\"'
)
{
*
nextc
++
=
'\\'
;
*
nextc
++
=
'"'
;
}
else
if
(
isprint
((
unsigned
char
)
*
path
))
{
*
nextc
++
=
*
path
;
}
else
{
*
nextc
++
=
'\\'
;
*
nextc
++
=
'x'
;
*
nextc
++
=
xdigit
[((
unsigned
char
)
*
path
)
/
0x10
];
*
nextc
++
=
xdigit
[((
unsigned
char
)
*
path
)
%
0x10
];
}
++
len
;
++
path
;
}
if
(
*
path
!=
'\0'
)
{
*
nextc
++
=
'.'
;
*
nextc
++
=
'.'
;
*
nextc
++
=
'.'
;
}
*
nextc
++
=
'"'
;
}
static
void
dump_log
(
void
)
{
if
(
nextc
==
buffer
)
return
;
syscall_no_intercept
(
SYS_write
,
log_fd
,
buffer
,
nextc
-
buffer
);
nextc
=
buffer
;
}
static
void
print_cstr
(
const
char
*
name
)
{
while
(
*
name
!=
'\0'
)
*
nextc
++
=
*
name
++
;
}
static
void
print_rdec
(
long
n
)
{
nextc
+=
sprintf
(
nextc
,
"%ld"
,
n
);
if
(
n
<
0
&&
n
>=
-
((
long
)
INT_MAX
))
{
print_cstr
(
" ("
);
/* See the glibc related man page for strerror_r */
#if (_POSIX_C_SOURCE >= 200112L) && !defined(_GNU_SOURCE)
if
(
strerror_r
((
int
)(
0
-
n
),
nextc
,
0x100
)
==
0
)
nextc
+=
strlen
(
nextc
);
else
print_cstr
(
"unknown error code"
);
#else
char
*
strerr_result
=
strerror_r
((
int
)(
0
-
n
),
nextc
,
0x100
);
if
(
strerr_result
!=
nextc
)
print_cstr
(
strerr_result
);
else
nextc
+=
strlen
(
nextc
);
#endif
print_cstr
(
")"
);
}
}
static
void
print_runsigned
(
long
n
)
{
nextc
+=
sprintf
(
nextc
,
"%lu"
,
(
unsigned
long
)
n
);
}
static
void
print_roct
(
long
n
)
{
nextc
+=
sprintf
(
nextc
,
"%lo"
,
n
);
}
#define MIN_AVAILABLE_REQUIRED (0x100 + 8 * CSTR_MAX_LEN)
static
void
print_unknown_syscall
(
long
syscall_number
,
long
args
[
static
6
],
long
result
)
{
nextc
+=
sprintf
(
nextc
,
"syscall(%ld"
,
syscall_number
);
for
(
unsigned
i
=
0
;
i
<
6
;
++
i
)
nextc
+=
sprintf
(
nextc
,
", 0x%lx"
,
args
[
i
]);
nextc
+=
sprintf
(
nextc
,
") = 0x%lx
\n
"
,
result
);
}
static
void
print_known_syscall
(
const
struct
syscall_desc
*
desc
,
const
long
args
[
static
6
],
long
result
)
{
print_cstr
(
desc
->
name
);
*
nextc
++
=
'('
;
for
(
unsigned
i
=
0
;
desc
->
args
[
i
]
!=
arg_none
;
++
i
)
{
if
(
i
>
0
)
print_cstr
(
", "
);
switch
(
desc
->
args
[
i
])
{
case
arg_fd
:
print_fd
(
args
[
i
]);
break
;
case
arg_cstr
:
print_hex
(
args
[
i
]);
print_cstr_escaped
((
const
char
*
)(
args
[
i
]));
break
;
default:
print_hex
(
args
[
i
]);
break
;
}
}
print_cstr
(
") = "
);
switch
(
desc
->
return_type
)
{
case
rhex
:
print_hex
(
result
);
break
;
case
rdec
:
print_rdec
(
result
);
break
;
case
runsigned
:
print_runsigned
(
result
);
break
;
case
roct
:
print_roct
(
result
);
break
;
}
*
nextc
++
=
'\n'
;
}
static
int
hook
(
long
syscall_number
,
long
arg0
,
long
arg1
,
long
arg2
,
long
arg3
,
long
arg4
,
long
arg5
,
long
*
result
)
{
*
result
=
syscall_no_intercept
(
syscall_number
,
arg0
,
arg1
,
arg2
,
arg3
,
arg4
,
arg5
);
long
args
[
6
]
=
{
arg0
,
arg1
,
arg2
,
arg3
,
arg4
,
arg5
};
const
struct
syscall_desc
*
desc
=
get_syscall_desc
(
syscall_number
);
if
(
desc
!=
NULL
)
print_known_syscall
(
desc
,
args
,
*
result
);
else
print_unknown_syscall
(
syscall_number
,
args
,
*
result
);
if
(
buffer_avaliable
()
<
MIN_AVAILABLE_REQUIRED
)
dump_log
();
return
0
;
}
static
__attribute__
((
constructor
))
void
start
(
void
)
{
const
char
*
path
=
getenv
(
"SYSCALL_LOG_PATH"
);
nextc
=
buffer
;
if
(
path
==
NULL
)
syscall_no_intercept
(
SYS_exit_group
,
3
);
log_fd
=
syscall_no_intercept
(
SYS_open
,
path
,
O_CREAT
|
O_RDWR
,
0700
);
if
(
log_fd
<
0
)
syscall_no_intercept
(
SYS_exit_group
,
4
);
intercept_hook_point
=
&
hook
;
}
static
__attribute__
((
destructor
))
void
end
(
void
)
{
dump_log
();
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment