As I understand it in the kernel module there is no ptrace, but I need ptrace to trace the process, if not ptrace, then which function should I use for the kernel module?
- Do you want to trace the process from the kernel module? Why so hard? - avp
- Well, I need it on assignment - hasded
- As far as I remember your previous question on this topic, there was no discussion about tracing. You better publish the entire text of the task. - avp
- oneWrite a driver that searches in the memory specified by the process name specified when loading the string. In case of detection, the driver should save the line after the detected one to a file. The search string and the process name are specified when loading the driver. - hasded
|
2 answers
ptrace () is a system call. It is implemented in the kernel. Carefully study the kernel code.
Update based on a job comment.
Immediately I warn you, I never read the Linux kernel source, so the tips are more likely hypothetical.
1) The kernel should have a list of processes, most likely this is a list of process control blocks (let's call the PCB). Your task is to find it and learn how to navigate it (sequentially sort through the PCB).
2) In the PCB there should be a link to the command line arguments (apparently, this is the one that you have been given).
3) The PCB should have a link to the process memory card (corresponding to the virtual addresses of the process and the physical memory pages). Here you are looking for the specified string. You have to view it (process memory card) and do a "remapping", displaying some of your page (or rather a couple of pages, as the page border may be inside the line you are looking for) to the physical pages of the process (there are probably functions in the kernel for this, modifying MMU).
Apparently the most difficult thing is to synchronize the work of your module with the rest of the system. It is possible (although probably very bad) to prohibit interruptions, but what if the page is not loaded into RAM?
Vobschem here we must seriously understand. Indeed, you can see what the ptrace () system call code does when requesting a read address (the trace has nothing to do with it (just the name for it is such)).
Successes!
avp avp
37.4k 3 35 90
- well, how? do this? ((((please tell me the implementation! Namely which library to connect and at least sample code! I beg you! - hasded
- @ Dmitry, you are sorry, but now I have no opportunity to dive into the Linux sources. - avp
- Well, at least what kind of library you need to connect please tell me! sys / ptrace.h linux / ptrace.h not working - hasded
- ptrace for kernel module? I think you want a strange one. Very strange. Look, for example, here wiki.opennet.ru/Linux_kernel_debug - alexlz
- Thanks a lot for the explanation !!!) - hasded
|
It seems to me that you first need to deal with the kernel device and the principles of writing modules. Read some books on this topic and in parallel study the source code. In my opinion, you just do not very well imagine the whole picture.
skegg skegg
21.7k one thirty 60
- yes, and I know, I don’t know, if this function doesn’t start at all, in the internet I found the source code for ptrace but purely at the level of user programs, and not for the module ((( - hasded
- And it is natural. Could you write where such strange ideas come from? (Type of pulling himself out of the swamp for hair like B. Munchausen) - alexlz
- laboratory assignment - hasded
- oneAre you sure that there is no mistake in the formulation of the task? Because the explanations of how ptrace works, and why it cannot be used for kernel components, probably go beyond the laboratory. (Perhaps a module in a task is understood not as a kernel module - this is a definite term, but something else) - alexlz
- 2PTRACE_ATTACH allows you to connect someone else's process to yourself as a child. - avp
|