本文介绍了我们可以在内核空间中调用系统调用吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有时候,当我们不得不在内核系统中调用系统调用时,我们会调用它的助手或相关的内核函数,而不是执行"syscall".我仍然想知道我们可以在内核空间中调用系统调用吗?如果没有,那么阻止我们这样做的原因.

Sometimes, when we have to call system call in kernel system, we invoke it's helper or related kernel functions, instead do 'syscall'. I am still wondering can we call system call in kernel space? If not, what stops us doing that.

我的问题有点奇怪.

推荐答案

实际上,与流行的看法(以及此处的一些答案)相反,答案是可以的,但是取决于哪个操作系统:

Actually, contrary to popular belief (and some answers here), the answer is, yes, you can, but depending on which OS:

  • 在Linux中,如果可以找到它们的内核导出,则可以调用几乎所有系统调用(例如,执行cat /proc/kallsysms | grep sys_).通过设置数据段(KERNEL_DS),在大多数系统调用(接受用户模式*的系统调用)中,都有一个较小的技巧"可以解决保护问题.不完全建议这样做,但是如果您需要从内核(例如SELinux)访问文件,那肯定是有道理的.

  • In Linux, you can call almost all system calls if you can find their kernel export (do cat /proc/kallsysms | grep sys_ for an example). There is a minor "trick" to get around a protection in most syscalls (those which accept a user mode *), by setting the data segment (KERNEL_DS). It's not exactly recommended, but certainly makes sense if you need to access files from the kernel (e.g. SELinux).

在Windows中,内核中的大多数Nt *调用也可以作为Zw *调用使用-为以下命令执行"dumpbin/exports C:\ windows \ system32 \ ntoskrnl.exe | findstr Zw(或Nt)"一个例子.

In Windows, most of the Nt* calls in the kernel are also available as Zw* calls - do "dumpbin /exports C:\windows\system32\ntoskrnl.exe | findstr Zw (or Nt)" for an example.

在Mac OS X中,尽管有一些聪明的技巧可以解决,但从技术上讲,它是不允许的.

In Mac OS X, it technically shouldn't be allowed, though there are clever hacks to get around it.

即使系统调用确实是用户模式和内核之间的接口,但令人惊讶的是,在很多情况下,即使是具有生产价值的代码也可以这样做-但要仔细注意一些警告.

Even though system calls are indeed the interface between user mode and the kernel, there are surprisingly quite a few cases where even production-worthy code does so -- but through careful observance of caveats.

这篇关于我们可以在内核空间中调用系统调用吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-19 23:04