strace如何读取系统调用sys_open的文件名?

本文介绍了strace如何读取系统调用sys_open的文件名?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在编写一个使用Ptrace并执行以下操作的程序:

I am writing a program which uses Ptrace and does the following:

它读取当前的eax并检查系统调用是否为sys_open.
如果是，那么我需要知道传递的参数是什么.

It reads the current eax and checks if the system call is sys_open.
If it is then i need to know what are the arguments that are passed.

所以eax = 5表示这是一个开放系统调用
我从此问题得知ebx拥有文件位置的地址.但是如何知道文件名的长度，以便可以读取该位置的内容?
我遇到了以下相同的问题
问题1
问题2 (该问题仅属于我！)
但是我仍然没有解决我的问题的方法.:(因为两个答案都不清楚.当我尝试Question-1中的方法时，我仍然遇到细分错误.
您可以在此处
查看我的代码所以现在我真的很想知道strace如何如此精美地提取这些值:(

So eax = 5 implies it is a open system call
I came to know ebx has the address of the file location from this QuestionBut how do I knows the length of the file name so I can read the contents in that location?
I came across the following questions which address the same
Question 1
Question 2 (This one is mine only!)
But I still didn't get a solution to my problem. :( as both the answers were not clear.I am still getting a segmentation fault when I try the approach in the Question-1
You can check my code here
So Now I really was wondering how does strace extract these values so beautifully :(

推荐答案

如您所知， sys_open()不会接收文件名的大小作为参数.但是，该标准说文字字符串必须以 \ 0 字符结尾.这是个好消息，因为现在我们可以对字符串的字符进行一个简单的循环，当我们找到一个 \ 0 (NULL)字符时，我们知道已经到达了结尾.

As you know, sys_open() doesn't receive the size of the filename as parameter. However, the standard says that a literal string must end with a \0 character. This is good news, because now we can do a simple loop iterating over the characters of the string, and when we find a \0 (NULL) character we know we've reached the end of it.

这是标准过程，即 strlen()做到这一点，以及 strace 做到了！

That's the standard procedure, that's how strlen() does it, and also how strace does it!

C 示例:

#include <stdio.h>

int main()
{
    const char* filename = "/etc/somefile";

    int fname_length = 0;
    for (int i = 0; filename[i] != '\0'; i++)
    {
        fname_length++;
    }

    printf("Found %d chars in: %s\n", fname_length, filename);

    return 0;
}

回到手头的任务，您必须访问文件名的地址，并执行我刚刚描述的过程.这是您必须要做的，没有其他办法.

Back to your task at hand, you must access the address of filename and perform the procedure I just described. This is something you will have to do, and there's no other way.

这篇关于strace如何读取系统调用sys_open的文件名?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！