我编写了一段代码来生成系统调用
void open_test(int fd, const char *filepath) {
if (fd == -1) {
printf("Open \"%s\" Failed!\n", filepath);
} else {
printf("Successfully Open \"%s\"!\n", filepath);
write(fd, "successfully open!", sizeof("successfully open!") - 1);
close(fd);
}
fflush(stdout);
}
int main(int argc, char const *argv[]) {
const char fp1[] = "whatever.txt", fp2[] = "./not-exist.txt";
int fd1 = open(fp1, O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU);
int fd2 = open(fp2, O_WRONLY | O_TRUNC, S_IRWXU);
open_test(fd1, fp1);
open_test(fd2, fp2);
return 0;
}
和另一个程序(详细信息省略)来捕获系统调用,但后来我发现了所有open()
结果调用的是 sys_openat 而不是 sys_open。
以下文本是程序的输出:
Detect system call open, %rax is 257, Addr is 0x00007fefef78aec8, Pathname is /etc/ld.so.cache
Detect system call open, %rax is 257, Addr is 0x00007fefef78aec8, Pathname is /etc/ld.so.cache
Detect system call open, %rax is 257, Addr is 0x00007fefef993dd0, Pathname is /lib/x86_64-linux-gnu/libc.so.6
Detect system call open, %rax is 257, Addr is 0x00007fefef993dd0, Pathname is /lib/x86_64-linux-gnu/libc.so.6
Detect system call open, %rax is 257, Addr is 0x00007fffd44e38e3, Pathname is whatever.txt
Detect system call open, %rax is 257, Addr is 0x00007fffd44e38e3, Pathname is whatever.txt
Detect system call open, %rax is 257, Addr is 0x00007fffd44e38f0, Pathname is ./not-exist.txt
Detect system call open, %rax is 257, Addr is 0x00007fffd44e38f0, Pathname is ./not-exist.txt
Successfully Open "whatever.txt"!
Open "./not-exist.txt" Failed!
这里 rax=257 表示调用了 sys_openat(对于 sys_open,rax=2)