Advanced and improved absolute paths decoding
Dmitry V. Levin
ldv at altlinux.org
Mon Mar 3 12:56:12 UTC 2014
On Mon, Mar 03, 2014 at 10:52:48AM +0530, Zubin Mithra wrote:
> >> I believe that the first step would be to document and note down the system
> >> calls that belong to one or more of the above categories and their system
> >> call numbers, and if the -yy flag is used, check the tcp->scno against
> >> these numbers and act accordingly.
> >>
> >> Is there something I'm missing? I'd love any kind of feedback!
> >
> > You probably don't need to care about tcp->scno to implement -yy mode.
>
> Just a little something I'd like to clarify -- did you mean I should
> use tcp->s_ent->sys_name instead? Just to make sure I'm not terribly
> misunderstanding something. :)
The way how strace decodes each syscall is, shortly speaking, this:
1. take a syscall number (tcp->scno);
2. filter out those syscalls that should not be decoded;
3. call the handler assigned for the syscall (tcp->s_ent->sys_func).
At the point of syscall decoding where absolute paths decoding should
be implemented, the syscall handler is already called, so neither
tcp->scno nor tcp->s_ent->sys_func is required for decoding.
Only when you are changing syscall filtering algorithms you may need
to know scno/sys_func in advance.
Just have a look at the code. :)
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20140303/00f1a738/attachment.bin>
More information about the Strace-devel
mailing list