libsystrap
libsystrap copied to clipboard
stephenrkell
Monitor, rewrite and/or otherwise trap system calls... on Linux/x86{,-64} only, for now.
I was trying to build libsystrap as part of liballocs. I installed all the packages per liballocs README. However, I got some build errors, so I'm trying to isolate them...
We effectlvely take a snapshot of the kernel's page, which is wrong when the data might change. We need to divert references to our copy so that they point (cross-DSO)...
Currently we assume that the `new_stack` passed to `clone()` is ours to mess with. However, it's conceivable that the `clone()` site has pre-populated the stack with stuff that will be...
Since we don't want to catch sigreturns, this is serendipitous in a way. But it's a problem that they sneak through the 'real' vDSO rather than our fake one. Not...
This is a known problem. I have seen this work successfully, but it is not reliable because the compiler doesn't know what we're doing. Once the stack is zapped, any...
I haven't tested it but am pretty sure programs using ```sigaltstack``` will screw with one or more things.
At the moment, applications with their own SIGILL handler are a problem. We can support this by chaining the handler, so that a SIGILL that isn't ours can be passed...
Our xed-based decode is especially slow, but even with the libx86emulate one, it takes too long to trap a whole segment of a large library like glibc. With xed, the...
Our bootstrapping approach means that we (should) have our own handlers for ```mmap()``` and friends, in addition to the client's possible instrumentation of those calls. So a single ```replaced_syscalls``` array...
Instead of trapping all syscalls, some binary analysis can reveal (to the non-paranoid) that a given syscall site only ever makes a given syscall. If we're not interested in instrumenting...
Metadata
Owner
Metadata
Monitor, rewrite and/or otherwise trap system calls... on Linux/x86{,-64} only, for now.