摘要
针对当前方法无法对系统调用参数和返回值等信息进行捕获和分析的问题,在Nitro的基础上建立了一个实时监视客户机内系统调用的系统.该系统通过修改硬件规范和指令重写,实现对快速系统调用进入和退出指令的捕捉和分析.之后,结合VCPU的上下文信息和系统调用的语义模板解析各参数;捕获到系统调用退出指令后,则根据VCPU寄存器信息解析返回值.实验证明,与同类捕获系统调用的方法相比,该系统可以实时捕获客户机内的系统调用序列,解析得到完整的系统调用信息,包括系统调用名、系统调用号、参数和返回值.该系统还能区分不同进程产生的系统调用,并在宿主机中引入了不超过15%的性能开销.
For the problem that current methods unable to capture and analyze the system call parameters and return values,a system for real-time monitoring of system calls in the guest was established based on Nitro.The system capture and analyze fast system call entry and exit instructions by modifying hardware specifications and rewriting instructions.After capturing the system call entry instruction,the parameters are parsed according to the context information of the VCPU and the semantic template of the system call;after the system call exit instruction is captured,the return value is parsed according to the VCPU register information.Compared with the similar capture system call method,experiments show that the system can capture the system call sequence in the guest in real time,and obtain complete system call information including system call name,system call number,parameters,and return value.The system can also distinguish between system calls generated by different processes and brings no more than 15% performance overhead to the host.
作者
宁强
崔超远
李勇钢
NING Qiang;CUI Chao-Yuan;LI Yong-Gang(Institute of Intelligent Machines,Hefei Institutes of Physical Science,Chinese Academy of Sciences,Hefei 230031,China;University of Science and Technology of China,Hefei 230026,China)
出处
《计算机系统应用》
2019年第3期73-79,共7页
Computer Systems & Applications
