我试图通过自制程序捕获由给定PID调用的所有系统调用(我不能使用任何strace,dtruss,gdb ......)。所以我使用了功能
kern_return_t task_set_emulation(task_t target_port, vm_address_t routine_entry_pt, int routine_number)中声明了/usr/include/mach/task.h
我写了一个小程序来捕捉系统调用write:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <mach/mach.h>
#include <mach/mach_vm.h>
void do_exit(char *msg)
{
printf("Error::%s\n", msg);
exit(42);
}
int main(void)
{
mach_port_t the_task;
mach_vm_address_t address;
mach_vm_size_t size;
mach_port_t the_thread;
kern_return_t kerr;
//Initialisation
address = 0;
size = 1ul * 1024;
the_task = mach_task_self(); //Get the current program task
kerr = mach_vm_allocate(the_task, &address, size, VM_MEMORY_MALLOC); //Allocate a new address for the test
if (kerr != KERN_SUCCESS)
{ do_exit("vm_allocate"); }
printf("address::%llx, size::%llu\n", address, size); //debug
//Process
kerr = task_set_emulation(the_task, address, SYS_write); //About to catch write syscalls
the_thread = mach_thread_self(); //Verify if a thread is opened (even if it's obvious)
printf("kerr::%d, thread::%d\n", kerr, the_thread); //debug
if (kerr != KERN_SUCCESS)
{ do_exit("set_emulation"); }
//Use some writes for the example
write(1, "Bonjour\n", 8);
write(1, "Bonjour\n", 8);
}
输出是:
address::0x106abe000, size::1024
kerr::46, thread::1295
Error::set_emulation
内核错误46对应于描述为&#34;空线程激活(没有链接到它的线程)的宏KERN_NOT_SUPPORTED&#34;在/usr/include/mach/kern_return.h中,甚至在我打电话给write之前就已经发生了
我的问题是:在这个过程中我做错了什么? Kern_not_supported是否意味着它尚未实现,而不是无意义的线程问题?
答案 0 :(得分:1)
XNU中task_set_emulation的源代码是:
kern_return_t
task_set_emulation(
__unused task_t task,
__unused vm_offset_t routine_entry_pt,
__unused int routine_number)
{
return KERN_NOT_SUPPORTED;
}
这意味着不支持task_set_emulation。