实现一个sys_printf的系统调用:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| unsigned long sys_printf(struct pt_regs *regs) {
color_printk(BLACK, WHITE, (char*)regs->rdi);
return 1;
}
unsigned long no_system_call(struct pt_regs *regs) {
color_printk(RED, BLACK, "no_system_call is called, NR: %#04x\n", regs->rax);
return -1;
}
system_call_t system_call_table[MAX_SYSTEM_CALL_NR] = {
[0] = no_system_call,
[1] = sys_printf,
[2 ... MAX_SYSTEM_CALL_NR-1] = no_system_call
};
|
sys_printf的系统调用向量号是1,内部封装了函数color_printk函数,并借助RDI寄存器(参数regs的rdi成员变量)向color_printk传递打印的字符串。
1
2
3
4
5
6
7
8
9
10
11
12
13
| void user_level_function() {
long ret = 0;
char msg[] = "Hello World!\n";
__asm__ __volatile__("leaq sysexit_return_address(%%rip), %%rdx \n\t"
"movq %%rsp, %%rcx \n\t"
"sysenter \n\t"
"sysexit_return_address: \n\t"
: "=a"(ret)
: "0"(1), "D"(msg)
: "memory");
while (1)
;
}
|
将字符串的起始地址保存到rdi寄存器中,然后执行系统调用。
运行结果:
