On Tue, Dec 1, 2009 at 4:34 AM, Michael Snyder <msnyder@vmware.com> wrote:
Not a black box -- but not a detailed implementation either.
Each system call has a specification -- that's all we need to
understand. The specification tells what user-visible external
side effects can be expected (eg. this buffer will be filled).
Changes that are internal to the kernel do not concern us.
Thanks. I understand your concern. Does Linux kernel provide such an
official specification? If so, could you throw me a hint on where to
get it? Since we have all of the side effects, recording the system
calls are feasible and trustable.
Sean, this stuff is already implemented and working.
Why don't you have a look at the existing code in
linux-record.c? It sounds like you're more than qualified
to understand it. If you find something that's not working
correctly, please let us know! ;-)
I am reading the source and the archive of the mailing list. Do you
have other systematic documents on this technique? Life becomes better
with your help. Thanks. :)