This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: Find out the system calls statically?
- From: "Carlos O'Donell" <carlos at systemhalted dot org>
- To: "River Wang" <jwangzju at gmail dot com>
- Cc: libc-help at sourceware dot org
- Date: Tue, 19 Aug 2008 09:13:40 -0400
- Subject: Re: Find out the system calls statically?
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=OeO/UbrvX0Z3ven5CihRXNDs9AXggcj0ydsdOVixiZw=; b=EvTi1znz0qJy01Sng7PjRqrjOtmH3ja/XKeIz7JqhA24gWea2Zrm38hvF7kZfsg+s7 OqU0bYQa3i7dgPfYgok6uG2y0n6xsKFjq2FgNMKfxWRHO3jWadWovj2l/Ff/X2lV3FCd /fV39SjnvppdVZDbShDj/H7lfZJdN/mtcmy7k=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=Tfch4u+NIN9ea0c5rLcfdXja0Wl5XUCO0Sgao5Ib6o7q5mTmbcbbj4HGf0eQUC6uy8 hXiQHDS1DcBLkRjD4FtwFpOJZ7rG0bsbQrGAF6fU1jnpWWHcOVojjPc3vCoKE68BaXxf U7ySs2pXWClgS3xOyclVD1+gzjBll9dOixkos=
- References: <77e29ea90808161023t5ef376afla1597488e58f8cae@mail.gmail.com>
On Sat, Aug 16, 2008 at 1:23 PM, River Wang <jwangzju@gmail.com> wrote:
> I want to find all the system calls that will be called by a program.
> Is there any tools to get it? I think normally a program just calls a
> function call and the glibc actually calls the system call. How can I
> find all the system calls in glibc? I know there are some dynamic
> tools like strace, but I need to use static analysis tools because
> they are more complete.
As far as I know there are no static trace tools.
You can never know which syscalls will be made statically, since the
user program may call *any* syscall using the syscall function.
The best you could do is this:
1. Build pattern matchers against syscall stubs from sysdeps.h
2. Run analyzer to look for syscall instruction patterns *and* syscall
function call
3. Decode instructions to determine the syscall made *or* make a note
that syscall was called and therefore any syscall could have been
made.
This is going to be target dependent, and not 100% reliable.
> Another question, how can I debug glibc? I want to trace into some
> function calls like fopen to see how it use actual system calls. My
> distro is CentOS5, but I cannot find the package for debug info of
> glibc.
You need a glibc build with debugging information included. Your
distribution must provide this.
Cheers,
Carlos.