Configurable system call tracer in QEMU emulator

Автор: Ivanov A.V., Dovgaluk P.M., Makarov V.A.

Журнал: Труды Института системного программирования РАН @trudy-isp-ran

Статья в выпуске: 3 т.30, 2018 года.

Бесплатный доступ

Sometimes programmers face the task of analyzing the work of a compiled program. To do this, there are many different tools for debugging and tracing written programs. One of these tools is the analysis of the application through system calls. With a detailed study of the mechanism of system calls, you can find a lot of nuances that you have to deal with when developing a program analyzer using system calls. This paper discusses the implementation of a tracer that allows you to analyze programs based on system calls. In addition, the paper describes the problems that I had to face in its design and development. Now there are a lot of different operating systems and for each operating system must be developed its own approach to implementing the debugger. The same problem arises with the architecture of the processor, under which the operating system is running. For each architecture, the analyzer must change its behavior and adjust to it. As a solution to this problem, the paper proposes to describe the operating system model, which we analyze. The model description is a configuration file that can be changed depending on the needs of the operating systems. When a system call is detected the plugin collects the information downloaded from the configuration file. In a configuration file, arguments are expressions, so we need to implement a parser that needs to recognize input expressions and calculate their values. After calculating the values of all expressions, the tracer formalizes the collected data and outputs it to the log file.

Еще

Qemu, configurable system calls, debugging, plugin, system calls, tracing

Короткий адрес: https://sciup.org/14916554

IDR: 14916554   |   DOI: 10.15514/ISPRAS-2018-30(3)-7

Список литературы Configurable system call tracer in QEMU emulator

  • F. Bellard. QEMU, a fast and portable dynamic translator. In Proceedings of the Annual Conference on USENIX Annual Technical Conference, 2005.
  • Vasiliev I.A., Fursova N.I., Dovgaluk P.M., Klimushenkova M.A., Makarov V.A. Modules for instrumenting the executable code in QEMU. Problemy informacionnoj bezopasnosti. Komp'juternye sistemy , no. 4, 2015, pp. 195-203.
  • GNU Bison (https://www.gnu.org/software/bison/)
  • Nitro (http://nitro.pfoh.net/index.html)
  • Panda. Plugin: syscalls2. (https://github.com/panda-re/panda/blob/master/panda/plugins/syscalls2/USAGE.md)
Статья научная