binary rewriting (cont'd)
binary rewriting (cont'd)
syscall jmp 0xdeadbeef
syscall 0f 05
jmp 0xdeafbeef e9 de ad be af
mov sysno %rax; syscall
callq ${addr of handler}
11
Slide 13
Slide 13 text
summary of existing syscall hooks
summary of existing syscall hooks
12
Slide 14
Slide 14 text
%rax
zpoline
zpoline
syscall callq *%rax
13
Slide 15
Slide 15 text
zpoline: how it works
zpoline: how it works
callq *%rax
syscall
nop
nop
callq *%rax
%rax
$ echo 0 > "/proc/sys/vm/mmap_min_addr"
14
Slide 16
Slide 16 text
zpoline: how it behaves
zpoline: how it behaves
15
Slide 17
Slide 17 text
zpoline how it behaves (cont'd)
zpoline how it behaves (cont'd)
16
Slide 18
Slide 18 text
zpoline: benefits
zpoline: benefits
17
Slide 19
Slide 19 text
There ain't no such things as a free lunch
There ain't no such things as a free lunch.
.
18
Slide 20
Slide 20 text
pitfalls of syscall hooks
pitfalls of syscall hooks
19
Slide 21
Slide 21 text
handling two universes in partial hooks
handling two universes in partial hooks
int hooked_select(pollfds[], nfds_t, int) {
int host_fd = host_poll();
int user_fd = user_poll();
return (merge {host,user}_fd)
}
20
Slide 22
Slide 22 text
Summary
Summary
21
Slide 23
Slide 23 text
Backups
Backups
22
Slide 24
Slide 24 text
How zpoline is started ?
How zpoline is started ?
syscall callq *%rax
main()
23