Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
benefits and drawbacks of syscall hooks/netdev0...
Search
Hajime Tazaki
July 19, 2024
Technology
0
220
benefits and drawbacks of syscall hooks/netdev0x18-zpoline
https://netdevconf.info/0x18/sessions/talk/benefits-and-drawbacks-of-syscall-hooks.html
Hajime Tazaki
July 19, 2024
Tweet
Share
More Decks by Hajime Tazaki
See All by Hajime Tazaki
kernel offload with complete host kernel functionalities/netdev0x17-kernel-offload
thehajime
0
200
ライブラリOSを利用したコンテナランタイムの設計と実装/stairlab-seminar-23-ukontainer
thehajime
0
160
How to Design a Library OS for Practical Containers?/vee21-ukontainer
thehajime
0
700
containerd port to darwin - Toward Running Linux containers on macOS/fosdem21-darwin-containerd-ctr-devroom
thehajime
0
1.5k
Linux Container with Alternate Linux Kernel (Library)/container-runtime-meetup-202008-lkl
thehajime
2
1.8k
Linux Kernel Library - A Library Version of Linux Kernel/lkl-fosdem2020-uk-devroom
thehajime
0
1.1k
Is reimplementation of network stack a good idea or not? - Linux netdev 0x13 #netdevconf /linux-netdev-0x13-lkl
thehajime
1
320
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
thehajime
0
2.1k
Network stack personality in Android phone - netdev 2.2
thehajime
0
1.2k
Other Decks in Technology
See All in Technology
【2025 Japan AWS Jr. Champions Ignition】点から線、線から面へ〜僕たちが起こすコラボレーション・ムーブメント〜
amixedcolor
1
110
【CEDEC2025】LLMを活用したゲーム開発支援と、生成AIの利活用を進める組織的な取り組み
cygames
PRO
1
2k
株式会社島津製作所_研究開発(集団協業と知的生産)の現場を支える、OSS知識基盤システムの導入
akahane92
1
1.3k
増え続ける脆弱性に立ち向かう: 事前対策と優先度づけによる 持続可能な脆弱性管理 / Confronting the Rise of Vulnerabilities: Sustainable Management Through Proactive Measures and Prioritization
nttcom
1
230
公開初日に個人環境で試した Gemini CLI 体験記など / Gemini CLI実験レポート
you
PRO
3
1.2k
【CEDEC2025】現場を理解して実現!ゲーム開発を効率化するWebサービスの開発と、利用促進のための継続的な改善
cygames
PRO
0
530
[TechNight #91] Oracle Database 最新パフォーマンス分析手法
oracle4engineer
PRO
4
300
Gemini in Android Studio - Google I/O Bangkok '25
akexorcist
0
100
CSPヘッダー導入で実現するWebサイトの多層防御:今すぐ試せる設定例と運用知見
llamakko
1
280
データエンジニアがクラシルでやりたいことの現在地
gappy50
3
780
OpenTelemetry の Log を使いこなそう
biwashi
5
1.2k
TypeScript 上達の道
ysknsid25
23
5k
Featured
See All Featured
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.3k
Unsuck your backbone
ammeep
671
58k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.6k
BBQ
matthewcrist
89
9.8k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
530
Adopting Sorbet at Scale
ufuk
77
9.5k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.4k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Transcript
benefits and drawbacks of syscall benefits and drawbacks of syscall
hooks hooks 1
introduction introduction 2
what is syscall and why syscall hook ? what is
syscall and why syscall hook ? 3
recap: how syscall works ? recap: how syscall works ?
4
change the behavior of syscall ? change the behavior of
syscall ? 5
change the behavior of syscall ? change the behavior of
syscall ? 5
variants variants 6
ptrace ptrace 7
SUD (syscall user dispatch) SUD (syscall user dispatch) 8
LD_PRELOAD LD_PRELOAD 9
binary rewriting binary rewriting syscall/sysenter 10
binary rewriting (cont'd) binary rewriting (cont'd) syscall jmp 0xdeadbeef syscall
0f 05 jmp 0xdeafbeef e9 de ad be af mov sysno %rax; syscall callq ${addr of handler} 11
summary of existing syscall hooks summary of existing syscall hooks
12
%rax zpoline zpoline syscall callq *%rax 13
zpoline: how it works zpoline: how it works callq *%rax
syscall nop nop callq *%rax %rax $ echo 0 > "/proc/sys/vm/mmap_min_addr" 14
zpoline: how it behaves zpoline: how it behaves 15
zpoline how it behaves (cont'd) zpoline how it behaves (cont'd)
16
zpoline: benefits zpoline: benefits 17
There ain't no such things as a free lunch There
ain't no such things as a free lunch. . 18
pitfalls of syscall hooks pitfalls of syscall hooks 19
handling two universes in partial hooks handling two universes in
partial hooks int hooked_select(pollfds[], nfds_t, int) { int host_fd = host_poll(); int user_fd = user_poll(); return (merge {host,user}_fd) } 20
Summary Summary 21
Backups Backups 22
How zpoline is started ? How zpoline is started ?
syscall callq *%rax main() 23
libc replacement libc replacement 24
platform support platform support 25
null access termination null access termination mprotect(2) 26
References References 27