Difference between revisions of "Remote syscall execution"

From CRIU
Jump to navigation Jump to search
(Created page describing 'exec' command.)
 
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This page describes how the <code>exec</code> command in crtools works.
+
{{Note|The exec action is in [[deprecation]] list and has been removed in [[Download/criu/3.0|3.0]]. [[Compel]] is the new way of doing tricks described below}}
  
 
== Description ==
 
== Description ==
Line 10: Line 10:
  
 
<pre>
 
<pre>
crtools exec -t <pid> <syscall-name> <syscall-arguments>
+
criu exec -t <pid> <syscall-name> <syscall-arguments>
 
</pre>
 
</pre>
  
Line 18: Line 18:
  
 
* If an argument starts with '&', the rest of it is copied to the target task's address space (it's allocated by remotely calling the <code>mmap</code> syscall) and the pointer to this area is passed as the system call argument
 
* If an argument starts with '&', the rest of it is copied to the target task's address space (it's allocated by remotely calling the <code>mmap</code> syscall) and the pointer to this area is passed as the system call argument
 +
 +
* If an argument starts with '@', the rest of it is considered to be a size of a memory buffer, pointer to which is passed into a syscall and which contents is printed on the screen after the syscall returns. Note, that before pushing the argument into the syscall, the memory is ''not'' initialized.
  
 
* Otherwise, the argument is converted into an <code>unsigned long</code> number with <code>strtol</code> and passed to system call directly
 
* Otherwise, the argument is converted into an <code>unsigned long</code> number with <code>strtol</code> and passed to system call directly
Line 33: Line 35:
  
 
<pre>
 
<pre>
# crtools exec -t <pid> close 1
+
# criu exec -t <pid> close 1
# crtools exec -t <pid> open '&<path-to-file>' 2
+
# criu exec -t <pid> open '&<path-to-file>' 2
 
</pre>
 
</pre>
  
Line 44: Line 46:
  
 
<pre>
 
<pre>
# crtools exec -t <pid> madvise <start> <lenght> <madvise-bits-value>
+
# criu exec -t <pid> madvise <start> <lenght> <madvise-bits-value>
 
</pre>
 
</pre>
 +
 +
[[Category:API]]
 +
[[Category:Deprecated]]

Latest revision as of 13:07, 13 July 2017

Note.svg Note: The exec action is in deprecation list and has been removed in 3.0. Compel is the new way of doing tricks described below

Description[edit]

The exec command executes arbitrary system call from another task's context. It does so by exploiting the parasite code execution feature, which is also used to dump various process' information.

Syntax[edit]

The command syntax is

criu exec -t <pid> <syscall-name> <syscall-arguments>

The syscall-name is just a name of a system call. Since typically each syscall is wrapped with the respective glibc function, you can find out information about the interesting system call in the respective man page.

The rest of the command line is treated as syscall-arguments. Each command line argument in this list is converted into the system call argument by the following rules:

  • If an argument starts with '&', the rest of it is copied to the target task's address space (it's allocated by remotely calling the mmap syscall) and the pointer to this area is passed as the system call argument
  • If an argument starts with '@', the rest of it is considered to be a size of a memory buffer, pointer to which is passed into a syscall and which contents is printed on the screen after the syscall returns. Note, that before pushing the argument into the syscall, the memory is not initialized.
  • Otherwise, the argument is converted into an unsigned long number with strtol and passed to system call directly
  • Not specified arguments (if required by system call) are set to 0

In order to execute a system call for remote task, you don't have to be root -- you should only have rights to do debugging (strace) on it. If you want to make task perform some action, that consists of several syscalls, you should first stop it with SIG_STOP.

Examples[edit]

Re-opening stdout[edit]

You can close the 1st fd from a task and re-open it into some other file like this

# criu exec -t <pid> close 1
# criu exec -t <pid> open '&<path-to-file>' 2

In the 2nd string 2 means the O_RDWR opening mode.

Adding madvise-s to a mapping[edit]

You can tune the task's address space with madvise bits like this

# criu exec -t <pid> madvise <start> <lenght> <madvise-bits-value>