Windows/Linux用户态监控进程启动事件方法
1. windows wmi监控进程启动
from threading import Thread
from commone_windows import * import threading
import Queue
import time
import pythoncom
import os
import datetime
import hashlib
from peewee import *
import oss2
import gc
import win32api
import wmi DEBUG = True process_start_event_list = Queue.Queue(maxsize=)
procs = {}
# cache the md5 calculation
process_path_hash_cache_dict = {}
# cache the target's process startup event
process_target_event_cache_dict = Queue.Queue(maxsize=) ############################################################ wmi monitor ############################################################
############################################################ wmi monitor ############################################################
############################################################ wmi monitor ############################################################
def recordProcessCreationEvent(new_process, ParentProcessName):
global process_start_event_list
cmdlline = new_process.CommandLine
processId = new_process.ProcessId
name = new_process.Name
Caption = new_process.Caption
ExecutablePath = new_process.ExecutablePath
SessionId = new_process.SessionId
processOwner = new_process.GetOwner()
if processOwner:
processOwner_username = processOwner[]
processOwner_domainname = processOwner[]
processOwnerSid = new_process.GetOwnerSid() ParentProcessId = new_process.ParentProcessId
process_start_event_list.put(dict(
cmdlline=cmdlline,
processId=processId,
name=name,
Caption=Caption,
ExecutablePath=ExecutablePath,
SessionId=SessionId,
processOwner_username=processOwner_username,
processOwner_domainname=processOwner_domainname,
processOwnerSid=processOwnerSid,
ParentProcessId=ParentProcessId,
ParentProcessName=ParentProcessName
)) class processCreationMonitor(Thread):
def __init__(self):
Thread.__init__(self) def run(self):
if DEBUG:
print "processCreationMonitor run"
pythoncom.CoInitialize()
c = wmi.WMI()
process_creation_watcher = c.watch_for(
notification_type="Creation",
wmi_class="Win32_Process",
delay_secs=
)
while :
ParentProcessName = ''
try:
new_process = process_creation_watcher()
if new_process.ParentProcessId in procs:
#proc = procs[new_process.ParentProcessId]
ParentProcessName = procs[new_process.ParentProcessId]
procs[new_process.ProcessId] = new_process.Name # record the process info
recordProcessCreationEvent(new_process, ParentProcessName)
except Exception, e:
pass
time.sleep(0.1) class processDeletionMonitor(Thread):
def __init__(self):
Thread.__init__(self) def run(self):
pythoncom.CoInitialize()
c = wmi.WMI()
process_deletion_watcher = c.watch_for(
notification_type="Deletion",
wmi_class="Win32_Process",
delay_secs=
)
while :
p1 = process_deletion_watcher()
try:
del procs[p1.ProcessId]
except:
pass
time.sleep(0.1) def regProcess():
c = wmi.WMI()
for p in c.Win32_Process():
procs[p.ProcessId] = p.Name def process_monitor():
# get process list
regProcess()
if DEBUG:
print "regProcess ok: ", procs if DEBUG:
print 'process_monitor'
# start a new thread to monitor the event of processCreate
procCreMon = processCreationMonitor()
procCreMon.start() # start a new thread to monitor the event of processTerminal(in order to delete/update the current process dict list)
procDelMon = processDeletionMonitor()
procDelMon.start()
############################################################ wmi monitor ############################################################
############################################################ wmi monitor ############################################################
############################################################ wmi monitor ############################################################ ############################################################ target process event write into the oss ############################################################
############################################################ target process event write into the oss ############################################################
############################################################ target process event write into the oss ############################################################
def upload_event_to_oss(event):
result = '|*|'.join([
event['cmdlline'],
str(event['processId']),
event['name'],
event['Caption'],
event['ExecutablePath'],
str(event['SessionId']),
event['processOwner_username'],
event['processOwner_domainname'],
str(event['processOwnerSid']),
str(event['ParentProcessId']),
event['ParentProcessName'],
event['filehash']
])
print result def target_process_event_write_oss_func():
global process_target_event_cache_dict
while True:
if not process_target_event_cache_dict.empty():
event = process_target_event_cache_dict.get(, )
if event:
upload_event_to_oss(event)
time.sleep(0.1)
############################################################ target process event write into the oss ############################################################
############################################################ target process event write into the oss ############################################################
############################################################ target process event write into the oss ############################################################ def getProcessFileHash(ExecutablePath):
global process_path_hash_cache_dict
filehash = ''
# cache the ExecutablePath's filehash to speed the time
filepath_hash = getStringHashsum(ExecutablePath)
if filepath_hash not in process_path_hash_cache_dict.keys():
# not exist this filepath_hash, add it
filehash = getFileHashsum(ExecutablePath)
process_path_hash_cache_dict[filepath_hash] = filehash
else:
filehash = process_path_hash_cache_dict[filepath_hash] return filehash ######################################### process event handle thread, filter the target process's startup event #########################################
######################################### process event handle thread, filter the target process's startup event #########################################
######################################### process event handle thread, filter the target process's startup event #########################################
def process_event_handle():
process_event_handler = Thread(target=process_event_handle_func)
process_event_handler.start() def process_event_handle_func():
global process_start_event_list
while True:
if not process_start_event_list.empty():
event = process_start_event_list.get(, )
if event:
filter_target_process(event)
time.sleep(0.05) def filter_target_process(event):
global process_target_event_cache_dict
if not event['ExecutablePath']:
return
ExecutablePath = event['ExecutablePath'].encode('utf-8')
gmt_create, gmt_modified = '', ''
try:
gmt_create = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(os.stat(ExecutablePath).st_ctime))
gmt_modified = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(os.stat(ExecutablePath).st_mtime))
except Exception, e:
pass
# if get the file's time info faild, means that is a system core file
if gmt_create and gmt_modified:
filehash = getProcessFileHash(ExecutablePath)
event['filehash'] = filehash
process_target_event_cache_dict.put(event)
######################################### process event handle thread, filter the target process's startup event #########################################
######################################### process event handle thread, filter the target process's startup event #########################################
######################################### process event handle thread, filter the target process's startup event ######################################### if __name__ == '__main__':
# wmi process creation/deleetion event monitor thread
process_monitor() # process event handle thread, filter the target process's startup event
process_event_handle() # target process event write into the oss
target_process_event_write_oss_handler = Thread(target=target_process_event_write_oss_func)
target_process_event_write_oss_handler.start()
Relevant Link:
http://9806708.blog.51cto.com/9796708/1682200
http://timgolden.me.uk/python/wmi/tutorial.html
http://blog.sina.com.cn/s/blog_62c02a630100p0lm.html
2. linux netlink监控进程启动
Linux kernels since 2.6.15 contains a userspace <-> kernelspace connector built on netlink sockets.
This can be used by the kernel to broadcast internal information to userspace, like process events in our case. This exposes a possibility to know in near-realtime when a process starts, dies, forks, etc.
to do so, we need creates a netlink socket and tells the kernel to start broadcasting process events. Either you use this socket manually, or use the simple supplied callback loop.
0x1: 获取进程相关信息
linux的进程启动分为fork和exec两步过程,在fork的时候可以拿到父子进程的信息,但是这个时候子进程的相关信息(例如cmdline还没生成),等到exec的时候就可以拿到完整信息了
# -*- coding: utf- -*-
from commone import *
import socket
import os
import struct
import errno
from select import select ##################################################################### utils #####################################################################
class BaseStruct(object):
fields = () def _fill_struct(self, data):
for k,v in zip(self.fields, data):
setattr(self, k, v) class DictWrapper(dict):
def __getattr__(self, attr):
return self[attr]
##################################################################### utils ##################################################################### ##################################################################### netlink #####################################################################
NETLINK_CONNECTOR = NLMSG_NOOP = 0x1 # Nothing
NLMSG_ERROR = 0x2 # Error
NLMSG_DONE = 0x3 # End of a dump
NLMSG_OVERRUN = 0x4 # Data lost # struct nlmsghdr
# {
# __u32 nlmsg_len; /* Length of message including header */
# __u16 nlmsg_type; /* Message content */
# __u16 nlmsg_flags; /* Additional flags */
# __u32 nlmsg_seq; /* Sequence number */
# __u32 nlmsg_pid; /* Sending process port ID */
# }; nlmsghdr = struct.Struct("=I2H2I") def netlink_pack(_type, flags, msg):
"""
Put a netlink header on a message.
The msg parameter is assumed to be a pre-struct-packed data block.
We don't care about seq for now.
"""
_len = len(msg) + nlmsghdr.size
seq =
return nlmsghdr.pack(_len, _type, flags, seq, os.getpid()) + msg def unpack_hdr(data):
return DictWrapper(
zip(("len", "type", "flags", "seq", "pid"),
nlmsghdr.unpack(data[:nlmsghdr.size])))
##################################################################### netlink ##################################################################### ##################################################################### connector #####################################################################
CN_IDX_PROC = 0x1
CN_VAL_PROC = 0x1 # struct cb_id {
# __u32 idx;
# __u32 val;
# }; # struct cn_msg {
# struct cb_id id; # __u32 seq;
# __u32 ack; # __u16 len; /* Length of the following data */
# __u16 flags;
# __u8 data[];
# }; # The data member is left out of this declaration since it may be of
# varying length. This means that unpacking of a complete message will
# have to be incremental and done solely by the decoder of the
# innermost data (in my case pec_decode() in pec.py). cn_msg = struct.Struct("=4I2H") def pack_msg(cb_idx, cb_val, flags, data):
"""
Pack a cn_msg struct with the passed in data.
The data parameter is assumed to be a pre-struct-packed data block.
We don't care about seq or ack for now.
"""
seq = ack =
_len = len(data)
return cn_msg.pack(cb_idx, cb_val, seq, ack, _len, flags) + data def unpack_msg(data):
"""
Peel off netlink header and extract the message (including payload)
from data. This will return a DictWrapper object.
"""
data = data[:cn_msg.size] # Slice off trailing data
return DictWrapper(
zip(("cb_idx", "cb_val", "seq", "ack", "len", "flags"),
cn_msg.unpack(data)))
##################################################################### connector ##################################################################### ##################################################################### pec #####################################################################
PROC_CN_MCAST_LISTEN = 0x1
PROC_CN_MCAST_IGNORE = 0x2 PROC_EVENT_NONE = 0x00000000
PROC_EVENT_FORK = 0x00000001
PROC_EVENT_EXEC = 0x00000002
PROC_EVENT_UID = 0x00000004
PROC_EVENT_GID = 0x00000040
PROC_EVENT_SID = 0x00000080
PROC_EVENT_PTRACE = 0x00000100
PROC_EVENT_COMM = 0x00000200
PROC_EVENT_EXIT = 0x80000000 process_events = {"PROC_EVENT_NONE": PROC_EVENT_NONE,
"PROC_EVENT_FORK": PROC_EVENT_FORK,
"PROC_EVENT_EXEC": PROC_EVENT_EXEC,
"PROC_EVENT_UID": PROC_EVENT_UID,
"PROC_EVENT_GID": PROC_EVENT_GID,
"PROC_EVENT_SID": PROC_EVENT_SID,
"PROC_EVENT_PTRACE": PROC_EVENT_PTRACE,
"PROC_EVENT_COMM": PROC_EVENT_COMM,
"PROC_EVENT_EXIT": PROC_EVENT_EXIT} process_events_rev = dict(zip(process_events.values(),
process_events.keys())) base_proc_event = struct.Struct("=2IL") event_struct_map = {PROC_EVENT_NONE: struct.Struct("=I"),
PROC_EVENT_FORK: struct.Struct("=4I"),
PROC_EVENT_EXEC: struct.Struct("=2I"),
PROC_EVENT_UID: struct.Struct("=4I"),
PROC_EVENT_GID: struct.Struct("=4I"),
PROC_EVENT_SID: struct.Struct("=2I"),
PROC_EVENT_PTRACE: struct.Struct("=4I"),
PROC_EVENT_COMM: struct.Struct("=2I16s"),
PROC_EVENT_EXIT: struct.Struct("=4I")} process_list = [] def pec_bind(s):
"""
Bind a socket to the Process Event Connector.
This will pass on any socket.error exception raised. The most
common one will be EPERM since you need root privileges to
bind to the connector.
"""
s.bind((os.getpid(), CN_IDX_PROC)) def pec_control(s, listen=False):
"""
Notify PEC if we want event notifications on this socket or not.
"""
pec_ctrl_data = struct.Struct("=I")
if listen:
action = PROC_CN_MCAST_LISTEN
else:
action = PROC_CN_MCAST_IGNORE nl_msg = netlink_pack(
NLMSG_DONE, , pack_msg(
CN_IDX_PROC, CN_VAL_PROC, ,
pec_ctrl_data.pack(action)))
s.send(nl_msg) def pec_unpack(data):
"""
Peel off the wrapping layers from the data. This will return
a DictWrapper object.
"""
nl_hdr = unpack_hdr(data)
if nl_hdr.type != NLMSG_DONE:
# Ignore all other types of messages
return
# Slice off header data and trailing data (if any)
data = data[nlmsghdr.size:nl_hdr.len]
#msg = connector.unpack_msg(data)
# .. and away goes the connector_message, leaving just the payload
data = data[cn_msg.size:]
event = list(base_proc_event.unpack(data[:base_proc_event.size]))
ev_data_struct = event_struct_map.get(event[])
event_data = ev_data_struct.unpack(
data[base_proc_event.size:base_proc_event.size+ev_data_struct.size]) fields = ["what", "cpu", "timestamp_ns"]
if event[] == PROC_EVENT_NONE:
fields.append("err")
event[] = -
elif event[] == PROC_EVENT_FORK:
fields += ["parent_pid", "parent_tgid", "child_pid", "child_tgid"]
elif event[] == PROC_EVENT_EXEC:
fields += ["process_pid", "process_tgid"]
elif event[] == PROC_EVENT_UID:
fields += ["process_pid", "process_tgid", "ruid", "rgid"]
elif event[] == PROC_EVENT_GID:
fields += ["process_pid", "process_tgid", "euid", "egid"]
elif event[] == PROC_EVENT_SID:
fields += ["process_pid", "process_tgid"]
elif event[] == PROC_EVENT_PTRACE:
fields += ["process_pid", "process_tgid", "tracer_pid", "tracer_tgid"]
elif event[] == PROC_EVENT_COMM:
fields += ["process_pid", "process_tgid", "comm"]
elif event[] == PROC_EVENT_EXIT:
fields += ["process_pid", "process_tgid", "exit_code", "exit_signal"] return DictWrapper(zip(fields, tuple(event) + event_data)) def register_process(pid=None, process_name=None, events=(), action=None):
"""
Register a callback for processes of a specific name or
by pid. pec_loop() will call this callback for any processes
matching.
If no events is specified, all events related to
that pid will call the callback. The action can be any callable.
One argument will be passed to the callable, the PEC message,
as returned by pec_unpack().
"""
for x in events:
if x not in process_events:
raise Exception("No such process event: 0x%08x" % (int(x),))
process_list.append({'pid': pid,
'process_name': process_name,
'events': events}) def pec_loop(plist=process_list):
s = socket.socket(socket.AF_NETLINK,
socket.SOCK_DGRAM,
NETLINK_CONNECTOR) # Netlink sockets are connected with pid and message group mask,
# message groups are for multicast protocols (like our process event
# connector). try:
pec_bind(s)
except socket.error, (_errno, errmsg):
if _errno == errno.EPERM:
raise Exception("You don't have permission to bind to the "
"process event connector. Try sudo.") pec_control(s, listen=True) while True:
(readable, w, e) = select([s],[],[])
buf = readable[].recv()
event = pec_unpack(buf)
event["what"] = process_events_rev.get(event.what)
print event
##################################################################### pec ##################################################################### procInfo = {}
def filter_target_event(event):
pid_info, ppid_info = dict(), dict()
if event["what"] == 'PROC_EVENT_FORK':
pid = event["child_tgid"]
ppid = event["parent_tgid"]
procInfo[pid] = ppid
elif event["what"] == 'PROC_EVENT_EXEC':
pid = event["process_tgid"]
if pid in procInfo.keys():
ppid = procInfo[pid]
pid_info = get_target_processinfo_byid(pid)
if ppid:
ppid_info = get_target_processinfo_byid(ppid)
elif event["what"] == 'PROC_EVENT_EXIT':
pid = event["process_tgid"]
if pid in procInfo.keys():
del procInfo[pid] if pid_info and ppid_info:
filehash = getFileHashsum(pid_info['pexe'])
print dict(
cmdlline=pid_info['pcmdline'],
processId=pid_info['pid'],
name=pid_info['pname'],
Caption=pid_info['pexe'],
ExecutablePath=pid_info['pcmdline'],
SessionId=,
processOwner_username=pid_info['puid_name'],
processOwner_domainname=pid_info['pgid_name'],
processOwnerSid=pid_info['puid'],
ParentProcessId=ppid_info['pid'],
ParentProcessName=ppid_info['pname'],
ParentProcessCmdline=ppid_info['pcmdline'],
filehash=filehash
) def start():
# Create Netlink socket
s = socket.socket(socket.AF_NETLINK,
socket.SOCK_DGRAM,
NETLINK_CONNECTOR) # Netlink sockets are connected with pid and message group mask,
# message groups are for multicast protocols (like our process event
# connector). try:
s.bind((os.getpid(), CN_IDX_PROC))
except socket.error as (_errno, errmsg):
if _errno == errno.EPERM:
print ("You don't have permission to bind to the "
"process event connector. Try sudo.")
raise SystemExit()
raise pec_control(s, listen=True) while True:
(readable, w, e) = select([s], [], [])
buf = readable[].recv()
event = pec_unpack(buf)
event["what"] = process_events_rev.get(event.what)
filter_target_event(event) s.close() if __name__ == "__main__":
start()
0x2:C++版本监控进程启动代码
#include <sys/socket.h>
#include <linux/netlink.h>
#include <linux/connector.h>
#include <linux/cn_proc.h>
#include <signal.h>
#include <errno.h>
#include <stdbool.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h> /*
* connect to netlink
* returns netlink socket, or -1 on error
*/
static int nl_connect()
{
int rc;
int nl_sock;
struct sockaddr_nl sa_nl; nl_sock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR);
if (nl_sock == -) {
perror("socket");
return -;
} sa_nl.nl_family = AF_NETLINK;
sa_nl.nl_groups = CN_IDX_PROC;
sa_nl.nl_pid = getpid(); rc = bind(nl_sock, (struct sockaddr *)&sa_nl, sizeof(sa_nl));
if (rc == -) {
perror("bind");
close(nl_sock);
return -;
} return nl_sock;
} /*
* subscribe on proc events (process notifications)
*/
static int set_proc_ev_listen(int nl_sock, bool enable)
{
int rc;
struct __attribute__ ((aligned(NLMSG_ALIGNTO))) {
struct nlmsghdr nl_hdr;
struct __attribute__ ((__packed__)) {
struct cn_msg cn_msg;
enum proc_cn_mcast_op cn_mcast;
};
} nlcn_msg; memset(&nlcn_msg, , sizeof(nlcn_msg));
nlcn_msg.nl_hdr.nlmsg_len = sizeof(nlcn_msg);
nlcn_msg.nl_hdr.nlmsg_pid = getpid();
nlcn_msg.nl_hdr.nlmsg_type = NLMSG_DONE; nlcn_msg.cn_msg.id.idx = CN_IDX_PROC;
nlcn_msg.cn_msg.id.val = CN_VAL_PROC;
nlcn_msg.cn_msg.len = sizeof(enum proc_cn_mcast_op); nlcn_msg.cn_mcast = enable ? PROC_CN_MCAST_LISTEN : PROC_CN_MCAST_IGNORE; rc = send(nl_sock, &nlcn_msg, sizeof(nlcn_msg), );
if (rc == -) {
perror("netlink send");
return -;
} return ;
} /*
* handle a single process event
*/
static volatile bool need_exit = false;
static int handle_proc_ev(int nl_sock)
{
int rc;
struct __attribute__ ((aligned(NLMSG_ALIGNTO))) {
struct nlmsghdr nl_hdr;
struct __attribute__ ((__packed__)) {
struct cn_msg cn_msg;
struct proc_event proc_ev;
};
} nlcn_msg; while (!need_exit) {
rc = recv(nl_sock, &nlcn_msg, sizeof(nlcn_msg), );
if (rc == ) {
/* shutdown? */
return ;
} else if (rc == -) {
if (errno == EINTR) continue;
perror("netlink recv");
return -;
}
switch (nlcn_msg.proc_ev.what) {
case PROC_EVENT_NONE:
printf("set mcast listen ok\n");
break;
case PROC_EVENT_FORK:
printf("fork: parent tid=%d pid=%d -> child tid=%d pid=%d\n",
nlcn_msg.proc_ev.event_data.fork.parent_pid,
nlcn_msg.proc_ev.event_data.fork.parent_tgid,
nlcn_msg.proc_ev.event_data.fork.child_pid,
nlcn_msg.proc_ev.event_data.fork.child_tgid);
break;
case PROC_EVENT_EXEC:
printf("exec: tid=%d pid=%d\n",
nlcn_msg.proc_ev.event_data.exec.process_pid,
nlcn_msg.proc_ev.event_data.exec.process_tgid);
break;
case PROC_EVENT_UID:
printf("uid change: tid=%d pid=%d from %d to %d\n",
nlcn_msg.proc_ev.event_data.id.process_pid,
nlcn_msg.proc_ev.event_data.id.process_tgid,
nlcn_msg.proc_ev.event_data.id.r.ruid,
nlcn_msg.proc_ev.event_data.id.e.euid);
break;
case PROC_EVENT_GID:
printf("gid change: tid=%d pid=%d from %d to %d\n",
nlcn_msg.proc_ev.event_data.id.process_pid,
nlcn_msg.proc_ev.event_data.id.process_tgid,
nlcn_msg.proc_ev.event_data.id.r.rgid,
nlcn_msg.proc_ev.event_data.id.e.egid);
break;
case PROC_EVENT_EXIT:
printf("exit: tid=%d pid=%d exit_code=%d\n",
nlcn_msg.proc_ev.event_data.exit.process_pid,
nlcn_msg.proc_ev.event_data.exit.process_tgid,
nlcn_msg.proc_ev.event_data.exit.exit_code);
break;
default:
printf("unhandled proc event\n");
break;
}
} return ;
} static void on_sigint(int unused)
{
need_exit = true;
} int main(int argc, const char *argv[])
{
int nl_sock;
int rc = EXIT_SUCCESS; signal(SIGINT, &on_sigint);
siginterrupt(SIGINT, true); nl_sock = nl_connect();
if (nl_sock == -)
exit(EXIT_FAILURE); rc = set_proc_ev_listen(nl_sock, true);
if (rc == -) {
rc = EXIT_FAILURE;
goto out;
} rc = handle_proc_ev(nl_sock);
if (rc == -) {
rc = EXIT_FAILURE;
goto out;
} set_proc_ev_listen(nl_sock, false); out:
close(nl_sock);
exit(rc);
}
Relevant Link:
https://github.com/dbrandt/proc_events
https://gist.github.com/drdaeman/1488608
http://stackoverflow.com/questions/6075013/detect-launching-of-programs-on-linux-platform
https://outflux.net/blog/archives/2010/07/01/reporting-all-execs/
Windows/Linux用户态监控进程启动事件方法的更多相关文章
- 进程:linux用户态-内核态
用户态:Ring3运行于用户态的代码则要受到处理器的诸多检查,它们只能访问映射其地址空间的页表项中规定的在用户态下可访问页面的虚拟地址,且只能对任务状态段(TSS)中I/O许可位图(I/O Permi ...
- Linux用户态驱动设计
聊聊Linux用户态驱动设计 序言 设备驱动可以运行在内核态,也可以运行在用户态,用户态驱动的利弊网上有很多的讨论,而且有些还上升到政治性上,这里不再多做讨论.不管用户态驱动还是内核态驱动,他们都 ...
- [中英对照]User-Space Device Drivers in Linux: A First Look | 初识Linux用户态设备驱动程序
如对Linux用户态驱动程序开发有兴趣,请阅读本文,否则请飘过. User-Space Device Drivers in Linux: A First Look | 初识Linux用户态设备驱动程序 ...
- Linux 用户态与内核态的交互【转载】
Linux 用户态与内核态的交互 在 Linux 2.4 版以后版本的内核中,几乎全部的中断过程与用户态进程的通信都是使用 netlink 套接字实现的,例如iprote2网络管理工具,它与内核的交 ...
- linux用户态和内核态通信之netlink机制【转】
本文转载自:http://blog.csdn.net/zcabcd123/article/details/8272360 这是一篇学习笔记,主要是对<Linux 系统内核空间与用户空间通信的实现 ...
- Linux用户态和内核态
究竟什么是用户态,什么是内核态,这两个基本概念以前一直理解得不是很清楚,根本原因个人觉得是在于因为大部分时候我们在写程序时关注的重点和着眼的角度放在了实现的功能和代码的逻辑性上,先看一个例子: 1)例 ...
- linux 用户态 内核态
http://blog.chinaunix.net/uid-1829236-id-3182279.html 究竟什么是用户态,什么是内核态,这两个基本概念以前一直理解得不是很清楚,根本原因个人觉得是在 ...
- 【转载】 Linux用户态和内核态
[说明]转载自 http://my.oschina.net/liubin/blog/27795 究竟什么是用户态,什么是内核态,这两个基本概念以前一直理解得不是很清楚,根本原因个人觉得是在于因为大部分 ...
- Linux用户态与内核态通信的几种方式
本文首发于我的公众号 Linux云计算网络(id: cloud_dev),专注于干货分享,号内有 10T 书籍和视频资源,后台回复「1024」即可领取,欢迎大家关注,二维码文末可以扫. Linux 用 ...
随机推荐
- .net core Include问题
本文章为原创文章,转载请注明出处 当时不知道为什么这样写,可能是突然间脑子停止了转动,既然犯过这样的错误,就记录下来吧 错误示例 ).Include(a=>a.User).Select(a =& ...
- luogu P1353 【[USACO08JAN]跑步Running】
USACO!!! 唉!无一例外又是母牛(终于知道美国的牧场养什么了) 今天的主人公是一个叫贝茜的公主病母牛(好洋气) 可是她叫什么和我们理解题好像没有什么关系 通过读题我们可以发现她有三个傲娇的地方 ...
- Python小练习
1.计算x的n次方 2.计算x的阶乘 3.计算1x1 + 2x2 + 3x3 ...+ NxN之和 def fun(n): s=0 while n > 0: s = s + n*n n = n ...
- Codeforces963C Cutting Rectangle 【数学】
错了一个小地方调了一晚上.... 题目大意: 给出最多2E+5种不同的矩形,每种有它的长h和宽v还有数量d,现在你要构造大矩形,使得在上面沿着平行于长或宽的边划刀,切出来的矩形正好是给出的所有矩形.问 ...
- 解决 phpstorm 运行卡,自动关闭等问题
解决 phpstorm 自动关闭问题: 使用文件搜索工具(可在本博客搜索“管理工具”,或查找安装目录) 找到phpstorm.vmoptions文件,使用记事本打开. 添加以下两行代码: -Dawt. ...
- notepad++设置(不断更新)
1.主题设置 主题名称:Obsidian 字体字号:Courier New 10 设置方法: 设置---语言格式设置---选择主题,同时勾选“使用全局字体”“使用全局字体大小 补充一点: 修改两处地方 ...
- UVA 11149-Power of Matrix(等比矩阵求和)
给定一个矩阵A 要求A + A^2 + A^3 +…. A^k: 对于到n的等比矩阵求和 如果n是偶数: 如果n是奇数: #include<stdio.h> #include<s ...
- centos7安装Jenkins更改默认端口并配置Ldap服务器进行用户认证
应用环境:Jenkins是一个开源软件项目,是基于Java开发的一种持续集成工具,用于监控持续重复的工作. Jenkins官网:https://jenkins.io/ 测试环境:一台Centos ...
- 第二届强网杯wp
web web签到 利用了md5碰撞 payload为 param1 =%4d%c9%68%ff%0e%e3%5c%20%95%72%d4%77%7b%72%15%87%d3%6f%a7%b2%1b% ...
- 初入react-redux (基于webpack babel的react应用框架)
react这么热门的框架也不介绍了,redux是一个单项数据流的小框架,当然不只配合react,它起初是为react而配的,现在面向所有了,比如ng-redux的项目.redux做为react的标准搭 ...