Windows/Linux用户态监控进程启动事件方法
1. windows wmi监控进程启动
from threading import Thread
from commone_windows import * import threading
import Queue
import time
import pythoncom
import os
import datetime
import hashlib
from peewee import *
import oss2
import gc
import win32api
import wmi DEBUG = True process_start_event_list = Queue.Queue(maxsize=)
procs = {}
# cache the md5 calculation
process_path_hash_cache_dict = {}
# cache the target's process startup event
process_target_event_cache_dict = Queue.Queue(maxsize=) ############################################################ wmi monitor ############################################################
############################################################ wmi monitor ############################################################
############################################################ wmi monitor ############################################################
def recordProcessCreationEvent(new_process, ParentProcessName):
global process_start_event_list
cmdlline = new_process.CommandLine
processId = new_process.ProcessId
name = new_process.Name
Caption = new_process.Caption
ExecutablePath = new_process.ExecutablePath
SessionId = new_process.SessionId
processOwner = new_process.GetOwner()
if processOwner:
processOwner_username = processOwner[]
processOwner_domainname = processOwner[]
processOwnerSid = new_process.GetOwnerSid() ParentProcessId = new_process.ParentProcessId
process_start_event_list.put(dict(
cmdlline=cmdlline,
processId=processId,
name=name,
Caption=Caption,
ExecutablePath=ExecutablePath,
SessionId=SessionId,
processOwner_username=processOwner_username,
processOwner_domainname=processOwner_domainname,
processOwnerSid=processOwnerSid,
ParentProcessId=ParentProcessId,
ParentProcessName=ParentProcessName
)) class processCreationMonitor(Thread):
def __init__(self):
Thread.__init__(self) def run(self):
if DEBUG:
print "processCreationMonitor run"
pythoncom.CoInitialize()
c = wmi.WMI()
process_creation_watcher = c.watch_for(
notification_type="Creation",
wmi_class="Win32_Process",
delay_secs=
)
while :
ParentProcessName = ''
try:
new_process = process_creation_watcher()
if new_process.ParentProcessId in procs:
#proc = procs[new_process.ParentProcessId]
ParentProcessName = procs[new_process.ParentProcessId]
procs[new_process.ProcessId] = new_process.Name # record the process info
recordProcessCreationEvent(new_process, ParentProcessName)
except Exception, e:
pass
time.sleep(0.1) class processDeletionMonitor(Thread):
def __init__(self):
Thread.__init__(self) def run(self):
pythoncom.CoInitialize()
c = wmi.WMI()
process_deletion_watcher = c.watch_for(
notification_type="Deletion",
wmi_class="Win32_Process",
delay_secs=
)
while :
p1 = process_deletion_watcher()
try:
del procs[p1.ProcessId]
except:
pass
time.sleep(0.1) def regProcess():
c = wmi.WMI()
for p in c.Win32_Process():
procs[p.ProcessId] = p.Name def process_monitor():
# get process list
regProcess()
if DEBUG:
print "regProcess ok: ", procs if DEBUG:
print 'process_monitor'
# start a new thread to monitor the event of processCreate
procCreMon = processCreationMonitor()
procCreMon.start() # start a new thread to monitor the event of processTerminal(in order to delete/update the current process dict list)
procDelMon = processDeletionMonitor()
procDelMon.start()
############################################################ wmi monitor ############################################################
############################################################ wmi monitor ############################################################
############################################################ wmi monitor ############################################################ ############################################################ target process event write into the oss ############################################################
############################################################ target process event write into the oss ############################################################
############################################################ target process event write into the oss ############################################################
def upload_event_to_oss(event):
result = '|*|'.join([
event['cmdlline'],
str(event['processId']),
event['name'],
event['Caption'],
event['ExecutablePath'],
str(event['SessionId']),
event['processOwner_username'],
event['processOwner_domainname'],
str(event['processOwnerSid']),
str(event['ParentProcessId']),
event['ParentProcessName'],
event['filehash']
])
print result def target_process_event_write_oss_func():
global process_target_event_cache_dict
while True:
if not process_target_event_cache_dict.empty():
event = process_target_event_cache_dict.get(, )
if event:
upload_event_to_oss(event)
time.sleep(0.1)
############################################################ target process event write into the oss ############################################################
############################################################ target process event write into the oss ############################################################
############################################################ target process event write into the oss ############################################################ def getProcessFileHash(ExecutablePath):
global process_path_hash_cache_dict
filehash = ''
# cache the ExecutablePath's filehash to speed the time
filepath_hash = getStringHashsum(ExecutablePath)
if filepath_hash not in process_path_hash_cache_dict.keys():
# not exist this filepath_hash, add it
filehash = getFileHashsum(ExecutablePath)
process_path_hash_cache_dict[filepath_hash] = filehash
else:
filehash = process_path_hash_cache_dict[filepath_hash] return filehash ######################################### process event handle thread, filter the target process's startup event #########################################
######################################### process event handle thread, filter the target process's startup event #########################################
######################################### process event handle thread, filter the target process's startup event #########################################
def process_event_handle():
process_event_handler = Thread(target=process_event_handle_func)
process_event_handler.start() def process_event_handle_func():
global process_start_event_list
while True:
if not process_start_event_list.empty():
event = process_start_event_list.get(, )
if event:
filter_target_process(event)
time.sleep(0.05) def filter_target_process(event):
global process_target_event_cache_dict
if not event['ExecutablePath']:
return
ExecutablePath = event['ExecutablePath'].encode('utf-8')
gmt_create, gmt_modified = '', ''
try:
gmt_create = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(os.stat(ExecutablePath).st_ctime))
gmt_modified = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(os.stat(ExecutablePath).st_mtime))
except Exception, e:
pass
# if get the file's time info faild, means that is a system core file
if gmt_create and gmt_modified:
filehash = getProcessFileHash(ExecutablePath)
event['filehash'] = filehash
process_target_event_cache_dict.put(event)
######################################### process event handle thread, filter the target process's startup event #########################################
######################################### process event handle thread, filter the target process's startup event #########################################
######################################### process event handle thread, filter the target process's startup event ######################################### if __name__ == '__main__':
# wmi process creation/deleetion event monitor thread
process_monitor() # process event handle thread, filter the target process's startup event
process_event_handle() # target process event write into the oss
target_process_event_write_oss_handler = Thread(target=target_process_event_write_oss_func)
target_process_event_write_oss_handler.start()
Relevant Link:
http://9806708.blog.51cto.com/9796708/1682200
http://timgolden.me.uk/python/wmi/tutorial.html
http://blog.sina.com.cn/s/blog_62c02a630100p0lm.html
2. linux netlink监控进程启动
Linux kernels since 2.6.15 contains a userspace <-> kernelspace connector built on netlink sockets.
This can be used by the kernel to broadcast internal information to userspace, like process events in our case. This exposes a possibility to know in near-realtime when a process starts, dies, forks, etc.
to do so, we need creates a netlink socket and tells the kernel to start broadcasting process events. Either you use this socket manually, or use the simple supplied callback loop.
0x1: 获取进程相关信息
linux的进程启动分为fork和exec两步过程,在fork的时候可以拿到父子进程的信息,但是这个时候子进程的相关信息(例如cmdline还没生成),等到exec的时候就可以拿到完整信息了
# -*- coding: utf- -*-
from commone import *
import socket
import os
import struct
import errno
from select import select ##################################################################### utils #####################################################################
class BaseStruct(object):
fields = () def _fill_struct(self, data):
for k,v in zip(self.fields, data):
setattr(self, k, v) class DictWrapper(dict):
def __getattr__(self, attr):
return self[attr]
##################################################################### utils ##################################################################### ##################################################################### netlink #####################################################################
NETLINK_CONNECTOR = NLMSG_NOOP = 0x1 # Nothing
NLMSG_ERROR = 0x2 # Error
NLMSG_DONE = 0x3 # End of a dump
NLMSG_OVERRUN = 0x4 # Data lost # struct nlmsghdr
# {
# __u32 nlmsg_len; /* Length of message including header */
# __u16 nlmsg_type; /* Message content */
# __u16 nlmsg_flags; /* Additional flags */
# __u32 nlmsg_seq; /* Sequence number */
# __u32 nlmsg_pid; /* Sending process port ID */
# }; nlmsghdr = struct.Struct("=I2H2I") def netlink_pack(_type, flags, msg):
"""
Put a netlink header on a message.
The msg parameter is assumed to be a pre-struct-packed data block.
We don't care about seq for now.
"""
_len = len(msg) + nlmsghdr.size
seq =
return nlmsghdr.pack(_len, _type, flags, seq, os.getpid()) + msg def unpack_hdr(data):
return DictWrapper(
zip(("len", "type", "flags", "seq", "pid"),
nlmsghdr.unpack(data[:nlmsghdr.size])))
##################################################################### netlink ##################################################################### ##################################################################### connector #####################################################################
CN_IDX_PROC = 0x1
CN_VAL_PROC = 0x1 # struct cb_id {
# __u32 idx;
# __u32 val;
# }; # struct cn_msg {
# struct cb_id id; # __u32 seq;
# __u32 ack; # __u16 len; /* Length of the following data */
# __u16 flags;
# __u8 data[];
# }; # The data member is left out of this declaration since it may be of
# varying length. This means that unpacking of a complete message will
# have to be incremental and done solely by the decoder of the
# innermost data (in my case pec_decode() in pec.py). cn_msg = struct.Struct("=4I2H") def pack_msg(cb_idx, cb_val, flags, data):
"""
Pack a cn_msg struct with the passed in data.
The data parameter is assumed to be a pre-struct-packed data block.
We don't care about seq or ack for now.
"""
seq = ack =
_len = len(data)
return cn_msg.pack(cb_idx, cb_val, seq, ack, _len, flags) + data def unpack_msg(data):
"""
Peel off netlink header and extract the message (including payload)
from data. This will return a DictWrapper object.
"""
data = data[:cn_msg.size] # Slice off trailing data
return DictWrapper(
zip(("cb_idx", "cb_val", "seq", "ack", "len", "flags"),
cn_msg.unpack(data)))
##################################################################### connector ##################################################################### ##################################################################### pec #####################################################################
PROC_CN_MCAST_LISTEN = 0x1
PROC_CN_MCAST_IGNORE = 0x2 PROC_EVENT_NONE = 0x00000000
PROC_EVENT_FORK = 0x00000001
PROC_EVENT_EXEC = 0x00000002
PROC_EVENT_UID = 0x00000004
PROC_EVENT_GID = 0x00000040
PROC_EVENT_SID = 0x00000080
PROC_EVENT_PTRACE = 0x00000100
PROC_EVENT_COMM = 0x00000200
PROC_EVENT_EXIT = 0x80000000 process_events = {"PROC_EVENT_NONE": PROC_EVENT_NONE,
"PROC_EVENT_FORK": PROC_EVENT_FORK,
"PROC_EVENT_EXEC": PROC_EVENT_EXEC,
"PROC_EVENT_UID": PROC_EVENT_UID,
"PROC_EVENT_GID": PROC_EVENT_GID,
"PROC_EVENT_SID": PROC_EVENT_SID,
"PROC_EVENT_PTRACE": PROC_EVENT_PTRACE,
"PROC_EVENT_COMM": PROC_EVENT_COMM,
"PROC_EVENT_EXIT": PROC_EVENT_EXIT} process_events_rev = dict(zip(process_events.values(),
process_events.keys())) base_proc_event = struct.Struct("=2IL") event_struct_map = {PROC_EVENT_NONE: struct.Struct("=I"),
PROC_EVENT_FORK: struct.Struct("=4I"),
PROC_EVENT_EXEC: struct.Struct("=2I"),
PROC_EVENT_UID: struct.Struct("=4I"),
PROC_EVENT_GID: struct.Struct("=4I"),
PROC_EVENT_SID: struct.Struct("=2I"),
PROC_EVENT_PTRACE: struct.Struct("=4I"),
PROC_EVENT_COMM: struct.Struct("=2I16s"),
PROC_EVENT_EXIT: struct.Struct("=4I")} process_list = [] def pec_bind(s):
"""
Bind a socket to the Process Event Connector.
This will pass on any socket.error exception raised. The most
common one will be EPERM since you need root privileges to
bind to the connector.
"""
s.bind((os.getpid(), CN_IDX_PROC)) def pec_control(s, listen=False):
"""
Notify PEC if we want event notifications on this socket or not.
"""
pec_ctrl_data = struct.Struct("=I")
if listen:
action = PROC_CN_MCAST_LISTEN
else:
action = PROC_CN_MCAST_IGNORE nl_msg = netlink_pack(
NLMSG_DONE, , pack_msg(
CN_IDX_PROC, CN_VAL_PROC, ,
pec_ctrl_data.pack(action)))
s.send(nl_msg) def pec_unpack(data):
"""
Peel off the wrapping layers from the data. This will return
a DictWrapper object.
"""
nl_hdr = unpack_hdr(data)
if nl_hdr.type != NLMSG_DONE:
# Ignore all other types of messages
return
# Slice off header data and trailing data (if any)
data = data[nlmsghdr.size:nl_hdr.len]
#msg = connector.unpack_msg(data)
# .. and away goes the connector_message, leaving just the payload
data = data[cn_msg.size:]
event = list(base_proc_event.unpack(data[:base_proc_event.size]))
ev_data_struct = event_struct_map.get(event[])
event_data = ev_data_struct.unpack(
data[base_proc_event.size:base_proc_event.size+ev_data_struct.size]) fields = ["what", "cpu", "timestamp_ns"]
if event[] == PROC_EVENT_NONE:
fields.append("err")
event[] = -
elif event[] == PROC_EVENT_FORK:
fields += ["parent_pid", "parent_tgid", "child_pid", "child_tgid"]
elif event[] == PROC_EVENT_EXEC:
fields += ["process_pid", "process_tgid"]
elif event[] == PROC_EVENT_UID:
fields += ["process_pid", "process_tgid", "ruid", "rgid"]
elif event[] == PROC_EVENT_GID:
fields += ["process_pid", "process_tgid", "euid", "egid"]
elif event[] == PROC_EVENT_SID:
fields += ["process_pid", "process_tgid"]
elif event[] == PROC_EVENT_PTRACE:
fields += ["process_pid", "process_tgid", "tracer_pid", "tracer_tgid"]
elif event[] == PROC_EVENT_COMM:
fields += ["process_pid", "process_tgid", "comm"]
elif event[] == PROC_EVENT_EXIT:
fields += ["process_pid", "process_tgid", "exit_code", "exit_signal"] return DictWrapper(zip(fields, tuple(event) + event_data)) def register_process(pid=None, process_name=None, events=(), action=None):
"""
Register a callback for processes of a specific name or
by pid. pec_loop() will call this callback for any processes
matching.
If no events is specified, all events related to
that pid will call the callback. The action can be any callable.
One argument will be passed to the callable, the PEC message,
as returned by pec_unpack().
"""
for x in events:
if x not in process_events:
raise Exception("No such process event: 0x%08x" % (int(x),))
process_list.append({'pid': pid,
'process_name': process_name,
'events': events}) def pec_loop(plist=process_list):
s = socket.socket(socket.AF_NETLINK,
socket.SOCK_DGRAM,
NETLINK_CONNECTOR) # Netlink sockets are connected with pid and message group mask,
# message groups are for multicast protocols (like our process event
# connector). try:
pec_bind(s)
except socket.error, (_errno, errmsg):
if _errno == errno.EPERM:
raise Exception("You don't have permission to bind to the "
"process event connector. Try sudo.") pec_control(s, listen=True) while True:
(readable, w, e) = select([s],[],[])
buf = readable[].recv()
event = pec_unpack(buf)
event["what"] = process_events_rev.get(event.what)
print event
##################################################################### pec ##################################################################### procInfo = {}
def filter_target_event(event):
pid_info, ppid_info = dict(), dict()
if event["what"] == 'PROC_EVENT_FORK':
pid = event["child_tgid"]
ppid = event["parent_tgid"]
procInfo[pid] = ppid
elif event["what"] == 'PROC_EVENT_EXEC':
pid = event["process_tgid"]
if pid in procInfo.keys():
ppid = procInfo[pid]
pid_info = get_target_processinfo_byid(pid)
if ppid:
ppid_info = get_target_processinfo_byid(ppid)
elif event["what"] == 'PROC_EVENT_EXIT':
pid = event["process_tgid"]
if pid in procInfo.keys():
del procInfo[pid] if pid_info and ppid_info:
filehash = getFileHashsum(pid_info['pexe'])
print dict(
cmdlline=pid_info['pcmdline'],
processId=pid_info['pid'],
name=pid_info['pname'],
Caption=pid_info['pexe'],
ExecutablePath=pid_info['pcmdline'],
SessionId=,
processOwner_username=pid_info['puid_name'],
processOwner_domainname=pid_info['pgid_name'],
processOwnerSid=pid_info['puid'],
ParentProcessId=ppid_info['pid'],
ParentProcessName=ppid_info['pname'],
ParentProcessCmdline=ppid_info['pcmdline'],
filehash=filehash
) def start():
# Create Netlink socket
s = socket.socket(socket.AF_NETLINK,
socket.SOCK_DGRAM,
NETLINK_CONNECTOR) # Netlink sockets are connected with pid and message group mask,
# message groups are for multicast protocols (like our process event
# connector). try:
s.bind((os.getpid(), CN_IDX_PROC))
except socket.error as (_errno, errmsg):
if _errno == errno.EPERM:
print ("You don't have permission to bind to the "
"process event connector. Try sudo.")
raise SystemExit()
raise pec_control(s, listen=True) while True:
(readable, w, e) = select([s], [], [])
buf = readable[].recv()
event = pec_unpack(buf)
event["what"] = process_events_rev.get(event.what)
filter_target_event(event) s.close() if __name__ == "__main__":
start()
0x2:C++版本监控进程启动代码
#include <sys/socket.h>
#include <linux/netlink.h>
#include <linux/connector.h>
#include <linux/cn_proc.h>
#include <signal.h>
#include <errno.h>
#include <stdbool.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h> /*
* connect to netlink
* returns netlink socket, or -1 on error
*/
static int nl_connect()
{
int rc;
int nl_sock;
struct sockaddr_nl sa_nl; nl_sock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR);
if (nl_sock == -) {
perror("socket");
return -;
} sa_nl.nl_family = AF_NETLINK;
sa_nl.nl_groups = CN_IDX_PROC;
sa_nl.nl_pid = getpid(); rc = bind(nl_sock, (struct sockaddr *)&sa_nl, sizeof(sa_nl));
if (rc == -) {
perror("bind");
close(nl_sock);
return -;
} return nl_sock;
} /*
* subscribe on proc events (process notifications)
*/
static int set_proc_ev_listen(int nl_sock, bool enable)
{
int rc;
struct __attribute__ ((aligned(NLMSG_ALIGNTO))) {
struct nlmsghdr nl_hdr;
struct __attribute__ ((__packed__)) {
struct cn_msg cn_msg;
enum proc_cn_mcast_op cn_mcast;
};
} nlcn_msg; memset(&nlcn_msg, , sizeof(nlcn_msg));
nlcn_msg.nl_hdr.nlmsg_len = sizeof(nlcn_msg);
nlcn_msg.nl_hdr.nlmsg_pid = getpid();
nlcn_msg.nl_hdr.nlmsg_type = NLMSG_DONE; nlcn_msg.cn_msg.id.idx = CN_IDX_PROC;
nlcn_msg.cn_msg.id.val = CN_VAL_PROC;
nlcn_msg.cn_msg.len = sizeof(enum proc_cn_mcast_op); nlcn_msg.cn_mcast = enable ? PROC_CN_MCAST_LISTEN : PROC_CN_MCAST_IGNORE; rc = send(nl_sock, &nlcn_msg, sizeof(nlcn_msg), );
if (rc == -) {
perror("netlink send");
return -;
} return ;
} /*
* handle a single process event
*/
static volatile bool need_exit = false;
static int handle_proc_ev(int nl_sock)
{
int rc;
struct __attribute__ ((aligned(NLMSG_ALIGNTO))) {
struct nlmsghdr nl_hdr;
struct __attribute__ ((__packed__)) {
struct cn_msg cn_msg;
struct proc_event proc_ev;
};
} nlcn_msg; while (!need_exit) {
rc = recv(nl_sock, &nlcn_msg, sizeof(nlcn_msg), );
if (rc == ) {
/* shutdown? */
return ;
} else if (rc == -) {
if (errno == EINTR) continue;
perror("netlink recv");
return -;
}
switch (nlcn_msg.proc_ev.what) {
case PROC_EVENT_NONE:
printf("set mcast listen ok\n");
break;
case PROC_EVENT_FORK:
printf("fork: parent tid=%d pid=%d -> child tid=%d pid=%d\n",
nlcn_msg.proc_ev.event_data.fork.parent_pid,
nlcn_msg.proc_ev.event_data.fork.parent_tgid,
nlcn_msg.proc_ev.event_data.fork.child_pid,
nlcn_msg.proc_ev.event_data.fork.child_tgid);
break;
case PROC_EVENT_EXEC:
printf("exec: tid=%d pid=%d\n",
nlcn_msg.proc_ev.event_data.exec.process_pid,
nlcn_msg.proc_ev.event_data.exec.process_tgid);
break;
case PROC_EVENT_UID:
printf("uid change: tid=%d pid=%d from %d to %d\n",
nlcn_msg.proc_ev.event_data.id.process_pid,
nlcn_msg.proc_ev.event_data.id.process_tgid,
nlcn_msg.proc_ev.event_data.id.r.ruid,
nlcn_msg.proc_ev.event_data.id.e.euid);
break;
case PROC_EVENT_GID:
printf("gid change: tid=%d pid=%d from %d to %d\n",
nlcn_msg.proc_ev.event_data.id.process_pid,
nlcn_msg.proc_ev.event_data.id.process_tgid,
nlcn_msg.proc_ev.event_data.id.r.rgid,
nlcn_msg.proc_ev.event_data.id.e.egid);
break;
case PROC_EVENT_EXIT:
printf("exit: tid=%d pid=%d exit_code=%d\n",
nlcn_msg.proc_ev.event_data.exit.process_pid,
nlcn_msg.proc_ev.event_data.exit.process_tgid,
nlcn_msg.proc_ev.event_data.exit.exit_code);
break;
default:
printf("unhandled proc event\n");
break;
}
} return ;
} static void on_sigint(int unused)
{
need_exit = true;
} int main(int argc, const char *argv[])
{
int nl_sock;
int rc = EXIT_SUCCESS; signal(SIGINT, &on_sigint);
siginterrupt(SIGINT, true); nl_sock = nl_connect();
if (nl_sock == -)
exit(EXIT_FAILURE); rc = set_proc_ev_listen(nl_sock, true);
if (rc == -) {
rc = EXIT_FAILURE;
goto out;
} rc = handle_proc_ev(nl_sock);
if (rc == -) {
rc = EXIT_FAILURE;
goto out;
} set_proc_ev_listen(nl_sock, false); out:
close(nl_sock);
exit(rc);
}
Relevant Link:
https://github.com/dbrandt/proc_events
https://gist.github.com/drdaeman/1488608
http://stackoverflow.com/questions/6075013/detect-launching-of-programs-on-linux-platform
https://outflux.net/blog/archives/2010/07/01/reporting-all-execs/
Windows/Linux用户态监控进程启动事件方法的更多相关文章
- 进程:linux用户态-内核态
用户态:Ring3运行于用户态的代码则要受到处理器的诸多检查,它们只能访问映射其地址空间的页表项中规定的在用户态下可访问页面的虚拟地址,且只能对任务状态段(TSS)中I/O许可位图(I/O Permi ...
- Linux用户态驱动设计
聊聊Linux用户态驱动设计 序言 设备驱动可以运行在内核态,也可以运行在用户态,用户态驱动的利弊网上有很多的讨论,而且有些还上升到政治性上,这里不再多做讨论.不管用户态驱动还是内核态驱动,他们都 ...
- [中英对照]User-Space Device Drivers in Linux: A First Look | 初识Linux用户态设备驱动程序
如对Linux用户态驱动程序开发有兴趣,请阅读本文,否则请飘过. User-Space Device Drivers in Linux: A First Look | 初识Linux用户态设备驱动程序 ...
- Linux 用户态与内核态的交互【转载】
Linux 用户态与内核态的交互 在 Linux 2.4 版以后版本的内核中,几乎全部的中断过程与用户态进程的通信都是使用 netlink 套接字实现的,例如iprote2网络管理工具,它与内核的交 ...
- linux用户态和内核态通信之netlink机制【转】
本文转载自:http://blog.csdn.net/zcabcd123/article/details/8272360 这是一篇学习笔记,主要是对<Linux 系统内核空间与用户空间通信的实现 ...
- Linux用户态和内核态
究竟什么是用户态,什么是内核态,这两个基本概念以前一直理解得不是很清楚,根本原因个人觉得是在于因为大部分时候我们在写程序时关注的重点和着眼的角度放在了实现的功能和代码的逻辑性上,先看一个例子: 1)例 ...
- linux 用户态 内核态
http://blog.chinaunix.net/uid-1829236-id-3182279.html 究竟什么是用户态,什么是内核态,这两个基本概念以前一直理解得不是很清楚,根本原因个人觉得是在 ...
- 【转载】 Linux用户态和内核态
[说明]转载自 http://my.oschina.net/liubin/blog/27795 究竟什么是用户态,什么是内核态,这两个基本概念以前一直理解得不是很清楚,根本原因个人觉得是在于因为大部分 ...
- Linux用户态与内核态通信的几种方式
本文首发于我的公众号 Linux云计算网络(id: cloud_dev),专注于干货分享,号内有 10T 书籍和视频资源,后台回复「1024」即可领取,欢迎大家关注,二维码文末可以扫. Linux 用 ...
随机推荐
- Civil 3D 二次开发 名称模板不能正常工作
using Autodesk.AECC.Interop.Land; using Autodesk.AECC.Interop.UiLand; using Autodesk.AutoCAD.Applica ...
- CentOS 部署.net core 2.0 项目
上传项目到服务器 安装Nginx(反向代理服务器),配置文件 https://www.cnblogs.com/xiaonangua/p/9176137.html 安装supervisor https: ...
- luogu P1816 【忠诚】
话说许多dalao都采取线段树A题可本蒟蒻不会啊, 暴力的我想出了暴力解法(快排) #include<cstdio> #include<algorithm> using nam ...
- BZOJ4712洪水——动态DP+树链剖分+线段树
题目描述 小A走到一个山脚下,准备给自己造一个小屋.这时候,小A的朋友(op,又叫管理员)打开了创造模式,然后飞到 山顶放了格水.于是小A面前出现了一个瀑布.作为平民的小A只好老实巴交地爬山堵水.那么 ...
- Redis 5种数据结构
转载:https://baijiahao.baidu.com/s?id=1593806211408070879&wfr=spider&for=pc Redis数据类型 Redis支持五 ...
- HDOJ 5666//快速积,推公式
题目:http://acm.hdu.edu.cn/showproblem.php?pid=5666 题意:给一条直线x+y=q,在(0,0)往x+y=q上面的整数点连线,x+y=q与x,y轴截成的三角 ...
- 【BZOJ5332】[SDOI2018]旧试题(数论,三元环计数)
[BZOJ5332][SDOI2018]旧试题(数论,三元环计数) 题面 BZOJ 洛谷 题解 如果只有一个\(\sum\),那么我们可以枚举每个答案的出现次数. 首先约数个数这个东西很不爽,就搞一搞 ...
- iptables(1)
iptables配置文件:/etc/sysconfig/iptables 确认开启路由转发功能方法1:/sbin/sysctl -w net.ipv4.ip_forward=1方法2:echo 1 & ...
- Jmeter工具之上传图片,上传音频文件接口
https://www.jianshu.com/p/f23f7fe20bf3 互联网时代的来临,不同手机上安装的APP,还是PC端的应用软件或多或多都会涉及到图片的上传,那么在Jmeter工具如何模拟 ...
- CodeForces - 589D(暴力+模拟)
题目链接:http://codeforces.com/problemset/problem/589/D 题目大意:给出n个人行走的开始时刻,开始时间和结束时间,求每个人分别能跟多少人相遇打招呼(每两人 ...