Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Snoop interprocess communications

Tags:

interprocess

Has anyone tried to create a log file of interprocess communications? Could someone give me a little advice on the best way to achieve this?

like image 314
Patrick Avatar asked Nov 06 '10 12:11

Patrick


People also ask

What is IPC$ used for?

The IPC$ share is also known as a null session connection. By using this session, Windows lets anonymous users perform certain activities, such as enumerating the names of domain accounts and network shares. The IPC$ share is created by the Windows Server service.

What is meant by interprocess communication?

Interprocess communication (IPC) is a set of programming interfaces that allow a programmer to coordinate activities among different program processes that can run concurrently in an operating system.

What is an IPC client?

IPC is a client/server system. A server process offers service to others by opening a socket and exposing one or more Java interfaces that remote callers can invoke. User server code must indicate the port number and an instance of an object that will receive remote calls. (

What are the four types of mechanisms involved inter process communication explain?

Different ways of IPC are pipe, message passing, message queue, shared memory, direct communication, indirect communication and FIFO.


3 Answers

The question is not quite clear, and comments make it less clear, but anyway...

The two things to try first are ipcs and strace -e trace=ipc.

like image 110
horsh Avatar answered Oct 19 '22 17:10

horsh


If you want to log all IPC(seems very intensive), you should consider instrumentation.

Their are a lot of good tools for this, check out PIN in perticular, this section of the manual;

In this example, we show how to do more selective instrumentation by examining the instructions. This tool generates a trace of all memory addresses referenced by a program. This is also useful for debugging and for simulating a data cache in a processor.

If your doing some heavy weight tuning and analysis, check out TAU (Tuning and analysis utilitiy).

like image 27
RandomNickName42 Avatar answered Oct 19 '22 16:10

RandomNickName42


Communication to a kernel driver can take many forms. There is usually a special device file for communication, or there can be a special socket type, like NETLINK. If you are lucky, there's a character device to which read() and write() are the sole means of interaction - if that's the case then those calls are easy to intercept with a variety of methods. If you are unlucky, many things are done with ioctls or something even more difficult.

However, running 'strace' on the program using the kernel driver to communicate can reveal just about all it does - though 'ltrace' might be more readable if there happens to be libraries the program uses for communication. By tuning the arguments to 'strace', you can probably get a dump which contains just the information you need:

  • First, just eyeball the calls and try to figure out the means of kernel communication
  • Then, add filters to strace call to log only the kernel communication calls
  • Finally, make sure strace logs the full strings of all calls, so you don't have to deal with truncated data

The answers which point to IPC debugging probably are not relevant, as communicating with the kernel almost never has anything to do with IPC (atleast not the different UNIX IPC facilities).

like image 20
Nakedible Avatar answered Oct 19 '22 17:10

Nakedible