The Kernel and You
- kernel janitors
- driver modules
- sendto, recvfrom
- brk, sbrk
what files is it opening? (system call: read)
what log file is it writing to? (also use lsof) (system call: write)
what is it sending over the network? (system calls: sendto and recvfrom)
when is it opening a network connection? (system call: socket)
Brendan Gregg's strace WoW Much Syscall
strace -e open google-chrome
proc for fun and profit
- a process information pseudo-file system
- doesn't contain "real" files but runtime system information
- can be used to find recover deleted files and programs deleted during execution, and many other interesting tricks!
- how often are different caches being used?
- how many CPU cycles did your program use?
- how much time was spent in each function?
baby's first module
#include // included for all kernel modules
#include // included for KERN_INFO
#include // included for __init and __exit macros
static int __init hello_init(void)
printk(KERN_INFO "WOW I AM A KERNEL HACKERl!!!\n");
return 0; // Non-zero return means that the module couldn't be loaded.
static void __exit hello_cleanup(void)
printk(KERN_INFO "I am dead.\n");