DOCSLIB.ORG

Advancing Mac OS X Rootkit Detecron

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Advancing Mac OS X Rootkit Detecron Advancing Mac OS X Rootkit Detec4on Andrew Case (@attrc) Volatility Foundation Golden G. Richard III (@nolaforensix) University of New Orleans 2 hot research areas State of Affairs more established Live Forensics and Tradional Storage Memory Analysis Forensics Digital Forensics Reverse Engineering Incident Response Increasingly encompasses all the others Copyright 2015 by Andrew Case and Golden G. Richard III 3 Where’s the Evidence? Files and Filesystem Applica4on Windows Deleted Files metadata metadata registry Print spool Hibernaon Temp files Log files files files Browser Network Slack space Swap files caches traces RAM: OS and app data Volale Evidence structures Copyright 2015 by Andrew Case and Golden G. Richard III 4 Volale Evidence 1 011 01 1 0 1 111 0 11 0 1 0 1 0 10 0 1 0 1 1 1 0 0 1 0 1 1 0 0 1 Copyright 2015 by Andrew Case and Golden G. Richard III 5 Awesomeness Progression: File Carving Can carve Chaos: files, but More can't Faster Almost not very accurate Hurray! carve files well Tools Manual File type Fragmentaon, appear, MulDthreading, hex editor aware damned but have beer design stuff carving, et al spinning disks! issues Images: hLps://easiersaidblogdotcom.files.wordpress.com/2013/02/hot_dogger.jpg hLp://cdn.bigbangfish.com/555/Cow/Cow-6.jpg, hLp://f.tqn.com/y/bbq/1/W/U/i/Big_green_egg_large.jpg hLp://i5.walmarDmages.com/dfw/dce07b8c-bb22/k2-_95ea6c25-e9aa-418e-a3a2-8e48e62a9d2e.v1.jpg Copyright 2015 by Andrew Case and Golden G. Richard III 6 Awesomeness Progression: Memory Forensics Pioneering Chaos: More, efforts Beyond run more, show great Windows ?? strings? more promise pt_finder et al More aenDon Manual, Mac, … awesome but to malware, run strings, Linux, BSD liLle context limited filling in the gaps funcDonality Images: hLps://s-media-cache-ak0.pinimg.com/736x/75/5a/37/755a37727586c57a19d42caa650d242e.jpg,, hLp://img.photobucket.com/albums/v136/Hell2Pay77/SS-trucks.jpg hLp://skateandannoy.com/wp-content/uploads/2007/12/sportsbars.jpg, hLp://gainesvillescene.com/wp-content/uploads/2013/03/dog-longboard.jpg Copyright 2015 by Andrew Case and Golden G. Richard III 7 Memory Analysis: 2004 $ grep –i murder /dev/mem I loved Sally, but I murdered her in the park on… Murder Murderer! Blood is on your shoulders! Murderous You murdered my hamster! Murdered Copyright 2015 by Andrew Case and Golden G. Richard III 8 Memory Analysis: Then • strings – essenDally no tools besides this, circa 2004 • pt_finder (~2006) – Windows process and thread enumeraon • FACE (~2008) – Memory analysis framework created at UNO – Correlates evidence in memory, network stack, network traces, filesystem – A bit closer to a framework rather than one-off tools • … Copyright 2015 by Andrew Case and Golden G. Richard III 9 Memory Analysis: Now Capture RAM • physical memory dumping tool from live • VM memory snapshot system • VM introspecDon • strings Analyze • carving Memory Dump • Volality • VM introspecDon Expose OS and • to yield useful Applicaon evidence Data Structures Copyright 2015 by Andrew Case and Golden G. Richard III 10 Memory Analysis: Now Use plugins to analyze: Running processes Hidden processes Hooks that hide malware Network connec4ons Encryp4on keys Private browsing data Clipboard data Volale registry branches Command history Window hierarchy + "easily" develop new plugins Copyright 2015 by Andrew Case and Golden G. Richard III 11 Detec4ng Hidden Resource U4liza4on • Adversary: Direct Kernel Object Manipulaon (DKOM) • Strategy: Deep analysis and cross-correlaon of data kernel data structures to reveal hidden resource uDlizaon PID = 2260 Doubly-linked process list in Windows kernel Processes conDnue to run because Windows C:\> fu –ph 2260 scheduler handles threads, not processes PID = 2260 Copyright 2015 by Andrew Case and Golden G. Richard III 12 Copyright 2015 by Andrew Case and Golden G. Richard III 13 FU on PID 2260 DKOM Hidden Process Detecon in Volality Copyright 2015 by Andrew Case and Golden G. Richard III 14 Windows, Mac, Linux • Windows and Linux memory forensics techniques are fairly mature • Lots of funcDonality • More work to do, but good malware / rootkit detecDon • > 115 Windows plugins for Volality • ~60 Mac plugins for Volality – Some tackle the same thing on the BSD / Mach sides • Mac OS X stuff lags behind and we're trying to fix that • Requires OS internals work, which we both like Copyright 2015 by Andrew Case and Golden G. Richard III 15 Mac OS X • Many APIs similar to those on Windows and Linux are commonly abused by malware on other plaorms • ExisDng Mac plugins do not check these subsystems • In addiDon, many Mac-specific features are vulnerable to abuse by rootkits / malware • These aren't addressed by exisDng memory forensics tools, either Copyright 2015 by Andrew Case and Golden G. Richard III 16 Facility: Kernel Event Callbacks • Use: Allows registraon of callbacks to be executed before specific events occur, e.g., process execuDon, system shutdown, hibernaon, et al • Abuse: Prevent security tools from loading, inject code into process before it can start, maintain persistence during reboot or shutdown • Windows API: PsSetCreateProcessNotifyRoutine • Windows detecDon plugin: callbacks Copyright 2015 by Andrew Case and Golden G. Richard III 17 Mac OS X Power Related Events • On Mac OS X, IOKit provides an API to register interest in power-related events • Callback is triggered for noDficaon – kIOMessageSystemWillPowerOff – kIOMessageSystemWillRestart – kIOMessageSystemWillSleep – kIOMessageDeviceHasPoweredOn – … • Defined in iokit/IOKit/IOMessage.h Copyright 2015 by Andrew Case and Golden G. Richard III 18 mac_interest_handlers Plugin • Find root of IOKit device tree • Walk tree and check for power-related interests, stored in IORegistryEntry structures • Enumerate handlers in associated IOCommand structure and verify that handlers are: – in code sec4on of running kernel --or-- – in address space of a loaded kernel extension • Marked suspicious if not • Importantly: locaon of handler also hints at malware locaon • Can then target specific regions of memory and examine Copyright 2015 by Andrew Case and Golden G. Richard III 19 Facility: Driver ßà Userland Communicaon • Use: Provide an interface for userland processes to request services from a kernel driver (read, write, change configuraon, etc.) • Abuse: Provides a mechanism for a userland component to hide data, protect files, communicate with kernel-level malware • Linux API: devfs, ioctl • Linux detecDon plugin: linux_check_fop Copyright 2015 by Andrew Case and Golden G. Richard III 20 Mac OS X Driver Communica4on • Mac OS X provides several mechanisms for drivers to communicate with user space – IOKit APIs that allow userspace to search for interesDng devices – devfs • For this talk, look only at devfs • TradiDonal filesystem interface • Device registers handlers for open(), close(), read(), write(), ioctl(), etc. Copyright 2015 by Andrew Case and Golden G. Richard III 21 Crisis: Notorious Mac OS X Malware • Patches AcDvity Monitor to hide • Takes screenshots • Captures audio • Captures video • Connects to WiFi hotspots to transmit collected data • Basically, all the stuff you're scared malware will do to you Copyright 2015 by Andrew Case and Golden G. Richard III 22 Crisis • LegiDmate device: /dev/pmCPU • "Evil" Crisis device: /dev/pfCPU • Kernel components live behind this device • Userspace components of Crisis use ioctl() calls to communicate with kernel components • Lots of complex hiding mechanisms in Crisis • Quickly locang handlers for kernel module can help direct stac analysis Copyright 2015 by Andrew Case and Golden G. Richard III 23 mac_devfs plugin "Good" mdworker is associated with Spotlight search indexing. This "evil" one can now be dumped and analyzed. Copyright 2015 by Andrew Case and Golden G. Richard III 24 Facility: Kernel Timers • Use: Register callback to be executed aer a certain amount of Dme • Abuse: Allow malicious code to run periodically without needing to hook funcDons, check persistence, check C&C server status, periodically exfiltrate data • Windows API: KeSetTimer • Windows detecDon plugin: timers Copyright 2015 by Andrew Case and Golden G. Richard III 25 mac_timers Plugin • Timer data is stored in per-CPU variables • Plugin analyzes cpu_data structure for each processor • cpu_data->rtclock_timer maintains queue of mers • For each Dmer, output: – Registering module – Time to elapse – Address of each parameter – Address of handler func4on – Suspicious? Copyright 2015 by Andrew Case and Golden G. Richard III 26 Facility: Userland Event Monitoring • Use: Allows userland processes to monitor events on files, processes, signals, etc. • Abuse: Stop processes from execuDng, determine when security tools are installed, detect when persistence mechanisms are removed • Windows API: FindFirstChangeNotification, RegNotifyChangeKeyValue – FILE_NOTIFY_CHANGE_FILE_NAME – FILE_NOTIFY_CHANGE_SIZE • Windows/Linux detecDon plugins: None (hint) Copyright 2015 by Andrew Case and Golden G. Richard III 27 KQueue Monitoring • Mac OS X facility that dates back to FreeBSD 4.1 • Use: Monitor file events, process creaon, signals, etc. • Abuse: Prevent processes from loading, react to process terminaon, etc. • Interfaced from userland through kqueue and kevent • man kqueue / man kevent Copyright 2015 by Andrew Case and Golden G. Richard III 28 mac_kevents Plugin • Enumerates all kevent structures… • …(data structures kung fu in the paper)… • …in the kernel and reports: – Which processes are being monitored (by PID) and which events are being monitored (fork, exec,
Load more

Recommended publications
  • The Linux Kernel Module Programming Guide
    The Linux Kernel Module Programming Guide Peter Jay Salzman Michael Burian Ori Pomerantz Copyright © 2001 Peter Jay Salzman 2007−05−18 ver 2.6.4 The Linux Kernel Module Programming Guide is a free book; you may reproduce and/or modify it under the terms of the Open Software License, version 1.1. You can obtain a copy of this license at http://opensource.org/licenses/osl.php. This book is distributed in the hope it will be useful, but without any warranty, without even the implied warranty of merchantability or fitness for a particular purpose. The author encourages wide distribution of this book for personal or commercial use, provided the above copyright notice remains intact and the method adheres to the provisions of the Open Software License. In summary, you may copy and distribute this book free of charge or for a profit. No explicit permission is required from the author for reproduction of this book in any medium, physical or electronic. Derivative works and translations of this document must be placed under the Open Software License, and the original copyright notice must remain intact. If you have contributed new material to this book, you must make the material and source code available for your revisions. Please make revisions and updates available directly to the document maintainer, Peter Jay Salzman <[email protected]>. This will allow for the merging of updates and provide consistent revisions to the Linux community. If you publish or distribute this book commercially, donations, royalties, and/or printed copies are greatly appreciated by the author and the Linux Documentation Project (LDP).
    [Show full text]
  • Procedures to Build Crypto Libraries in Minix
    Created by Jinkai Gao (Syracuse University) Seed Document How to talk to inet server Note: this docment is fully tested only on Minix3.1.2a. In this document, we introduce a method to let user level program to talk to inet server. I. Problem with system call Recall the process of system call, refering to http://www.cis.syr.edu/~wedu/seed/Labs/Documentation/Minix3/System_call_sequence.pd f We can see the real system call happens in this function call: _syscall(FS, CHMOD, &m) This function executes ‘INT 80’ to trap into kernel. Look at the parameter it passs to kernel. ‘CHMOD’ is a macro which is merely the system call number. ‘FS’ is a macro which indicates the server which handles the chmod system call, in this case ‘FS’ is 1, which is the pid of file system server process. Now your might ask ‘why can we hard code the pid of the process? Won’t it change?’ Yes, normally the pid of process is unpredictable each time the system boots up. But for fs, pm, rs, init and other processes which is loaded from system image at the very beginning of booting time, it is not true. In minix, you can dump the content of system image by pressing ‘F3’, then dump the current running process table by pressing ‘F1’. What do you find? The first 12 entries in current process table is exactly the ones in system image with the same order. So the pids of these 12 processes will not change. Inet is different. It is not in the system image, so it is not loaded into memory in the very first time.
    [Show full text]
  • UNIX Systems Programming II Systems Unixprogramming II Short Course Notes
    Systems UNIXProgramming II Systems UNIXProgramming II Systems UNIXProgramming II UNIX Systems Programming II Systems UNIXProgramming II Short Course Notes Alan Dix © 1996 Systems Programming II http://www.hcibook.com/alan/ UNIX Systems Course UNIXProgramming II Outline Alan Dix http://www.hcibook.com/alan/ Session 1 files and devices inodes, stat, /dev files, ioctl, reading directories, file descriptor sharing and dup2, locking and network caching Session 2 process handling UNIX processes, fork, exec, process death: SIGCHLD and wait, kill and I/O issues for fork Session 3 inter-process pipes: at the shell , in C code and communication use with exec, pseudo-terminals, sockets and deadlock avoidance Session 4 non-blocking I/O and UNIX events: signals, times and select I/O; setting timers, polling, select, interaction with signals and an example Internet server Systems UNIXProgrammingII Short Course Notes Alan Dix © 1996 II/i Systems Reading UNIXProgramming II ¥ The Unix V Environment, Stephen R. Bourne, Wiley, 1987, ISBN 0 201 18484 2 The author of the Borne Shell! A 'classic' which deals with system calls, the shell and other aspects of UNIX. ¥ Unix For Programmers and Users, Graham Glass, Prentice-Hall, 1993, ISBN 0 13 061771 7 Slightly more recent book also covering shell and C programming. Ì BEWARE Ð UNIX systems differ in details, check on-line documentation ¥ UNIX manual pages: man creat etc. Most of the system calls and functions are in section 2 and 3 of the manual. The pages are useful once you get used to reading them! ¥ The include files themselves /usr/include/time.h etc.
    [Show full text]
  • Toward MP-Safe Networking in Netbsd
    Toward MP-safe Networking in NetBSD Ryota Ozaki <[email protected]> Kengo Nakahara <[email protected]> EuroBSDcon 2016 2016-09-25 Contents ● Background and goals ● Approach ● Current status ● MP-safe Layer 3 forwarding ● Performance evaluations ● Future work Background ● The Multi-core Era ● The network stack of NetBSD couldn’t utilize multi-cores ○ As of 2 years ago CPU 0 NIC A NIC B CPU 1 Our Background and Our Goals ● Internet Initiative Japan Inc. (IIJ) ○ Using NetBSD in our products since 1999 ○ Products: Internet access routers, etc. ● Our goal ○ Better performance of our products, especially Layer 2/3 forwarding, tunneling, IPsec VPN, etc. → MP-safe networking Our Targets ● Targets ○ 10+ cores systems ○ 1 Gbps Intel NICs and virtualized NICs ■ wm(4), vmx(4), vioif(4) ○ Layer 2 and 3 ■ IPv4/IPv6, bridge(4), gif(4), vlan(4), ipsec(4), pppoe(4), bpf(4) ● Out of targets ○ 100 cores systems and above ○ Layer 4 and above ■ and any other network components except for the above Approach ● MP-safe and then MP-scalable ● Architecture ○ Utilize hardware assists ○ Utilize lightweight synchronization mechanisms ● Development ○ Restructure the code first ○ Benchmark often Approach : Architecture ● Utilize hardware assists ○ Distribute packets to CPUs by hardware ■ NIC multi-queue and RSS ● Utilize software techniques ○ Lightweight synchronization mechanisms ■ Especially pserialize(9) and psref(9) ○ Existing facilities ■ Fast forwarding and ipflow Forwarding Utilizing Hardware Assists Least locks Rx H/W queues CPU 0 Tx H/W queues queue 0 queue 0 CPU 1 queue 1 queue 1 NIC A NIC B queue 2 queue 2 CPU 2 queue 3 queue 3 CPU 3 Packets are distributed Packets are processed by hardware based on on a received CPU to flow (5-tuples) the last Approach : Development ● Restructure the code first ○ Hard to simply apply locks to the existing code ■ E.g., hardware interrupt context for Layer 2, cloning/cloned routes, etc.
    [Show full text]
  • Chapter 1. Origins of Mac OS X
    1 Chapter 1. Origins of Mac OS X "Most ideas come from previous ideas." Alan Curtis Kay The Mac OS X operating system represents a rather successful coming together of paradigms, ideologies, and technologies that have often resisted each other in the past. A good example is the cordial relationship that exists between the command-line and graphical interfaces in Mac OS X. The system is a result of the trials and tribulations of Apple and NeXT, as well as their user and developer communities. Mac OS X exemplifies how a capable system can result from the direct or indirect efforts of corporations, academic and research communities, the Open Source and Free Software movements, and, of course, individuals. Apple has been around since 1976, and many accounts of its history have been told. If the story of Apple as a company is fascinating, so is the technical history of Apple's operating systems. In this chapter,[1] we will trace the history of Mac OS X, discussing several technologies whose confluence eventually led to the modern-day Apple operating system. [1] This book's accompanying web site (www.osxbook.com) provides a more detailed technical history of all of Apple's operating systems. 1 2 2 1 1.1. Apple's Quest for the[2] Operating System [2] Whereas the word "the" is used here to designate prominence and desirability, it is an interesting coincidence that "THE" was the name of a multiprogramming system described by Edsger W. Dijkstra in a 1968 paper. It was March 1988. The Macintosh had been around for four years.
    [Show full text]
  • Linux Device Drivers – IOCTL
    Linux Device Drivers { IOCTL Jernej Viˇciˇc March 15, 2018 Jernej Viˇciˇc Linux Device Drivers { IOCTL Overview Jernej Viˇciˇc Linux Device Drivers { IOCTL Introduction ioctl system call. Jernej Viˇciˇc Linux Device Drivers { IOCTL ioctl short for: Input Output ConTroL, shared interface for devices, Jernej Viˇciˇc Linux Device Drivers { IOCTL Description of ioctl devices are presented with files, input and output devices, we use read/write, this is not always enough, example: (old) modem, Jernej Viˇciˇc Linux Device Drivers { IOCTL Description of ioctl - modem connected through serial port, How to control theserial port: set the speed of transmission (baudrate). use ioctl :). Jernej Viˇciˇc Linux Device Drivers { IOCTL Description of ioctl - examples control over devices other than the type of read/write, close the door, eject, error display, setting of the baud rate, self destruct :). Jernej Viˇciˇc Linux Device Drivers { IOCTL Description of ioctl each device has its own set, these are commands, read commands (read ioctls), write commands (write ioctls), three parameters: file descriptor, ioctl command number a parameter of any type used for programmers purposes. Jernej Viˇciˇc Linux Device Drivers { IOCTL Description of ioctl, ioctl parameters the usage of the third parameter depends on ioctl command, the actual command is the second parameter, possibilities: no parameter, integer, pointer to data. Jernej Viˇciˇc Linux Device Drivers { IOCTL ioctl cons each device has its own set of commands, the control of these commands is left to the programmers, there is a tendency to use other means of communicating with devices: to include commands in a data stream, use of virtual file systems (sysfs, proprietary), ..
    [Show full text]
  • Kqueue Madness Have to Ponder These Questions Or Write a Began
    Kqueuemadness by Randall Stewart ome time ago I was asked to participate in the creation of a Performance SEnhancing Proxy (PEP) for TCP. The concept behind a PEP is to split a TCP connec- tion into three separate connections. The first connection (1) is the normal TCP con- nection that goes from the client towards the server (the client is usually unaware that its connection is not going to the end server). The next connection (2) goes between two middle boxes (M1 and M2), the first middle box (M1) terminates the connection of the client pretending to be the server and uses a different connection to talk to the tail middle box (M2). This middle connection provides the “enhanced” service to the end-to-end connection. The final connection (3) goes between the tail middle box (M2) and the actual server. The figure below shows a diagram of such a connection. A connection (1) (2) (3) through a PEP Client M1 M2 Server 24 FreeBSD Journal Now, as you can imagine, if you have a very event for a socket descriptor, yet do not close busy PEP you could end up with thousands of the socket? TCP connections being managed by M1 and b) Could I possibly see stale queued events M2. In such an environment using poll(2) or that were yet to be read? select(2) comes with an extreme penalty. Each c) How does connect interact with kqueue? time a I/O event completes, every one of those d) What about listen? thousands of connections would need to be e) What is the difference between all of the looked at to see if an event occurred on them, kqueue flags that I can add on to events and and then the appropriate structure would need when do I use them properly? to be reset to look for an event next time.
    [Show full text]
  • Linux Kernel and Driver Development Training Slides
    Linux Kernel and Driver Development Training Linux Kernel and Driver Development Training © Copyright 2004-2021, Bootlin. Creative Commons BY-SA 3.0 license. Latest update: October 9, 2021. Document updates and sources: https://bootlin.com/doc/training/linux-kernel Corrections, suggestions, contributions and translations are welcome! embedded Linux and kernel engineering Send them to [email protected] - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 1/470 Rights to copy © Copyright 2004-2021, Bootlin License: Creative Commons Attribution - Share Alike 3.0 https://creativecommons.org/licenses/by-sa/3.0/legalcode You are free: I to copy, distribute, display, and perform the work I to make derivative works I to make commercial use of the work Under the following conditions: I Attribution. You must give the original author credit. I Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. I For any reuse or distribution, you must make clear to others the license terms of this work. I Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. Document sources: https://github.com/bootlin/training-materials/ - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 2/470 Hyperlinks in the document There are many hyperlinks in the document I Regular hyperlinks: https://kernel.org/ I Kernel documentation links: dev-tools/kasan I Links to kernel source files and directories: drivers/input/ include/linux/fb.h I Links to the declarations, definitions and instances of kernel symbols (functions, types, data, structures): platform_get_irq() GFP_KERNEL struct file_operations - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 3/470 Company at a glance I Engineering company created in 2004, named ”Free Electrons” until Feb.
    [Show full text]
  • Topic 10: Device Driver
    Topic 10: Device Driver Tongping Liu University of Massachusetts Amherst 1 Administration • Today it is the deadline of Project3 • Homework5 is posted, due on 05/03 • Bonus points: ECE570 – 3 points, ECE670-5 points – Design exam questions – Process&threads, scheduling, synchronization, IPC, memory management, device driver/virtualization – Due: 05/01 • Survey project (ECE570/ECE670): 05/12 University of Massachusetts Amherst 2 Objectives • Understanding concepts of device driver, e.g., device number, device file • Understand the difference of kernel modules and device drivers • Learn how to implement a simple kernel module • Learn how to implement a simple device driver University of Massachusetts Amherst 3 Outline • Basic concepts • Kernel module • Writing device driver University of Massachusetts Amherst 4 Device Driver • A special kind of computer program that operates or controls a particular type of device that is attached to a computer University of Massachusetts Amherst 5 Device Driver • A special kind of computer program that operates or controls a particular type of device that is attached to a computer – Needs to execute privileged instructions – Must be integrated into the OS kernel, with a specific format – Interfaces both to kernel and to hardware University of Massachusetts Amherst 6 Whole System Stack Note: This picture is excerpted from Write a Linux Hardware Device Driver, Andrew O’Shauqhnessy, Unix world University of Massachusetts Amherst 7 Another View from OS University of Massachusetts Amherst 8 Type of Devices • Character device – Read or write one byte at a time as a stream of sequential data – Examples: serial ports, parallel ports, sound cards, keyboard • Block device – Randomly access fixed-sized chunks of data (block) – Examples: hard disks, USB cameras University of Massachusetts Amherst 9 Linux Device Driver • Manage data flow between user programs and device • Typically a self-contained kernel module – Add and remove dynamically • Device is a special file in /dev that user can access, e.g.
    [Show full text]
  • Efficient Parallel I/O on Multi-Core Architectures
    Lecture series title/ lecture title Efficient parallel I/O on multi-core architectures Adrien Devresse CERN IT-SDC-ID Thematic CERN School of Computing 2014 1 Author(s) names – Affiliation Lecture series title/ lecture title How to make I/O bound application scale with multi-core ? What is an IO bound application ? → A server application → A job that accesses big number of files → An application that uses intensively network 2 Author(s) names – Affiliation Lecture series title/ lecture title Stupid example: Simple server monothreaded // create socket socket_desc = socket(AF_INET , SOCK_STREAM , 0); // bind the socket bind(socket_desc,(struct sockaddr *)&server , sizeof(server)); listen(socket_desc , 100); //accept connection from an incoming client while(1){ // declarations client_sock = accept(socket_desc, (struct sockaddr *)&client, &c); //Receive a message from client while( (read_size = recv(client_sock , client_message , 2000 , 0)) > 0{ // Wonderful, we have a client, do some useful work std::string msg("hello bob"); write(client_sock, msg.c_str(), msg.size()); } } 3 Author(s) names – Affiliation Lecture series title/ lecture title Stupid example: Let's make it parallel ! int main(int argc, char** argv){ // creat socket void do_work(int socket){ socket_desc = socket(AF_INET , SOCK_STREAM , 0); //Receive a message while( (read_size = // bind the socket recv(client_sock , bind(socket_desc, server , sizeof(server)); client_message , 2000 , 0)) > 0{ listen(socket_desc , 100); // Wonderful, we have a client // useful works //accept connection
    [Show full text]
  • Mac OS X for UNIX Users the Power of UNIX with the Simplicity of Macintosh
    Mac OS X for UNIX Users The power of UNIX with the simplicity of Macintosh. Features Mac OS X version 10.3 “Panther” combines a robust and open UNIX-based foundation with the richness and usability of the Macintosh interface, bringing UNIX technology Open source, standards-based UNIX to the mass market. Apple has made open source and standards a key part of its foundation strategy and delivers an operating system built on a powerful UNIX-based foundation •Based on FreeBSD 5 and Mach 3.0 • Support for POSIX, Linux, and System V APIs that is innovative and easy to use. • High-performance math libraries, including There are over 8.5 million Mac OS X users, including scientists, animators, developers, vector/DSP and PowerPC G5 support and system administrators, making Mac OS X the most widely used UNIX-based desktop • Optimized X11 window server for UNIX GUIs operating system. In addition, Mac OS X is the only UNIX-based environment that •Open source code available via the natively runs Microsoft Office, Adobe Photoshop, and thousands of other consumer Darwin project applications—all side by side with traditional command-line, X11, and Java applications. Standards-based networking For notebook computer users, Mac OS X delivers full power management and mobility •Open source TCP/IP-based networking support for Apple’s award-winning PowerBook G4. architecture, including IPv4, IPv6, and L2TP/IPSec •Interoperability with NFS, AFP, and Windows (SMB/CIFS) file servers •Powerful web server (Apache) •Open Directory 2, an LDAP-based directory services
    [Show full text]
  • Lab 4: Linux Device Drivers and Opencv
    Lab 4: Linux Device Drivers and OpenCV This lab will teach you the basics of writing a device driver in Linux. By the end of the lab, you will be able to (1) build basic loadable kernel modules (2) implement a h-bridge device driver, (3) talk to device drivers using ioctl, and (4) communicate with your device driver using code from user space. The first bit of this lab is based on a fantastic device driver tutorial written by Xavier Calbet at Free Software Magazinei. We recommend taking a look at his article before starting the lab. The key idea is that it is desirable to have a standard interface to devices. In Linux (and most Unix variants) this interface is that of a file. All hardware devices look like regular files: they can be opened, closed, read and written using the same system calls that are used to manipulate files. Every device in the system is represented by a device special file, for example the first IDE disk in the system is represented by /dev/hda.ii Exactly what happens when you read or write from the device will vary by device, but in general you can get data from it by reading from the special file and you can change it by writing to it. (For example, doing “cat /dev/hda” will cause the raw contents of the disc to be printed.) The exact way devices have been managed on Linux has varied over time. In general devices all started out in the /dev directory, generally with one “special file” per device.
    [Show full text]