Communication with the kernel driver can take many forms. Usually, a special device file is used for communication, or there may be a special type of socket, for example NETLINK. If you're lucky, there is a character device for which read () and write () are the only means of interaction - if in this case these calls are easily intercepted using various methods. If you're out of luck, many things are done using ioctls or something even more complicated.
However, running 'strace' in a program using the kernel driver for communication can show almost everything it does, although ltrace can be more readable if there are libraries that the program uses for communication. By setting the arguments to 'strace', you can probably get a dump containing only the necessary information:
- First, just close the calls and try to figure out what communication with the kernel means.
- Then add filters to call strace to register only kernel communication calls
- Lastly, make sure strace logs the full lines of all calls, so you don't have to deal with truncated data.
Answers that indicate IPC debugging are probably not relevant, since communication with the kernel is almost never related to IPC (at least not to the various IPC UNIX tools).
Nakedible
source share