Sys progs debugging Tips & Tricks:
strace is very handy dynamic analysis tool, but extremely verbose.
There how you can tame strace filtering using
For example, if you have a program like:
which executing some programs inside and you're curious about what it's actually trying to do with which argument?
cc this example and try this:
Output will be like so:
telling us that the "./a.out" prog actually made 2 execve calls, the "/usr/bin/ls" program with "/usr" as its argument was running using shell "/bin/sh".
-- Be careful when making inferences about the user/kernel boundary if only a subset of system calls are being monitored. The default is trace=all. strace(1) man.
----
Also, there multiple ways to search|list syscalls:
0.
1.
2.
----
strace is very handy dynamic analysis tool, but extremely verbose.
There how you can tame strace filtering using
trace= param:For example, if you have a program like:
#include <stdlib.h>
int main() { system( " ls /usr " ); };
which executing some programs inside and you're curious about what it's actually trying to do with which argument?
cc this example and try this:
cc 1.c
strace -f -e trace=execve,execveat,fork,vfork,clone,clone3,exit_group ./a.out
Output will be like so:
...
[pid 27862] execve("/bin/sh", ["sh", "-c", "--", " ls /usr "], 0x7ffd668ba8e8 /* 64 vars */) = 0
...
[pid 26344] execve("/usr/bin/ls", ["ls", "/usr"], 0x55edbcf792b0 /* 64 vars */) = 0
...
telling us that the "./a.out" prog actually made 2 execve calls, the "/usr/bin/ls" program with "/usr" as its argument was running using shell "/bin/sh".
-- Be careful when making inferences about the user/kernel boundary if only a subset of system calls are being monitored. The default is trace=all. strace(1) man.
----
Also, there multiple ways to search|list syscalls:
0.
grep exec /usr/include/sys/syscall.h /usr/include/bits/syscall.h /usr/include/asm/unistd*.h
1.
echo '#include <sys/syscall.h>' | cpp -dM | grep exec
2.
ausyscall --dump | grep exec
----
👍1🤔1
bash users can check current time in UTC+00:00 using:
just in case
cat < /dev/tcp/time.nist.gov/13
just in case
things
me channels also: just some random links/netstalking: t.me/WebsiteToday and random music: t.me/tuneToday
upd about https://news.1rj.ru/str/tuneToday
Just made this channel live at:
https://tunetoday.duckdns.org:10000
Same songs available there in shuffle mode 24\7.
SSL certificates may be broken; sorry for this.
Have no much time to maintain it properly.
Thx for understanding.
Just made this channel live at:
https://tunetoday.duckdns.org:10000
Same songs available there in shuffle mode 24\7.
SSL certificates may be broken; sorry for this.
Have no much time to maintain it properly.
Thx for understanding.
ps way to view memory used by process:
Output in MiB:
Colors !!!
ps --ppid 2 -N k-rss -o rss,comm
Output in MiB:
ps --ppid 2 -N k-rss -o rss=,comm=|while read r c; do printf "%dM %s\n" "$((r>>10))" "$c"; done
Colors !!!
ps --ppid 2 -N k-rss -o rss=,comm=|while read r c; do printf "\e[32m%4dM\e[0m %s\n" "$((r>>10))" "$c"; done
Ladies and gentlemen, let me introduce you to the:
all clock
all clock
watch -n1 'date +"%% %a %A %b %B %c %C %d %D %e %F %g %G %h %H %I %j %k %l %m %M %N %p %P %q %r %R %s %S %t %T %u %U %V %w %W %x %X %y %Y %z %:z %::z %:::z %Z %^a %^A %^b %^B %^h %^c %^p %^P %^r %^x %^X %^Z %#a %#A %#b %#B %#h %#c %#p %#P %#r %#x %#X %#Z %-C %-d %-e %-g %-G %-H %-I %-j %-k %-l %-m %-M %-N %-q %-s %-S %-u %-U %-V %-w %-W %-y %-Y %-z %-:z %-::z %-:::z %_C %_d %_e %_g %_G %_H %_I %_j %_k %_l %_m %_M %_N %_q %_s %_S %_u %_U %_V %_w %_W %_y %_Y %_z %_:z %_::z %_:::z %0C %0d %0e %0g %0G %0H %0I %0j %0k %0l %0m %0M %0N %0q %0s %0S %0u %0U %0V %0w %0W %0y %0Y %0z %0:z %0::z %0:::z %+4C %+4d %+4g %+4G %+4j %+4m %+4s %+4Y %Ec %EC %Ex %EX %Ey %EY %Od %Oe %OH %OI %Om %OM %OS %Ou %OU %OV %Ow %OW %Oy"'
🏆1
simple HEX tricks
Encode HEX:
Decode HEX:
Encode HEX:
printf '%02X' $(sed "s/./'& /g;s/' /32 /g"<<<"hello chat"); echo
Decode HEX:
printf $(sed 's/ //g;s/../\\x&/g'<<<"68656C6C6F2063686174"); echo
for faking uptime you can hook every function calling CLOCK_BOOTTIME, for example (from kallsyms):
some funny observations:
they didnt expect more than 2147483647 seconds of uptime.
it looks not perfect, but it can successfully fake it in /usr/bin/uptime or htop.
"ktime_get_with_offset",
"ktime_get_coarse_with_offset",
"ktime_get_boottime",
"ktime_get_boottime_ns",
"ktime_get_boot_fast_ns",
some funny observations:
they didnt expect more than 2147483647 seconds of uptime.
it looks not perfect, but it can successfully fake it in /usr/bin/uptime or htop.