{"id":16322,"date":"2015-03-01T14:20:49","date_gmt":"2015-03-01T14:20:49","guid":{"rendered":"http:\/\/www.beautifulwork.org\/?p=16322"},"modified":"2015-03-01T14:20:49","modified_gmt":"2015-03-01T14:20:49","slug":"hacking-with-strace-on-ls","status":"publish","type":"post","link":"https:\/\/www.trueangle.org\/index.php\/2015\/03\/01\/hacking-with-strace-on-ls\/","title":{"rendered":"Hacking with strace on ls"},"content":{"rendered":"
\n$ls\n1\n$strace ls\nexecve(\"\/bin\/ls\", [\"ls\"], [\/* 38 vars *\/]) = 0\nbrk(0)                                  = 0x7ae000\naccess(\"\/etc\/ld.so.nohwcap\", F_OK)      = -1 ENOENT (No such file or directory)\nmmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb78ab18000\naccess(\"\/etc\/ld.so.preload\", R_OK)      = -1 ENOENT (No such file or directory)\nopen(\"\/etc\/ld.so.cache\", O_RDONLY|O_CLOEXEC) = 3\nfstat(3, {st_mode=S_IFREG|0644, st_size=136302, ...}) = 0\nmmap(NULL, 136302, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb78aae8000\nclose(3)                                = 0\naccess(\"\/etc\/ld.so.nohwcap\", F_OK)      = -1 ENOENT (No such file or directory)\nopen(\"\/lib\/x86_64-linux-gnu\/libselinux.so.1\", O_RDONLY|O_CLOEXEC) = 3\nread(3, \"\\177ELF\\2\\1\\1\\0\\0\\0\\0\\0\\0\\0\\0\\0\\3\\0>\\0\\1\\0\\0\\0\\20c\\0\\0\\0\\0\\0\\0\"..., 832) = 832\nfstat(3, {st_mode=S_IFREG|0644, st_size=142728, ...}) = 0\nmmap(NULL, 2246896, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb78a6c8000\nmprotect(0x7fb78a6e9000, 2097152, PROT_NONE) = 0\nmmap(0x7fb78a8e9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21000) = 0x7fb78a8e9000\nmmap(0x7fb78a8eb000, 6384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb78a8eb000\nclose(3)                                = 0\naccess(\"\/etc\/ld.so.nohwcap\", F_OK)      = -1 ENOENT (No such file or directory)\nopen(\"\/lib\/x86_64-linux-gnu\/libacl.so.1\", O_RDONLY|O_CLOEXEC) = 3\nread(3, \"\\177ELF\\2\\1\\1\\0\\0\\0\\0\\0\\0\\0\\0\\0\\3\\0>\\0\\1\\0\\0\\0\\200\\37\\0\\0\\0\\0\\0\\0\"..., 832) = 832\nfstat(3, {st_mode=S_IFREG|0644, st_size=35288, ...}) = 0\nmmap(NULL, 2130592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb78a4b8000\nmprotect(0x7fb78a4c0000, 2093056, PROT_NONE) = 0\nmmap(0x7fb78a6bf000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7fb78a6bf000\nclose(3)                                = 0\naccess(\"\/etc\/ld.so.nohwcap\", F_OK)      = -1 ENOENT (No such file or directory)\nopen(\"\/lib\/x86_64-linux-gnu\/libc.so.6\", O_RDONLY|O_CLOEXEC) = 3\nread(3, \"\\177ELF\\2\\1\\1\\3\\0\\0\\0\\0\\0\\0\\0\\0\\3\\0>\\0\\1\\0\\0\\0P\\34\\2\\0\\0\\0\\0\\0\"..., 832) = 832\nfstat(3, {st_mode=S_IFREG|0755, st_size=1729984, ...}) = 0\nmmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb78ab17000\nmmap(NULL, 3836448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb78a108000\nmprotect(0x7fb78a2a7000, 2097152, PROT_NONE) = 0\nmmap(0x7fb78a4a7000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19f000) = 0x7fb78a4a7000\nmmap(0x7fb78a4ad000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb78a4ad000\nclose(3)                                = 0\naccess(\"\/etc\/ld.so.nohwcap\", F_OK)      = -1 ENOENT (No such file or directory)\nopen(\"\/lib\/x86_64-linux-gnu\/libpcre.so.3\", O_RDONLY|O_CLOEXEC) = 3\nread(3, \"\\177ELF\\2\\1\\1\\0\\0\\0\\0\\0\\0\\0\\0\\0\\3\\0>\\0\\1\\0\\0\\0\\20\\27\\0\\0\\0\\0\\0\\0\"..., 832) = 832\nfstat(3, {st_mode=S_IFREG|0644, st_size=448440, ...}) = 0\nmmap(NULL, 2543976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb789e98000\nmprotect(0x7fb789f04000, 2097152, PROT_NONE) = 0\nmmap(0x7fb78a104000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6c000) = 0x7fb78a104000\nclose(3)                                = 0\naccess(\"\/etc\/ld.so.nohwcap\", F_OK)      = -1 ENOENT (No such file or directory)\nopen(\"\/lib\/x86_64-linux-gnu\/libdl.so.2\", O_RDONLY|O_CLOEXEC) = 3\nread(3, \"\\177ELF\\2\\1\\1\\0\\0\\0\\0\\0\\0\\0\\0\\0\\3\\0>\\0\\1\\0\\0\\0\\320\\16\\0\\0\\0\\0\\0\\0\"..., 832) = 832\nfstat(3, {st_mode=S_IFREG|0644, st_size=14664, ...}) = 0\nmmap(NULL, 2109712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb789c90000\nmprotect(0x7fb789c93000, 2093056, PROT_NONE) = 0\nmmap(0x7fb789e92000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fb789e92000\nclose(3)                                = 0\naccess(\"\/etc\/ld.so.nohwcap\", F_OK)      = -1 ENOENT (No such file or directory)\nopen(\"\/lib\/x86_64-linux-gnu\/libattr.so.1\", O_RDONLY|O_CLOEXEC) = 3\nread(3, \"\\177ELF\\2\\1\\1\\0\\0\\0\\0\\0\\0\\0\\0\\0\\3\\0>\\0\\1\\0\\0\\0\\320\\23\\0\\0\\0\\0\\0\\0\"..., 832) = 832\nfstat(3, {st_mode=S_IFREG|0644, st_size=18640, ...}) = 0\nmmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb78ab16000\nmmap(NULL, 2113912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb789a88000\nmprotect(0x7fb789a8c000, 2093056, PROT_NONE) = 0\nmmap(0x7fb789c8b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fb789c8b000\nclose(3)                                = 0\naccess(\"\/etc\/ld.so.nohwcap\", F_OK)      = -1 ENOENT (No such file or directory)\nopen(\"\/lib\/x86_64-linux-gnu\/libpthread.so.0\", O_RDONLY|O_CLOEXEC) = 3\nread(3, \"\\177ELF\\2\\1\\1\\0\\0\\0\\0\\0\\0\\0\\0\\0\\3\\0>\\0\\1\\0\\0\\0\\20o\\0\\0\\0\\0\\0\\0\"..., 832) = 832\nfstat(3, {st_mode=S_IFREG|0755, st_size=137440, ...}) = 0\nmmap(NULL, 2213008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb789868000\nmprotect(0x7fb789880000, 2093056, PROT_NONE) = 0\nmmap(0x7fb789a7f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7fb789a7f000\nmmap(0x7fb789a81000, 13456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb789a81000\nclose(3)                                = 0\nmmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb78ab15000\nmmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb78ab13000\narch_prctl(ARCH_SET_FS, 0x7fb78ab13800) = 0\nmprotect(0x7fb78a4a7000, 16384, PROT_READ) = 0\nmprotect(0x7fb789a7f000, 4096, PROT_READ) = 0\nmprotect(0x7fb789c8b000, 4096, PROT_READ) = 0\nmprotect(0x7fb789e92000, 4096, PROT_READ) = 0\nmprotect(0x7fb78a104000, 4096, PROT_READ) = 0\nmprotect(0x7fb78a6bf000, 4096, PROT_READ) = 0\nmprotect(0x7fb78a8e9000, 4096, PROT_READ) = 0\nmprotect(0x61b000, 4096, PROT_READ)     = 0\nmprotect(0x7fb78ab10000, 4096, PROT_READ) = 0\nmunmap(0x7fb78aae8000, 136302)          = 0\nset_tid_address(0x7fb78ab13ad0)         = 3887\nset_robust_list(0x7fb78ab13ae0, 24)     = 0\nrt_sigaction(SIGRTMIN, {0x7fb78986e9f0, [], SA_RESTORER|SA_SIGINFO, 0x7fb7898778d0}, NULL, 8) = 0\nrt_sigaction(SIGRT_1, {0x7fb78986ea80, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7fb7898778d0}, NULL, 8) = 0\nrt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0\ngetrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0\nstatfs(\"\/sys\/fs\/selinux\", 0x7fffb8555110) = -1 ENOENT (No such file or directory)\nstatfs(\"\/selinux\", 0x7fffb8555110)      = -1 ENOENT (No such file or directory)\nbrk(0)                                  = 0x7ae000\nbrk(0x7cf000)                           = 0x7cf000\nopen(\"\/proc\/filesystems\", O_RDONLY)     = 3\nfstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0\nmmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb78ab0f000\nread(3, \"nodev\\tsysfs\\nnodev\\trootfs\\nnodev\\tr\"..., 1024) = 344\nread(3, \"\", 1024)                       = 0\nclose(3)                                = 0\nmunmap(0x7fb78ab0f000, 4096)            = 0\nopen(\"\/usr\/lib\/locale\/locale-archive\", O_RDONLY|O_CLOEXEC) = 3\nfstat(3, {st_mode=S_IFREG|0644, st_size=1607936, ...}) = 0\nmmap(NULL, 1607936, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb78a980000\nclose(3)                                = 0\nioctl(1, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0\nioctl(1, TIOCGWINSZ, {ws_row=40, ws_col=126, ws_xpixel=0, ws_ypixel=0}) = 0\nopenat(AT_FDCWD, \".\", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3\ngetdents(3, \/* 3 entries *\/, 32768)     = 72\ngetdents(3, \/* 0 entries *\/, 32768)     = 0\nclose(3)                                = 0\nfstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0\nmmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb78ab0f000\nwrite(1, \"1\\n\", 21\n)                      = 2\nclose(1)                                = 0\nmunmap(0x7fb78ab0f000, 4096)            = 0\nclose(2)                                = 0\nexit_group(0)                           = ?\n+++ exited with 0 +++\n$\n\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
$ls 1 $strace ls execve(“\/bin\/ls”, [“ls”], [\/* 38 vars *\/]) = 0 brk(0) = 0x7ae000 access(“\/etc\/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb78ab18000 access(“\/etc\/ld.so.preload”, R_OK) = -1 ENOENT (No such file or directory) open(“\/etc\/ld.so.cache”, O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=136302, …}) = 0 mmap(NULL, 136302, … <\/p>\n
Continue reading “Hacking with strace on ls”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[116],"tags":[],"_links":{"self":[{"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/posts\/16322"}],"collection":[{"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/comments?post=16322"}],"version-history":[{"count":0,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/posts\/16322\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/media?parent=16322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/categories?post=16322"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/tags?post=16322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}