OS - 用 Strace 追蹤 Syscall
===
###### tags: `OS` `C` `Linux` `Syscall`
# Test1
~~它就是一個會自殺的程式~~
- killSelf.c
```c=
#include <linux/unistd.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <signal.h>
int main() {
int tid;
tid = syscall(SYS_set_tid_address, NULL);
syscall(SYS_write, 1, "Hello World!\n", 13);
syscall(SYS_kill, tid, SIGKILL);
syscall(SYS_write, 1, "Test!\n", 6);
}
```
執行以下 command
```shell=
gcc -o killSelf killSelf.c
strace ./killSelf
```
輸出如下
```c=
execve("./killSelf", ["./killSelf"], [/* 64 vars */]) = 0
/* execve : execute program
* 執行程式 並傳參數以及環境變數 */
brk(NULL) = 0x8bf000
/* brk : change data segment size
* brk(NULL) 可以獲取 data segment 最後一個位址 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=97813, ...}) = 0
mmap(NULL, 97813, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5080502000
close(3) = 0
/* Load /etc/ld.so.cache */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1868984, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5080501000
mmap(NULL, 3971488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f507ff2b000
mprotect(0x7f50800eb000, 2097152, PROT_NONE) = 0
mmap(0x7f50802eb000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c0000) = 0x7f50802eb000
mmap(0x7f50802f1000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f50802f1000
close(3) = 0
/* Load /lib/x86_64-linux-gnu/libc.so.6 */
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5080500000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50804ff000
/* 創造兩個新的 mapping */
arch_prctl(ARCH_SET_FS, 0x7f5080500700) = 0
/* 設定 FS register 的 base address */
mprotect(0x7f50802eb000, 16384, PROT_READ) = 0
mprotect(0x600000, 4096, PROT_READ) = 0
mprotect(0x7f508051a000, 4096, PROT_READ) = 0
/* 設定 memory 的保護機制 */
munmap(0x7f5080502000, 97813) = 0
/* unmap /etc/ld.so.cache */
/* 以下為 killSelf.c 裡所寫到的 syscall */
set_tid_address(0) = 32362
/* 得到 thread id
* 因為沒有創造 child process
* 這個 thread id 也是這支 process 的 process id */
write(1, "Hello World!\n", 13) = 13
/* 輸出字串到 fd 1, 預設 fd 1 是執行此程式的 pts */
kill(32362, SIGKILL <unfinished ...>
/* 將 PID 32362 的 Process 殺掉, 也就是這支 Process */
+++ killed by SIGKILL +++
```
# Test 2
```shell=
kill -9 24148
```
以下是 strace 這行指令的結果
註解則是作者後來加的
以下 syscall 都在 linux man 的第二部分
可以透過
```shell=
man 2 execve
```
類似這樣的指令去查如何使用 syscall
```c=
execve("/bin/kill", ["kill", "-9", "24148"], [/* 64 vars */]) = 0
/* execve : execute program
* 執行 /bin/kill
* 傳一個指向 ["kill", "-9", "24148"] 的 pointer
* 以及另一個指向有 64 個環境變數的陣列的 pointer
* 回傳值為 0, 代表成功執行 */
brk(NULL) = 0x195c000
/* brk : change data segment size
* 而 brk(NULL) 可以獲取 data segment 最後一個位址, 此例回傳為 0x195c000 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
/* access : check user's permissions for a file
* F_OK 測試檔案是否存在(若沒有讀取權限也會回傳 -1)
* R_OK 測試使用者是否對檔案有 r 權限
* 回傳 -1 代表執行失敗 */
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
/* open : open a file
* 開啟檔案 /etc/ld.so.cache
* O_RDONLY 設定了唯獨模式
* O_CLOEXEC 設定後, 若之後調用到 exec() 成功後, 此 fd 會被關閉
* 確保父子程序使用同一個檔案而造成衝突
* 回傳 3 即代表代表此檔案的 fd */
fstat(3, {st_mode=S_IFREG|0644, st_size=97813, ...}) = 0
/* fstat : get file status
* 第一個參數放 fd
* 第二個參數放一個指向 struct stat buf 的 pointer
* 執行成功後, file status 都會存在 buf 中
* 此例 fd 為 3 的檔案的權限為 0644, size 為 97813 B */
mmap(NULL, 97813, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fe8c3e7e000
/* mmap : map files or devices into memory
* mmap(addr, size, protection, flags, fd, offset)
* addr 若為 NULL, 則由 kernel 決定在哪個 address 創造 mapping
* 若不是 NULL, kernel 也只會把它當作 '提示', 在它附近創造 mapping
* size 就是這個 mapping 的大小
* protection 設定這塊 mapping 的讀寫權限
* flags 設定這塊 mapping 是否跟其他 process shared
* fd 設定被 mapping 的咚咚
* offset 設定從那個咚咚的哪邊開始 mapping
* 此例的 fd 3 整個被 mapping 到 0x7fe8c3e7e000 上 */
close(3) = 0
/* close : close a file descriptor
* 關掉指定的 fd */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
/* 看 ld.so.nohwcap 是否存在
* return -1, 不存在 */
open("/lib/x86_64-linux-gnu/libprocps.so.4", O_RDONLY|O_CLOEXEC) = 3
/* 開啟 /lib/x86_64-linux-gnu/libprocps.so.4
* 並用了兩個參數, 詳見 line 20
* 此 fd 為 3 */
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0pD\0\0\0\0\0\0"..., 832) = 832
/* read : read from a file descriptor
* read(fd, buf, size)
* 從 fd 讀 size 個 B 到 buf
* 此例從 fd 3 讀 832 個 B
* "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0pD\0\0\0\0\0\0" 就是內容
* return 832 代表最終讀了 832 個 B */
fstat(3, {st_mode=S_IFREG|0644, st_size=76744, ...}) = 0
/* fd 為 3 的檔案的權限為 0644, size 為 76744 */
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3e7d000
/* 根據 man 以及
* https://stackoverflow.com/questions/34042915/what-is-the-purpose-of-map-anonymous-flag-in-mmap-system-call
* 這是創造一塊 rw-, size 為 4096 B 且都被 0 填充的 mapping
* address 為 0x7fe8c3e7d000 */
mmap(NULL, 2253888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c3a4a000
/* 將 fd 3 mapping 到 0x7fe8c3a4a000, size 為 2253888, r-x */
mprotect(0x7fe8c3a5b000, 2097152, PROT_NONE) = 0
/* mprotect : set protection on a region of memory
* mprotect(addr, size, protection)
* 對從 addr 開始 size B 的記憶體施行 protection
* 此例為從 0x7fe8c3a5b000 開始的 2097152 B 的記憶體都被禁止存取 */
mmap(0x7fe8c3c5b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x7fe8c3c5b000
/* 將 fd 3 從 0x11000 B 的位置開始的 8192 B mapping 到 0x7fe8c3c5b000
* rw-
* MAP_FIXED 將 mapping 準確 mapping 到 addr
* MAP_DENYWRITE 此 flag 已棄用 */
mmap(0x7fe8c3c5d000, 78912, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3c5d000
/* 創造一塊 78912 B 的記憶體
* rw-
* 位置準確 mapping 在 0x7fe8c3c5d000 */
close(3) = 0
/* 將 fd 3 關閉 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
/* 檢查 /etc/ld.so.nohwcap 是否存在 */
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
/* 開啟 /lib/x86_64-linux-gnu/libc.so.6 唯獨模式
* 並在 execv() 成功執行時關閉此 fd
* 代表此檔案的 fd = 3 */
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
/* 從 fd 3 讀取 832 B
* 回傳 832 代表成功讀取 832 B */
fstat(3, {st_mode=S_IFREG|0755, st_size=1868984, ...}) = 0
/* 取得 fd 3 的 file status
* 權限為 0755, size 為 1868984 */
mmap(NULL, 3971488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c3680000
/* 將 fd 3 mapping 到 size 為 3971488 B、權限 r-x 的 memory
* memory address = 0x7fe8c3680000 */
mprotect(0x7fe8c3840000, 2097152, PROT_NONE) = 0
/* 設定從 0x7fe8c3840000 開始的 2097152 B 的 memory 禁止存取 */
mmap(0x7fe8c3a40000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c0000) = 0x7fe8c3a40000
/* 將 fd 3 從 offset 0x1c0000 mapping 至 size 為 24576
* 權限 rw-
* memory address = 0x7fe8c3a4000 */
mmap(0x7fe8c3a46000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3a46000
/* 創造一個 14752 B, 用 0 填充的記憶體
* 權限 rw-
* memory address = 0x7fe8c3a46000 */
close(3) = 0
/* 關閉 fd 3 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
/* 檢查 /etc/ld.so.nohwcap 是否存在 */
open("/lib/x86_64-linux-gnu/libsystemd.so.0", O_RDONLY|O_CLOEXEC) = 3
/* open /lib/x86_64-linux-gnu/libsystemd.so.0
* 唯獨, 並在成功執行 exec() 時自動關閉
* fd = 3 */
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
/* 從 fd 3 讀取 832 B
* 回傳 832 代表成功讀取 832 B */
fstat(3, {st_mode=S_IFREG|0644, st_size=536520, ...}) = 0
/* 取得 fd 3 的 file status
* 權限為 0644, size 為 536520 */
mmap(NULL, 540800, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c3df8000
/* 將 fd 3 mapping 至 size 為 540800
* 權限 r-x
* memory address = 0x7fe8c3df8000 */
mmap(0x7fe8c3e78000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7f000) = 0x7fe8c3e78000
/* 將 fd 3 從 offset 0x7f000 mapping 至 size 為 16384
* 權限 rw-
* memory address = 0x7fe8c3e78000 */
mmap(0x7fe8c3e7c000, 128, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3e7c000
/* 創造一個 128 B, 用 0 填充的記憶體
* 權限 rw-
* memory address = 0x7fe8c3e7c000 */
close(3) = 0
/* 關閉 fd 3 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
/* 檢查 /etc/ld.so.nohwcap 是否存在 */
open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
/* open /lib/x86_64-linux-gnu/libsystemd.so.1
* 唯獨, 並在成功執行 exec() 時自動關閉
* fd = 3 */
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260Z\0\0\0\0\0\0"..., 832) = 832
/* 從 fd 3 讀取 832 B
* 回傳 832 代表成功讀取 832 B */
fstat(3, {st_mode=S_IFREG|0644, st_size=130224, ...}) = 0
/* 取得 fd 3 的 file status
* 權限為 0644, size 為 130224 */
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3df7000
/* 創造一個 4096 B, 用 0 填充的記憶體
* 權限 rw-
* memory address = 0x7fe8c3df7000 */
mmap(NULL, 2234080, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c345e000
/* 將 fd 3 mapping 至 size 為 2234080
* 權限 r-x
* memory address = 0x7fe8c345e000 */
mprotect(0x7fe8c347d000, 2093056, PROT_NONE) = 0
/* 設定從 0x7fe8c347d000 開始的 2093056 B 的 memory 禁止存取 */
mmap(0x7fe8c367c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e000) = 0x7fe8c367c000
/* 將 fd 3 從 offset 0x1e000 mapping 至 size 為 8192
* 權限 rw-
* memory address = 0x7fe8c367c000 */
mmap(0x7fe8c367e000, 5856, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fe8c367e000
/* 創造一個 5856 B, 用 0 填充的記憶體
* 權限 rw-
* memory address = 0x7fe8c367e000 */
close(3) = 0
/* 關閉 fd 3 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
/* 檢查 /etc/ld.so.nohwcap 是否存在 */
open("/lib/x86_64-linux-gnu/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
/* open /lib/x86_64-linux-gnu/librt.so.1
* 唯獨, 並在成功執行 exec() 時自動關閉
* fd = 3 */
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0!\0\0\0\0\0\0"..., 832) = 832
/* 從 fd 3 讀取 832 B
* 回傳 832 代表成功讀取 832 B */
fstat(3, {st_mode=S_IFREG|0644, st_size=31712, ...}) = 0
/* 取得 fd 3 的 file status
* 權限為 0644, size 為 31712 */
mmap(NULL, 2128832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c3256000
/* 將 fd 3 mapping 至 size 為 2128832
* 權限 r-x
* memory address = 0x7fe8c3256000 */
mprotect(0x7fe8c325d000, 2093056, PROT_NONE) = 0
/* 設定從 0x7fe8c325d000 開始的 2093056 B 的 memory 禁止存取 */
mmap(0x7fe8c345c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fe8c345c000
/* 將 fd 3 從 offset 0x6000 mapping 至 size 為 8192
* 權限 rw-
* memory address = 0x7fe8c345c000 */
close(3) = 0
/* 關閉 fd 3 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
/* 檢查 /etc/ld.so.nohwcap 是否存在 */
open("/lib/x86_64-linux-gnu/liblzma.so.5", O_RDONLY|O_CLOEXEC) = 3
/* open /lib/x86_64-linux-gnu/liblzma.so.5
* 唯獨, 並在成功執行 exec() 時自動關閉
* fd = 3 */
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320 \0\0\0\0\0\0"..., 832) = 832
/* 從 fd 3 讀取 832 B
* 回傳 832 代表成功讀取 832 B */
fstat(3, {st_mode=S_IFREG|0644, st_size=137400, ...}) = 0
/* 取得 fd 3 的 file status
* 權限為 0644, size 為 137400 */
mmap(NULL, 2232456, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c3034000
/* 將 fd 3 mapping 至 size 為 22324560
* 權限 r-x
* memory address = 0x7fe8c3034000 */
mprotect(0x7fe8c3055000, 2093056, PROT_NONE) = 0
/* 設定從 0x7fe8c3055000 開始的 2093056 B 的 memory 禁止存取 */
mmap(0x7fe8c3254000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20000) = 0x7fe8c3254000
/* 將 fd 3 從 offset 0x20000 mapping 至 size 為 8192
* 權限 rw-
* memory address = 0x7fe8c3254000 */
close(3) = 0
/* 關閉 fd 3 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
/* 檢查 /etc/ld.so.nohwcap 是否存在 */
open("/lib/x86_64-linux-gnu/libgcrypt.so.20", O_RDONLY|O_CLOEXEC) = 3
/* open /lib/x86_64-linux-gnu/libgcrypt.so.20
* 唯獨, 並在成功執行 exec() 時自動關閉
* fd = 3 */
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\215\0\0\0\0\0\0"..., 832) = 832
/* 從 fd 3 讀取 832 B
* 回傳 832 代表成功讀取 832 B */
fstat(3, {st_mode=S_IFREG|0644, st_size=919168, ...}) = 0
/* 取得 fd 3 的 file status
* 權限為 0644, size 為 919168 */
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3df6000
/* 創造一個 4096 B, 用 0 填充的記憶體
* 權限 rw-
* memory address = 0x7fe8c3df6000 */
mmap(NULL, 3015360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c2d53000
/* 將 fd 3 mapping 至 size 為 3015360
* 權限 r-x
* memory address = 0x7fe8c2d53000 */
mprotect(0x7fe8c2e2a000, 2097152, PROT_NONE) = 0
/* 設定從 0x7fe8c2e2a000 開始的 2097152 B 的 memory 禁止存取 */
mmap(0x7fe8c302a000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd7000) = 0x7fe8c302a000
/* 將 fd 3 從 offset 0xd7000 mapping 至 size 為 36864
* 權限 rw-
* memory address = 0x7fe8c302a000 */
mmap(0x7fe8c3033000, 704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3033000
/* 創造一個 704 B, 用 0 填充的記憶體
* 權限 rw-
* memory address = 0x7fe8c3033000 */
close(3) = 0
/* 關閉 fd 3 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
/* 檢查 /etc/ld.so.nohwcap 是否存在 */
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
/* open /lib/x86_64-linux-gnu/libpthread.so.0
* 唯獨, 並在成功執行 exec() 時自動關閉
* fd = 3 */
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260`\0\0\0\0\0\0"..., 832) = 832
/* 從 fd 3 讀取 832 B
* 回傳 832 代表成功讀取 832 B */
fstat(3, {st_mode=S_IFREG|0755, st_size=138696, ...}) = 0
/* 取得 fd 3 的 file status
* 權限為 0755, size 為 138696 */
mmap(NULL, 2212904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c2b36000
/* 將 fd 3 mapping 至 size 為 2212904
* 權限 r-x
* memory address = 0x7fe8c2b36000 */
mprotect(0x7fe8c2b4e000, 2093056, PROT_NONE) = 0
/* 設定從 0x7fe8c2b4e000 開始的 2093056 B 的 memory 禁止存取 */
mmap(0x7fe8c2d4d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7fe8c2d4d000
/* 將 fd 3 從 offset 0x17000 mapping 至 size 為 8192
* 權限 rw-
* memory address = 0x7fe8c2d4d000 */
mmap(0x7fe8c2d4f000, 13352, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fe8c2d4f000
/* 創造一個 13352 B, 用 0 填充的記憶體
* 權限 rw-
* memory address = 0x7fe8c2d4f000 */
close(3) = 0
/* 關閉 fd 3 */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\25\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=456632, ...}) = 0
mmap(NULL, 2552072, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c28c6000
mprotect(0x7fe8c2934000, 2097152, PROT_NONE) = 0
mmap(0x7fe8c2b34000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6e000) = 0x7fe8c2b34000
close(3) = 0
/* Load /lib/x86_64-linux-gnu/libpcre.so.3 into memory */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\r\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14608, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3df5000
mmap(NULL, 2109680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c26c2000
mprotect(0x7fe8c26c5000, 2093056, PROT_NONE) = 0
mmap(0x7fe8c28c4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fe8c28c4000
close(3) = 0
/* Load /lib/x86_64-linux-gnu/libdl.so.2 into memory */
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libgpg-error.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320(\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=80496, ...}) = 0
mmap(NULL, 2175544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe8c24ae000
mprotect(0x7fe8c24c0000, 2097152, PROT_NONE) = 0
mmap(0x7fe8c26c0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x7fe8c26c0000
close(3) = 0
/* Load /lib/x86_64-linux-gnu/libgpg-error.so.0 into memory */
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3df4000
/* Mapping a 4096 rw- memory at 0x7fe8c3df4000 */
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3df3000
/* Mapping a 4096 rw- memory at 0x7fe8c3df3000 */
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe8c3df1000
/* Mapping a 8192 rw- memory at 0x7fe8c3df1000 */
arch_prctl(ARCH_SET_FS, 0x7fe8c3df1880) = 0
/* arch_prctl : set architecture-specific thread state
* ARCH_SET_FS 設定 FS 的 Base 為 0x7fe8c3df1880 */
mprotect(0x7fe8c3a40000, 16384, PROT_READ) = 0
/* 設定從 0x7fe8c3a40000 開始的 16384 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c26c0000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c26c0000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c28c4000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c28c4000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c2d4d000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c2d4d000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c2b34000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c2b34000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c302a000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c302a000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c3254000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c3254000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c345c000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c345c000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c367c000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c367c000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c3e78000, 12288, PROT_READ) = 0
/* 設定從 0x7fe8c3e78000 開始的 12288 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c3c5b000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c3c5b000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x604000, 4096, PROT_READ) = 0
/* 設定從 0x604000 開始的 4096 B 的 memory 擁有讀取權限 */
mprotect(0x7fe8c3e96000, 4096, PROT_READ) = 0
/* 設定從 0x7fe8c3e96000 開始的 4096 B 的 memory 擁有讀取權限 */
munmap(0x7fe8c3e7e000, 97813) = 0
/* unmap memory 從 0x7fe8c3e7e000 開始 97813 B */
set_tid_address(0x7fe8c3df1b50) = 24189
/* set_tid_address : set pointer to thread ID
* */
set_robust_list(0x7fe8c3df1b60, 24) = 0
rt_sigaction(SIGRTMIN, {0x7fe8c2b3bb50, [], SA_RESTORER|SA_SIGINFO, 0x7fe8c2b47390}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7fe8c2b3bbe0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7fe8c2b47390}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(NULL) = 0x195c000
brk(0x197d000) = 0x197d000
statfs("/sys/fs/selinux", 0x7ffd644fdb80) = -1 ENOENT (No such file or directory)
statfs("/selinux", 0x7ffd644fdb80) = -1 ENOENT (No such file or directory)
open("/proc/filesystems", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tr"..., 1024) = 362
read(3, "", 1024) = 0
close(3) = 0
uname({sysname="Linux", nodename="ubuntu", ...}) = 0
open("/sys/devices/system/cpu/online", O_RDONLY|O_CLOEXEC) = 3
read(3, "0\n", 8192) = 2
close(3) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2981280, ...}) = 0
mmap(NULL, 2981280, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fe8c21d6000
close(3) = 0
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2995, ...}) = 0
read(3, "# Locale name alias data base.\n#"..., 4096) = 2995
read(3, "", 4096) = 0
close(3) = 0
open("/usr/share/locale/en_US/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en/LC_MESSAGES/procps-ng.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
kill(24148, SIGKILL) = 0
close(1) = 0
close(2) = 0
exit_group(0) = ?
+++ exited with 0 +++
```
Sign in with Wallet
Connect another wallet