<!DOCTYPE HTML>
<html lang="en" class="sidebar-visible no-js ayu">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Notes</title>
<meta name="robots" content="noindex" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff" />
<link rel="shortcut icon" href="favicon.png">
<link rel="stylesheet" href="css/variables.css">
<link rel="stylesheet" href="css/general.css">
<link rel="stylesheet" href="css/chrome.css">
<link rel="stylesheet" href="css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="FontAwesome/css/font-awesome.css">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800" rel="stylesheet" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Source+Code+Pro:500" rel="stylesheet" type="text/css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="highlight.css">
<link rel="stylesheet" href="tomorrow-night.css">
<link rel="stylesheet" href="ayu-highlight.css">
<!-- Custom theme stylesheets -->
</head>
<body>
<!-- Provide site root to javascript -->
<script type="text/javascript">
var path_to_root = "";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "ayu" : "ayu";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script type="text/javascript">
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script type="text/javascript">
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add('js');
</script>
<!-- Hide / unhide sidebar before it is displayed -->
<script type="text/javascript">
var html = document.querySelector('html');
var sidebar = 'hidden';
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div id="sidebar-scrollbox" class="sidebar-scrollbox">
<ol class="chapter"><li class="expanded "><a href="ld.so.html"><strong aria-hidden="true">1.</strong> ld.so</a></li><li class="expanded "><a href="git.html"><strong aria-hidden="true">2.</strong> git</a></li><li class="expanded "><a href="awk.html"><strong aria-hidden="true">3.</strong> awk</a></li><li class="expanded "><a href="gdb.html"><strong aria-hidden="true">4.</strong> gdb</a></li><li class="expanded "><a href="radare2.html"><strong aria-hidden="true">5.</strong> radare2</a></li><li class="expanded "><a href="emacs.html"><strong aria-hidden="true">6.</strong> emacs</a></li><li class="expanded "><a href="fish.html"><strong aria-hidden="true">7.</strong> fish</a></li><li class="expanded "><a href="strace.html"><strong aria-hidden="true">8.</strong> strace</a></li><li class="expanded "><a href="lsof.html"><strong aria-hidden="true">9.</strong> lsof</a></li><li class="expanded "><a href="pidstat.html"><strong aria-hidden="true">10.</strong> pidstat</a></li><li class="expanded "><a href="time.html"><strong aria-hidden="true">11.</strong> time</a></li><li class="expanded "><a href="pgrep.html"><strong aria-hidden="true">12.</strong> pgrep</a></li><li class="expanded "><a href="pstack.html"><strong aria-hidden="true">13.</strong> pstack</a></li><li class="expanded "><a href="pstack.html"><strong aria-hidden="true">14.</strong> pstack</a></li><li class="expanded "><a href="perf.html"><strong aria-hidden="true">15.</strong> perf</a></li><li class="expanded "><a href="oprofile.html"><strong aria-hidden="true">16.</strong> OProfile</a></li><li class="expanded "><a href="od.html"><strong aria-hidden="true">17.</strong> od</a></li><li class="expanded "><a href="xxd.html"><strong aria-hidden="true">18.</strong> xxd</a></li><li class="expanded "><a href="readelf.html"><strong aria-hidden="true">19.</strong> readelf</a></li><li class="expanded "><a href="objdump.html"><strong aria-hidden="true">20.</strong> objdump</a></li><li class="expanded "><a href="nm.html"><strong aria-hidden="true">21.</strong> nm</a></li><li class="expanded "><a href="c++filt.html"><strong aria-hidden="true">22.</strong> c++filt</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar" class="menu-bar">
<div id="menu-bar-sticky-container">
<div class="left-buttons">
<button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</button>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu (default)</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Notes</h1>
<div class="right-buttons">
<a href="print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
</div>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" name="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script type="text/javascript">
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1><a class="header" href="#ldso8" id="ldso8">ld.so(8)</a></h1>
<h2><a class="header" href="#environment-variables" id="environment-variables">Environment Variables</a></h2>
<pre><code class="language-console"> LD_PRELOAD=<l_so> colon separated list of libso's to be pre loaded
LD_DEBUG=<opts> comma separated list of debug options
=help list available options
=libs show library search path
=files processing of input files
=symbols show search path for symbol lookup
=bindings show against which definition a symbol is bound
</code></pre>
<h2><a class="header" href="#ld_preload-initialization-order-and-link-map" id="ld_preload-initialization-order-and-link-map">LD_PRELOAD: Initialization Order and Link Map</a></h2>
<p>Libraries specified in <code>LD_PRELOAD</code> are loaded from <code>left-to-right</code> but
initialized from <code>right-to-left</code>.</p>
<pre><code class="language-markdown"> > ldd ./main
>> libc.so.6 => /usr/lib/libc.so.6
> LD_PRELOAD=liba.so:libb.so ./main
-->
preloaded in this order
<--
initialized in this order
</code></pre>
<p>The preload order determines:</p>
<ul>
<li>the order libraries are inserted into the <code>link map</code></li>
<li>the initialization order for libraries</li>
</ul>
<p>For the example listed above the resulting <code>link map</code> will look like the
following:</p>
<pre><code class="language-makrdown"> +------+ +------+ +------+ +------+
| main | -> | liba | -> | libb | -> | libc |
+------+ +------+ +------+ +------+
</code></pre>
<p>This can be seen when running with <code>LD_DEBUG=files</code>:</p>
<pre><code class="language-makrdown"> > LD_DEBUG=files LD_PRELOAD=liba.so:libb.so ./main
# load order (-> determines link map)
>> file=liba.so [0]; generating link map
>> file=libb.so [0]; generating link map
>> file=libc.so.6 [0]; generating link map
# init order
>> calling init: /usr/lib/libc.so.6
>> calling init: <path>/libb.so
>> calling init: <path>/liba.so
>> initialize program: ./main
</code></pre>
<p>To verify the <code>link map</code> order we let <code>ld.so</code> resolve the <code>memcpy(3)</code> libc
symbol (used in <em>main</em>) dynamically, while enabling <code>LD_DEBUG=symbols,bindings</code>
to see the resolving in action.</p>
<pre><code class="language-makrdown"> > LD_DEBUG=symbols,bindings LD_PRELOAD=liba.so:libb.so ./main
>> symbol=memcpy; lookup in file=./main [0]
>> symbol=memcpy; lookup in file=<path>/liba.so [0]
>> symbol=memcpy; lookup in file=<path>/libb.so [0]
>> symbol=memcpy; lookup in file=/usr/lib/libc.so.6 [0]
>> binding file ./main [0] to /usr/lib/libc.so.6 [0]: normal symbol `memcpy' [GLIBC_2.14]
</code></pre>
<h2><a class="header" href="#dynamic-linking-x86_64" id="dynamic-linking-x86_64">Dynamic Linking (x86_64)</a></h2>
<p>Dynamic linking basically works via one indirect jump. It uses a combination of
function trampolines (<code>.plt</code> section) and a function pointer table (<code>.got.plt</code>
section).
On the first call the trampoline sets up some metadata and then jumps to the
<code>ld.so</code> runtime resolve function, which in turn patches the table with the
correct function pointer.</p>
<pre><code class="language-makrdown"> .plt ....... procedure linkage table, contains function trampolines, usually
located in code segment (rx permission)
.got.plt ... global offset table for .plt, holds the function pointer table
</code></pre>
<p>Using <code>radare2</code> we can analyze this in more detail:</p>
<pre><code class="language-makrdown"> [0x00401040]> pd 4 @ section..got.plt
;-- section..got.plt:
;-- .got.plt: ; [22] -rw- section size 32 named .got.plt
;-- _GLOBAL_OFFSET_TABLE_:
[0] 0x00404000 .qword 0x0000000000403e10 ; section..dynamic
[1] 0x00404008 .qword 0x0000000000000000
; CODE XREF from section..plt @ +0x6
[2] 0x00404010 .qword 0x0000000000000000
;-- reloc.puts:
; CODE XREF from sym.imp.puts @ 0x401030
[3] 0x00404018 .qword 0x0000000000401036 ; RELOC 64 puts
[0x00401040]> pd 6 @ section..plt
;-- section..plt:
;-- .plt: ; [12] -r-x section size 32 named .plt
┌─> 0x00401020 ff35e22f0000 push qword [0x00404008]
â•Ž 0x00401026 ff25e42f0000 jmp qword [0x00404010]
â•Ž 0x0040102c 0f1f4000 nop dword [rax]
┌ 6: int sym.imp.puts (const char *s);
â”” â•Ž 0x00401030 ff25e22f0000 jmp qword [reloc.puts]
â•Ž 0x00401036 6800000000 push 0
└─< 0x0040103b e9e0ffffff jmp sym..plt
</code></pre>
<ul>
<li>At address <code>0x00401030</code> in the <code>.plt</code> section we see the indirect jump for
<code>puts</code> using the function pointer in <code>_GLOBAL_OFFSET_TABLE_[3] (GOT)</code>.</li>
<li><code>GOT[3]</code> initially points to instruction after the <code>puts</code> trampoline
<code>0x00401036</code>.</li>
<li>This pushes the relocation index <code>0</code> and then jumps to the first trampoline
<code>0x00401020</code>.</li>
<li>The first trampoline jumps to <code>GOT[2]</code> which will be filled at program
startup by the <code>ld.so</code> with its resolve function.</li>
<li>The <code>ld.so</code> resolve function fixes the relocation referenced by the
relocation index pushed by the <code>puts</code> trampoline.</li>
<li>The relocation entry at index <code>0</code> tells the resolve function which symbol to
search for and where to put the function pointer:
<pre><code class="language-makrdown"> > readelf -r <main>
>> Relocation section '.rela.plt' at offset 0x4b8 contains 1 entry:
>> Offset Info Type Sym. Value Sym. Name + Addend
>> 000000404018 000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0
</code></pre>
As we can see the offset from relocation at index <code>0</code> points to <code>GOT[3]</code>.</li>
</ul>
<h1><a class="header" href="#git1" id="git1">git(1)</a></h1>
<h2><a class="header" href="#staging" id="staging">staging</a></h2>
<pre><code class="language-markdown"> git add -p [<file>] ............ partial staging (interactive)
</code></pre>
<h2><a class="header" href="#remote" id="remote">Remote</a></h2>
<pre><code class="language-markdown"> git remote -v .................. list remotes verbose (with URLs)
git remote show [-n] <remote> .. list info for <remote> (like remote HEAD,
remote branches, tracking mapping)
</code></pre>
<h2><a class="header" href="#branching" id="branching">Branching</a></h2>
<pre><code class="language-markdown"> git branch [-a] ................ list available branches; -a to include
remote branches
git branch -vv ................. list branch & annotate with head sha1 &
remote tracking branch
git branch <bname> ............. create branch with name <bname>
git checkout <bname> ........... switch to branch with name <bname>
git push -u origin <rbname> .... push branch to origin (or other remote), and
setup <rbname> as tracking branch
</code></pre>
<h2><a class="header" href="#resetting" id="resetting">Resetting</a></h2>
<pre><code class="language-markdown"> git reset [opt] <ref|commit>
opt:
--mixed .................... resets index, but not working tree
--hard ..................... matches the working tree and index to that
of the tree being switched to any changes to
tracked files in the working tree since
<commit> are lost
git reset HEAD <file> .......... remove file from staging
git reset --soft HEAD~1 ........ delete most recent commit but keep work
git reset --hard HEAD~1 ........ delete most recent commit and delete work
</code></pre>
<h2><a class="header" href="#tags" id="tags">Tags</a></h2>
<pre><code class="language-markdown"> git tag -a <tname> -m "descr" ........ creates an annotated tag (full object
containing tagger, date, ...)
git tag -l ........................... list available tags
git checkout tag/<tname> ............. checkout specific tag
git checkout tag/<tname> -b <bname> .. checkout specific tag in a new branch
</code></pre>
<h2><a class="header" href="#diff" id="diff">Diff</a></h2>
<pre><code class="language-markdown"> git diff HEAD:<fname> origin/HEAD:<fname> ... diff files for different refs
git diff -U$(wc -l <fname>) <fname> ......... shows complete file with diffs
instead of usual diff snippets
</code></pre>
<h2><a class="header" href="#log" id="log">Log</a></h2>
<pre><code class="language-markdown"> git log --oneline .... shows log in single line per commit -> alias for
'--pretty=oneline --abbrev-commit'
git log --graph ...... text based graph of commit history
git log --decorate ... decorate log with REFs
git log -p <file> .... show commit history + diffs for <file>
</code></pre>
<h2><a class="header" href="#patching" id="patching">Patching</a></h2>
<pre><code class="language-markdown"> git format-patch <opt> <since>/<revision range>
opt:
-N ................... use [PATCH] instead [PATCH n/m] in subject when
generating patch description (for patches spanning
multiple commits)
--start-number <n> ... start output file generation with <n> as start
number instead '1'
since spcifier:
-3 .................. e.g: create a patch from last three commits
<comit hash> ........ create patch with commits starting after <comit hash>
git am <patch> ......... apply patch and create a commit for it
git apply --stat <PATCH> ... see which files the patch would change
git apply --check <PATCH> .. see if the patch can be applied cleanly
git apply <PATCH> .......... apply the patch locally without creating a commit
# eg: generate patches for each commit from initial commit on
git format-patch -N $(git rev-list --max-parents=0 HEAD)
# generate single patch file from a certain commit/ref
git format-patch <COMMIT/REF> --stdout > my-patch.patch
</code></pre>
<h2><a class="header" href="#submodules" id="submodules">Submodules</a></h2>
<pre><code class="language-markdown"> git submodule add <url> [<path>] .......... add new submodule to current project
git clone --recursive <url> ............... clone project and recursively all
submodules (same as using
'git submodule update --init
--recursive' after clone)
git submodule update --init --recursive ... checkout submodules recursively
using the commit listed in the
super-project (in detached HEAD)
git submodule update --remote <submod> .... fetch & merge remote changes for
<submod>, this will pull
origin/HEAD or a branch specified
for the submodule
</code></pre>
<h2><a class="header" href="#inspection" id="inspection">Inspection</a></h2>
<pre><code class="language-markdown"> git ls-tree [-r] <ref> .... show git tree for <ref>, -r to recursively ls sub-trees
git show <obj> ............ show <obj>
git cat-file -p <obj> ..... print content of <obj>
</code></pre>
<h2><a class="header" href="#revision-specifier" id="revision-specifier">Revision Specifier</a></h2>
<pre><code class="language-markdown"> HEAD ........ last commit
HEAD~1 ...... last commit-1
HEAD~N ...... last commit-N (linear backwards when in tree structure, check
difference between HEAD^ and HEAD~)
git rev-list --max-parents=0 HEAD ........... first commit
</code></pre>
<h1><a class="header" href="#awk1" id="awk1">awk(1)</a></h1>
<pre><code class="language-markdown">awk [opt] program [input]
-F <sepstr> field separator string (can be regex)
program awk program
input file or stdin if not file given
</code></pre>
<h2><a class="header" href="#input-processing" id="input-processing">Input processing</a></h2>
<p>Input is processed in two stages:</p>
<ol>
<li>Splitting input into a sequence of <code>records</code>.
By default split at <code>newline</code> character, but can be changed via the
builtin <code>RS</code> variable.</li>
<li>Splitting a <code>record</code> into <code>fields</code>. By default strings without <code>whitespace</code>,
but can be changed via the builtin variable <code>FS</code> or command line option
<code>-F</code>.</li>
</ol>
<p>Fields are accessed as follows:</p>
<ul>
<li><code>$0</code> whole <code>record</code></li>
<li><code>$1</code> field one</li>
<li><code>$2</code> field two</li>
<li>...</li>
</ul>
<h2><a class="header" href="#program" id="program">Program</a></h2>
<p>An <code>awk</code> program is composed of pairs of the form:</p>
<pre><code class="language-markdown">pattern { action }
</code></pre>
<p>The program is run against each <code>record</code> in the input stream. If a <code>pattern</code>
matches a <code>record</code> the corresponding <code>action</code> is executed and can access the
<code>fields</code>.</p>
<pre><code class="language-markdown">INPUT
|
v
record ----> ∀ pattern matched
| |
v v
fields ----> run associated action
</code></pre>
<p>Any valid awk <code>expr</code> can be a <code>pattern</code>.</p>
<h3><a class="header" href="#special-pattern" id="special-pattern">Special pattern</a></h3>
<p>awk provides two special patterns, <code>BEGIN</code> and <code>END</code>, which can be used
multiple times. Actions with those patterns are <strong>executed exactly once</strong>.</p>
<ul>
<li><code>BEGIN</code> actions are run before processing the first record</li>
<li><code>END</code> actions are run after processing the last record</li>
</ul>
<h3><a class="header" href="#special-variables" id="special-variables">Special variables</a></h3>
<ul>
<li><code>RS</code> <em>record separator</em>: first char is the record separator, by default
<newline></li>
<li><code>FS</code> <em>field separator</em>: regex to split records into fields, by default
<space></li>
<li><code>NR</code> <em>number record</em>: number of current record</li>
</ul>
<h3><a class="header" href="#special-statements--functions" id="special-statements--functions">Special statements & functions</a></h3>
<ul>
<li>
<p><code>printf "fmt", args...</code></p>
<p>Print format string, args are comma separated.</p>
<ul>
<li><code>%s</code> string</li>
<li><code>%d</code> decimal</li>
<li><code>%x</code> hex</li>
<li><code>%f</code> float</li>
</ul>
<p>Width can be specified as <code>%Ns</code>, this reserves <code>N</code> chars for a string.
For floats one can use <code>%N.Mf</code>, <code>N</code> is the total number including <code>.</code> and
<code>M</code>.</p>
</li>
<li>
<p><code>strftime("fmt")</code></p>
<p>Print time stamp formatted by <code>fmt</code>.</p>
<ul>
<li><code>%Y</code> full year (eg 2020)</li>
<li><code>%m</code> month (01-12)</li>
<li><code>%d</code> day (01-31)</li>
<li><code>%F</code> alias for <code>%Y-%m-%d</code></li>
<li><code>%H</code> hour (00-23)</li>
<li><code>%M</code> minute (00-59)</li>
<li><code>%S</code> second (00-59)</li>
<li><code>%T</code> alias for <code>%H:%M:%S</code></li>
</ul>
</li>
</ul>
<h2><a class="header" href="#examples" id="examples">Examples</a></h2>
<h3><a class="header" href="#filter-records" id="filter-records">Filter records</a></h3>
<pre><code class="language-bash">awk 'NR%2 == 0 { print $0 }' <file>
</code></pre>
<p>The pattern <code>NR%2 == 0</code> matches every second record and the action <code>{ print $0 }</code>
prints the whole record.</p>
<h3><a class="header" href="#capture-in-variables" id="capture-in-variables">Capture in variables</a></h3>
<pre><code class="language-bash"># /proc/<pid>/status
# Name: cat
# ...
# VmRSS: 516 kB
# ...
for f in /proc/*/status; do
cat $f | awk '
/^VmRSS/ { rss = $2/1024 }
/^Name/ { name = $2 }
END { printf "%16s %6d MB\n", name, rss }';
done | sort -k2 -n
</code></pre>
<p>We capture values from <code>VmRSS</code> and <code>Name</code> into variables and print them at the
<code>END</code> once processing all records is done.</p>
<h3><a class="header" href="#run-shell-command-and-capture-output" id="run-shell-command-and-capture-output">Run shell command and capture output</a></h3>
<pre><code class="language-bash">cat /proc/1/status | awk '
/^Pid/ {
"ps --no-header -o user " $2 | getline user;
print user
}'
</code></pre>
<p>We build a <code>ps</code> command line and capture the first line of the processes output
in the <code>user</code> variable and then print it.</p>
<h1><a class="header" href="#gdb1" id="gdb1">gdb(1)</a></h1>
<h1><a class="header" href="#cli" id="cli">CLI</a></h1>
<pre><code class="language-markdown"> gdb [opts] [prg [-c coredump | -p pid]]
gdb [opts] --args prg <prg-args>
opts:
-p <pid> attach to pid
-c <coredump> use <coredump>
-x <file> execute script <file> before prompt
-ex <cmd> execute command <cmd> before prompt
--tty <tty> set I/O tty for debugee
</code></pre>
<h1><a class="header" href="#interactive-usage" id="interactive-usage">Interactive usage</a></h1>
<pre><code class="language-markdown"> tty <tty>
Set <tty> as tty for debugee.
Make sure nobody reads from target tty, easiest is to spawn a shell
and run following in target tty:
> while true; do sleep 1024; done
set follow-fork-mode <child | parent>
Specify which process to follow when debuggee makes a fork(2)
syscall.
sharedlibrary [<regex>]
Load symbols of shared libs loaded by debugee. Optionally use <regex>
to filter libs for symbol loading.
break [-qualified] <sym> thread <tnum>
Set a breakpoint only for a specific thread.
-qualified: Tred <sym> as fully qualified symbol (quiet handy to set
breakpoints on C symbols in C++ contexts)
rbreak <regex>
Set breakpoints matching <regex>, where matching internally is done
on: .*<regex>.*
command [<bp_list>]
Define commands to run after breakpoint hit. If <bp_list> is not
specified attach command to last created breakpoint. Command block
terminated with 'end' token.
<bp_list>: Space separates list, eg 'command 2 5-8' to run command
for breakpoints: 2,5,6,7,8.
info functions [<regex>]
List functions matching <regex>. List all functions if no <regex>
provided.
info variables [<regex>]
List variables matching <regex>. List all variables if no <regex>
provided.
info handle [<signal>]
Print how to handle <signal>. If no <signal> specified print for all
signals.
handle <signal> <action>
Configure how gdb handles <signal> sent to debugee.
<action>:
stop/nostop Catch signal in gdb and break.
print/noprint Print message when gdb catches signal.
pass/nopass Pass signal down to debugee.
catch signal <signal>
Create a catchpoint for <signal>.
</code></pre>
<h1><a class="header" href="#user-commands-macros" id="user-commands-macros">User commands (macros)</a></h1>
<p>Gdb allows to create & document user commands as follows:</p>
<pre><code class="language-markdown"> define <cmd>
# cmds
end
document <cmd>
# docu
end
</code></pre>
<p>To get all user commands or documentations one can use:</p>
<pre><code class="language-markdown"> help user-defined
help <cmd>
</code></pre>
<h1><a class="header" href="#hooks" id="hooks">Hooks</a></h1>
<p>Gdb allows to create two types of command <code>hooks</code></p>
<ul>
<li><code>hook-</code> will be run before <code><cmd></code></li>
<li><code>hookpost-</code> will be run after <code><cmd></code></li>
</ul>
<pre><code class="language-markdown"> define hook-<cmd>
# cmds
end
define hookpost-<cmd>
# cmds
end
</code></pre>
<h1><a class="header" href="#examples-1" id="examples-1">Examples</a></h1>
<h2><a class="header" href="#catch-sigsegv-and-execute-commands" id="catch-sigsegv-and-execute-commands">Catch SIGSEGV and execute commands</a></h2>
<p>This creates a <code>catchpoint</code> for the <code>SIGSEGV</code> signal and attached the <code>command</code>
to it.</p>
<pre><code class="language-markdown"> catch signal SIGSEGV
command
bt
c
end
</code></pre>
<h2><a class="header" href="#run-backtrace-on-thread-1-batch-mode" id="run-backtrace-on-thread-1-batch-mode">Run <code>backtrace</code> on thread 1 (batch mode)</a></h2>
<pre><code class="language-markdown"> gdb --batch -ex 'thread 1' -ex 'bt' -p <pid>
</code></pre>
<h2><a class="header" href="#script-gdb-for-automating-debugging-sessions" id="script-gdb-for-automating-debugging-sessions">Script gdb for automating debugging sessions</a></h2>
<p>To script gdb add commands into a file and pass it to gdb via <code>-x</code>.
For example create <code>run.gdb</code>:</p>
<pre><code class="language-markdown"> set pagination off
break mmap
command
info reg rdi rsi rdx
bt
c
end
#initial drop
c
</code></pre>
<p>This script can be used as:</p>
<pre><code class="language-markdown"> gdb --batch -x ./run.gdb -p <pid>
</code></pre>
<h1><a class="header" href="#know-bugs" id="know-bugs">Know Bugs</a></h1>
<h2><a class="header" href="#workaround-command--finish-bug" id="workaround-command--finish-bug">Workaround <code>command + finish</code> bug</a></h2>
<p>When using <code>finish</code> inside a <code>command</code> block, commands after <code>finish</code> are not
executed. To workaround that bug one can create a wrapper function which calls
<code>finish</code>.</p>
<pre><code class="language-markdown"> define handler
bt
finish
info reg rax
end
command
handler
end
</code></pre>
<h1><a class="header" href="#radare21" id="radare21">radare2(1)</a></h1>
<h2><a class="header" href="#print" id="print">print</a></h2>
<pre><code class="language-markdown">
pd <n> [@ <addr>] # print disassembly for <n> instructions
# with optional temporary seek to <addr>
</code></pre>
<h2><a class="header" href="#flags" id="flags">flags</a></h2>
<pre><code class="language-markdown"> fs # list flag-spaces
fs <fs> # select flag-space <fs>
f # print flags of selected flag-space
</code></pre>
<h2><a class="header" href="#help" id="help">help</a></h2>
<pre><code class="language-markdown"> ?*~<kw> # '?*' list all commands and '~' grep for <kw>
?*~... # '..' less mode /'...' interactive search
</code></pre>
<h2><a class="header" href="#relocation" id="relocation">relocation</a></h2>
<pre><code class="language-markdown"> > r2 -B <baddr> <exe> # open <exe> mapped to addr <baddr>
oob <addr> # reopen current file at <baddr>
</code></pre>
<h1><a class="header" href="#emacs1" id="emacs1">emacs(1)</a></h1>
<h2><a class="header" href="#help-1" id="help-1">help</a></h2>
<pre><code class="language-markdown"> C-h f describe function
C-h b list buffer available keymaps
<kseq> C-h list possible keymaps with <kseq>
eg C-x C-h -> list keymaps beginning with C-x
</code></pre>
<h2><a class="header" href="#window" id="window">window</a></h2>
<pre><code class="language-markdown"> C-x 0 kill focused window
C-x 1 kill all other windows
C-x 2 split horizontal
C-x 3 split vertical
</code></pre>
<h2><a class="header" href="#blockrect" id="blockrect">block/rect</a></h2>
<pre><code class="language-markdown"> C-x <SPC> activate rectangle-mark-mode
M-x string-rectangle <RET> insert text in marked rect
</code></pre>
<h2><a class="header" href="#mass-edit" id="mass-edit">mass edit</a></h2>
<pre><code class="language-makrdown"> C-x h mark whole buffer (mark-whole-buffer)
M-x delete-matching-line <RET> delete lines matching regex
M-x % search & replace region (query-replace)
C-M-x % search & replace regex (query-replace-regexp)
</code></pre>
<h2><a class="header" href="#grep" id="grep">grep</a></h2>
<pre><code class="language-markdown"> M-x find-grep <RET> run find-grep result in *grep* buffer
n/p navigate next/previous match in *grep* buffer
</code></pre>
<h2><a class="header" href="#lisp-mode" id="lisp-mode">lisp mode</a></h2>
<pre><code class="language-markdown"> M-x lisp-interaction-mode activate lisp mode
C-M-x evaluate top expr under cursor
C-x C-e eval-last-sexp
C-u C-x C-e eval-last-sexp and prints result in current buffer
</code></pre>
<h2><a class="header" href="#narrow" id="narrow">narrow</a></h2>
<pre><code class="language-markdown"> C-x n n show only focused region (narrow)
C-x n w show whole buffer (wide)
</code></pre>
<h2><a class="header" href="#org" id="org">org</a></h2>
<pre><code class="language-markdown"> M-up/M-down re-arrange items in same hierarchy
M-left/M-right change item hierarchy
C-RET create new item below current
C-S-RET create new TODO item below current
S-left/S-right cycle TODO states
</code></pre>
<h3><a class="header" href="#org-source" id="org-source">org source</a></h3>
<pre><code class="language-markdown"> <s TAB generate a source block
C-c ' edit source block (in lang specific buffer)
C-c C-c eval source block
</code></pre>
<h1><a class="header" href="#fish1" id="fish1">fish(1)</a></h1>
<h2><a class="header" href="#keymaps" id="keymaps">keymaps</a></h2>
<pre><code class="language-markdown"> Shift-Tab ........... tab-completion with search
Alt-Up / Alt-Down ... search history with token under the cursor
Alt-l ............... list content of dir under cursor
Alt-p ............... append '2>&1 | less;' to current cmdline
</code></pre>
<h2><a class="header" href="#debug" id="debug">debug</a></h2>
<pre><code class="language-markdown"> status print-stack-trace .. prints function stacktrace (can be used in scripts)
breakpoint ................ halt script execution and gives shell (C-d | exit
to continue)
</code></pre>
<h1><a class="header" href="#strace1" id="strace1">strace(1)</a></h1>
<pre><code class="language-markdown">strace [opts] [prg]
-f .......... follow child processes on fork(2)
-p <pid> .... attach to running process
-s <size> ... max string size, truncate of longer (default: 32)
-e <expr> ... expression for trace filtering
-o <file> ... log output into <file>
-c .......... dump syscall statitics at the end
</code></pre>
<pre><code class="language-markdown"><expr>:
trace=syscall[,syscall] .... trace only syscall listed
trace=file ................. trace all syscall that take a filename as arg
trace=process .............. trace process management related syscalls
trace=signal ............... trace signal related syscalls
signal ..................... trace signals delivered to the process
</code></pre>
<h1><a class="header" href="#examples-2" id="examples-2">Examples</a></h1>
<p>Trace <code>open(2)</code> & <code>socket(2)</code> syscalls for a running process + child processes:</p>
<pre><code class="language-markdown">strace -f -e trace=open,socket -p <pid>
</code></pre>
<p>Trace signals delivered to a running process:</p>
<pre><code class="language-markdown">strace -f -e signal -p <pid>
</code></pre>
<h1><a class="header" href="#lsof8" id="lsof8">lsof(8)</a></h1>
<pre><code class="language-markdown">lsof
-a ......... AND slection filters instead ORing (OR: default)
-p <pid> ... filter by <pid>
+fg ........ show file flags for file descripros
-n ......... don't convert network addr to hostnames
-P ......... don't convert network port to service names
-i <@h[:p]>. show connections to h (hostname|ip addr) with optional port p
</code></pre>
<pre><code class="language-markdown">file flags:
R/W/RW ..... read/write/read-write
CR ......... create
AP ......... append
TR ......... truncate
</code></pre>
<h1><a class="header" href="#examples-3" id="examples-3">Examples</a></h1>
<h2><a class="header" href="#file-flags" id="file-flags">File flags</a></h2>
<p>Show open files with file flags for process:</p>
<pre><code class="language-markdown">lsof +fg -p <pid>
</code></pre>
<h2><a class="header" href="#open-tcp-connections" id="open-tcp-connections">Open TCP connections</a></h2>
<p>Show open tcp connections for <code>$USER</code>:</p>
<pre><code class="language-markdown">lsof -a -u $USER -i tcp
</code></pre>
<p><strong>Note</strong>: <code>-a</code> <em>ands</em> the results. If <code>-a</code> is not given all open files matching
<code>$USER</code> and all tcp connections are listed (<em>ored</em>).</p>
<h2><a class="header" href="#open-connection-to-specific-host" id="open-connection-to-specific-host">Open connection to specific host</a></h2>
<p>Show open connections to <code>localhost</code> for <code>$USER</code>:</p>
<pre><code class="language-markdown">lsof -a -u $USER -i @localhost
</code></pre>
<h1><a class="header" href="#pidstat1" id="pidstat1">pidstat(1)</a></h1>
<pre><code class="language-markdown">pidstat [opt] [interval] [cont]
-U [user] show username instead UID, optionally only show for user
-r memory statistics
-d I/O statistics
-h single line per process and no lines with average
</code></pre>
<h1><a class="header" href="#page-fault-and-memory-utilization" id="page-fault-and-memory-utilization">Page fault and memory utilization</a></h1>
<pre><code class="language-markdown">pidstat -r -p <pid> [interval] [count]
</code></pre>
<pre><code class="language-markdown">minor_pagefault: Happens when the page needed is already in memory but not
allocated to the faulting process, in that case the kernel
only has to create a new page-table entry pointing to the
shared physical page (not required to load a memory page from
disk).
major_pagefault: Happens when the page needed is NOT in memory, the kernel
has to create a new page-table entry and populate the
physical page (required to load a memory page from disk).
</code></pre>
<h1><a class="header" href="#io-statistics" id="io-statistics">I/O statistics</a></h1>
<pre><code class="language-markdown">pidstat -d -p <pid> [interval] [count]
</code></pre>
<h1><a class="header" href="#usrbintime1" id="usrbintime1">/usr/bin/time(1)</a></h1>
<pre><code class="language-markdown"># statistics of process run
/usr/bin/time -v <cmd>
</code></pre>
<h1><a class="header" href="#pgrep1" id="pgrep1">pgrep(1)</a></h1>
<pre><code class="language-markdown">pgrep [opts] <pattern>
-n only list newest matching process
-u <usr> only show matching for user <usr>
-l additionally list command
-a additionally list command + arguments
</code></pre>
<h2><a class="header" href="#debug-newest-process" id="debug-newest-process">Debug newest process</a></h2>
<p>For example attach gdb to newest zsh process from <code>$USER</code>.</p>
<pre><code class="language-markdown">gdb -p $(pgrep -n -u $USER zsh)
</code></pre>
<h1><a class="header" href="#pstack1" id="pstack1">pstack(1)</a></h1>
<pre><code class="language-markdown">pstack <pid>
Dump stack for all threads of process.
</code></pre>
<h1><a class="header" href="#pstack1-1" id="pstack1-1">pstack(1)</a></h1>
<pre><code class="language-markdown">pstack <pid>
Dump stack for all threads of process.
</code></pre>
<h1><a class="header" href="#perf1" id="perf1">perf(1)</a></h1>
<pre><code class="language-markdown">perf list show supported hw/sw events
perf stat
-p <pid> .. show stats for running process
-I <ms> ... show stats periodically over interval <ms>
-e <ev> ... filter for events
perf top
-p <pid> .. show stats for running process
-F <hz> ... sampling frequency
-K ........ hide kernel threads
perf record
-p <pid> ............... record stats for running process
-F <hz> ................ sampling frequency
--call-graph <method> .. [fp, dwarf, lbr] method how to caputre backtrace
fp : use frame-pointer, need to compile with
-fno-omit-frame-pointer
dwarf: use .cfi debug information
lbr : use hardware last branch record facility
-g ..................... short-hand for --call-graph fp
-e <ev> ................ filter for events
perf report
-n .................... annotate symbols with nr of samples
--stdio ............... report to stdio, if not presen tui mode
-g graph,0.5,caller ... show caller based call chains with value >0.5
</code></pre>
<pre><code class="language-markdown">Useful <ev>:
page-faults
minor-faults
major-faults
cpu-cycles`
task-clock
</code></pre>
<h2><a class="header" href="#a-hrefhttpsgithubcombrendangreggflamegraphflamegrapha" id="a-hrefhttpsgithubcombrendangreggflamegraphflamegrapha"><a href="https://github.com/brendangregg/FlameGraph"><code>Flamegraph</code></a></a></h2>
<h3><a class="header" href="#flamegraph-with-single-event-trace" id="flamegraph-with-single-event-trace">Flamegraph with single event trace</a></h3>
<pre><code class="language-markdown">perf record -g -e cpu-cycles -p <pid>
perf script | FlameGraph/stackcollapse-perf.pl | FlameGraph/flamegraph.pl > cycles-flamegraph.svg
</code></pre>
<h3><a class="header" href="#flamegraph-with-multiple-event-traces" id="flamegraph-with-multiple-event-traces">Flamegraph with multiple event traces</a></h3>
<pre><code class="language-markdown">perf record -g -e cpu-cycles,page-faults -p <pid>
perf script --per-event-dump
# fold & generate as above
</code></pre>
<h1><a class="header" href="#a-hrefhttpsoprofilesourceforgeiooprofilea" id="a-hrefhttpsoprofilesourceforgeiooprofilea"><a href="https://oprofile.sourceforge.io/">OProfile</a></a></h1>
<pre><code class="language-markdown">operf -g -p <pid>
-g ...... caputre call-graph information
opreport [opt] FILE
show time spent per binary image
-l ...... show time spent per symbol
-c ...... show callgraph information (see below)
-a ...... add column with time spent accumulated over child nodes
ophelp show supported hw/sw events
</code></pre>
<h1><a class="header" href="#od1" id="od1">od(1)</a></h1>
<pre><code class="language-markdown"> od [opts] <file>
-An don't print addr info
-tx4 print hex in 4 byte chunks
-ta print as named character
-tc printable chars or backslash escape
-w4 print 4 bytes per line
-j <n> skip <n> bytes from <file> (hex if start with 0x)
-N <n> dump <n> bytes (hex of start with 0x)
</code></pre>
<h2><a class="header" href="#ascii-to-hex-string" id="ascii-to-hex-string">ASCII to hex string</a></h2>
<pre><code class="language-markdown"> echo -n AAAABBBB | od -An -w4 -tx4
>> 41414141
>> 42424242
echo -n '\x7fELF\n' | od -tx1 -ta -tc
>> 0000000 7f 45 4c 46 0a # tx1
>> del E L F nl # ta
>> 177 E L F \n # tc
</code></pre>
<h2><a class="header" href="#extract-parts-of-file" id="extract-parts-of-file">Extract parts of file</a></h2>
<p>For example <code>.rodata</code> section from an elf file. We can use <code>readelf</code> to get the
offset into the file where the <code>.rodata</code> section starts.</p>
<pre><code class="language-markdown"> readelf -W -S foo
>> Section Headers:
>> [Nr] Name Type Address Off Size ES Flg Lk Inf Al
>> ...
>> [15] .rodata PROGBITS 00000000004009c0 0009c0 000030 00 A 0 0 16
</code></pre>
<p>With the offset of <code>-j 0x0009c0</code> we can dump <code>-N 0x30</code> bytes from the beginning of
the <code>.rodata</code> section as follows:</p>
<pre><code class="language-markdown"> od -j 0x0009c0 -N 0x30 -tx4 -w4 foo
>> 0004700 00020001
>> 0004704 00000000
>> *
>> 0004740 00000001
>> 0004744 00000002
>> 0004750 00000003
>> 0004754 00000004
</code></pre>
<p><strong>Note</strong>: Numbers starting with <code>0x</code> will be interpreted as hex by <code>od</code>.</p>
<h1><a class="header" href="#xxd1" id="xxd1">xxd(1)</a></h1>
<pre><code class="language-markdown"> xxd [opts]
-p dump continuous hexdump
-r convert hexdump into binary ('revert')
-e dump as little endian mode
-i output as C array
</code></pre>
<h2><a class="header" href="#ascii-to-hex-stream" id="ascii-to-hex-stream">ASCII to hex stream</a></h2>
<pre><code class="language-markdown"> echo -n 'aabb' | xxd -p
>> 61616262
</code></pre>
<h2><a class="header" href="#hex-to-binary-stream" id="hex-to-binary-stream">Hex to binary stream</a></h2>
<pre><code class="language-markdown"> echo -n '61616262' | xxd -p -r
>> aabb
</code></pre>
<h2><a class="header" href="#ascii-to-binary" id="ascii-to-binary">ASCII to binary</a></h2>
<pre><code class="language-markdown"> echo -n '\x7fELF' | xxd -p | xxd -p -r | file -p -
>> ELF
</code></pre>
<h2><a class="header" href="#ascii-to-c-array-hex-encoded" id="ascii-to-c-array-hex-encoded">ASCII to <code>C</code> array (hex encoded)</a></h2>
<pre><code class="language-markdown"> xxd -i <(echo -n '\x7fELF')
>> unsigned char _proc_self_fd_11[] = {
>> 0x7f, 0x45, 0x4c, 0x46
>> };
>> unsigned int _proc_self_fd_11_len = 4;
</code></pre>
<h1><a class="header" href="#readelf1" id="readelf1">readelf(1)</a></h1>
<pre><code class="language-markdown"> readelf [opts] <elf>
-W|--wide wide output, dont break output at 80 chars
-h print ELF header
-S print section headers
-l print program headers + segment mapping
-d print .dynamic section (dynamic link information)
--syms print symbol tables (.symtab .dynsym)
--dyn-syms print dynamic symbol table (exported symbols for dynamic linker)
-r print relocation sections (.rel.*, .rela.*)
</code></pre>
<h1><a class="header" href="#objdump1" id="objdump1">objdump(1)</a></h1>
<pre><code class="language-markdown"> objdump [opts] <elf>
-M intel use intil syntax
-d disassemble text section
-D disassemble all sections
-S mix disassembly with source code
-C demangle
-j <section> display info for section
--[no-]show-raw-insn [dont] show object code next to disassembly
</code></pre>
<h2><a class="header" href="#disassemble-section" id="disassemble-section">Disassemble section</a></h2>
<p>For example <code>.plt</code> section:</p>
<pre><code class="language-markdown"> objdump -j .plt -d <elf>
</code></pre>
<h1><a class="header" href="#nm1" id="nm1">nm(1)</a></h1>
<pre><code class="language-markdown"> nm [opts] <elf>
-C demangle
-u undefined only
</code></pre>
<h1><a class="header" href="#cfilt1" id="cfilt1">c++filt(1)</a></h1>
<h2><a class="header" href="#demangle-symbol" id="demangle-symbol">Demangle symbol</a></h2>
<pre><code class="language-markdown"> c++-filt <symbol_str>
</code></pre>
<h2><a class="header" href="#demangle-stream" id="demangle-stream">Demangle stream</a></h2>
<p>For example dynamic symbol table:</p>
<pre><code class="language-markdown"> readelf -W --dyn-syms <elf> | c++filt
</code></pre>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
</nav>
</div>
<script type="text/javascript">
window.playpen_copyable = true;
</script>
<script src="elasticlunr.min.js" type="text/javascript" charset="utf-8"></script>
<script src="mark.min.js" type="text/javascript" charset="utf-8"></script>
<script src="searcher.js" type="text/javascript" charset="utf-8"></script>
<script src="clipboard.min.js" type="text/javascript" charset="utf-8"></script>
<script src="highlight.js" type="text/javascript" charset="utf-8"></script>
<script src="book.js" type="text/javascript" charset="utf-8"></script>
<!-- Custom JS scripts -->
<script type="text/javascript">
window.addEventListener('load', function() {
window.setTimeout(window.print, 100);
});
</script>
</body>
</html>