<!DOCTYPE HTML>
<html lang="en" class="sidebar-visible no-js light">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Notes</title>
<meta name="robots" content="noindex" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff" />
<link rel="shortcut icon" href="favicon.png">
<link rel="stylesheet" href="css/variables.css">
<link rel="stylesheet" href="css/general.css">
<link rel="stylesheet" href="css/chrome.css">
<link rel="stylesheet" href="css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="FontAwesome/css/font-awesome.css">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800" rel="stylesheet" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Source+Code+Pro:500" rel="stylesheet" type="text/css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="highlight.css">
<link rel="stylesheet" href="tomorrow-night.css">
<link rel="stylesheet" href="ayu-highlight.css">
<!-- Custom theme stylesheets -->
</head>
<body>
<!-- Provide site root to javascript -->
<script type="text/javascript">
var path_to_root = "";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "light" : "light";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script type="text/javascript">
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script type="text/javascript">
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('light')
html.classList.add(theme);
html.classList.add('js');
</script>
<!-- Hide / unhide sidebar before it is displayed -->
<script type="text/javascript">
var html = document.querySelector('html');
var sidebar = 'hidden';
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div id="sidebar-scrollbox" class="sidebar-scrollbox">
<ol class="chapter"><li class="expanded affix "><a href="intro.html">Introduction</a></li><li class="expanded "><a href="tools/index.html"><strong aria-hidden="true">1.</strong> Tools</a></li><li><ol class="section"><li class="expanded "><a href="tools/zsh.html"><strong aria-hidden="true">1.1.</strong> zsh</a></li><li class="expanded "><a href="tools/bash.html"><strong aria-hidden="true">1.2.</strong> bash</a></li><li class="expanded "><a href="tools/fish.html"><strong aria-hidden="true">1.3.</strong> fish</a></li><li class="expanded "><a href="tools/tmux.html"><strong aria-hidden="true">1.4.</strong> tmux</a></li><li class="expanded "><a href="tools/git.html"><strong aria-hidden="true">1.5.</strong> git</a></li><li class="expanded "><a href="tools/awk.html"><strong aria-hidden="true">1.6.</strong> awk</a></li><li class="expanded "><a href="tools/emacs.html"><strong aria-hidden="true">1.7.</strong> emacs</a></li><li class="expanded "><a href="tools/gpg.html"><strong aria-hidden="true">1.8.</strong> gpg</a></li><li class="expanded "><a href="tools/gdb.html"><strong aria-hidden="true">1.9.</strong> gdb</a></li><li class="expanded "><a href="tools/gdbserver.html"><strong aria-hidden="true">1.10.</strong> gdbserver</a></li><li class="expanded "><a href="tools/radare2.html"><strong aria-hidden="true">1.11.</strong> radare2</a></li><li class="expanded "><a href="tools/qemu.html"><strong aria-hidden="true">1.12.</strong> qemu</a></li><li class="expanded "><a href="tools/pacman.html"><strong aria-hidden="true">1.13.</strong> pacman</a></li><li class="expanded "><a href="tools/dot.html"><strong aria-hidden="true">1.14.</strong> dot</a></li></ol></li><li class="expanded "><a href="monitor/index.html"><strong aria-hidden="true">2.</strong> Resource analysis & monitor</a></li><li><ol class="section"><li class="expanded "><a href="monitor/lsof.html"><strong aria-hidden="true">2.1.</strong> lsof</a></li><li class="expanded "><a href="monitor/ss.html"><strong aria-hidden="true">2.2.</strong> ss</a></li><li class="expanded "><a href="monitor/pidstat.html"><strong aria-hidden="true">2.3.</strong> pidstat</a></li><li class="expanded "><a href="monitor/pgrep.html"><strong aria-hidden="true">2.4.</strong> pgrep</a></li><li class="expanded "><a href="monitor/pmap.html"><strong aria-hidden="true">2.5.</strong> pmap</a></li><li class="expanded "><a href="monitor/pstack.html"><strong aria-hidden="true">2.6.</strong> pstack</a></li></ol></li><li class="expanded "><a href="trace_profile/index.html"><strong aria-hidden="true">3.</strong> Trace and Profile</a></li><li><ol class="section"><li class="expanded "><a href="trace_profile/strace.html"><strong aria-hidden="true">3.1.</strong> strace</a></li><li class="expanded "><a href="trace_profile/ltrace.html"><strong aria-hidden="true">3.2.</strong> ltrace</a></li><li class="expanded "><a href="trace_profile/perf.html"><strong aria-hidden="true">3.3.</strong> perf</a></li><li class="expanded "><a href="trace_profile/oprofile.html"><strong aria-hidden="true">3.4.</strong> OProfile</a></li><li class="expanded "><a href="trace_profile/time.html"><strong aria-hidden="true">3.5.</strong> time</a></li></ol></li><li class="expanded "><a href="binary/index.html"><strong aria-hidden="true">4.</strong> Binary</a></li><li><ol class="section"><li class="expanded "><a href="binary/od.html"><strong aria-hidden="true">4.1.</strong> od</a></li><li class="expanded "><a href="binary/xxd.html"><strong aria-hidden="true">4.2.</strong> xxd</a></li><li class="expanded "><a href="binary/readelf.html"><strong aria-hidden="true">4.3.</strong> readelf</a></li><li class="expanded "><a href="binary/objdump.html"><strong aria-hidden="true">4.4.</strong> objdump</a></li><li class="expanded "><a href="binary/nm.html"><strong aria-hidden="true">4.5.</strong> nm</a></li></ol></li><li class="expanded "><a href="development/index.html"><strong aria-hidden="true">5.</strong> Development</a></li><li><ol class="section"><li class="expanded "><a href="development/c++filt.html"><strong aria-hidden="true">5.1.</strong> c++filt</a></li><li class="expanded "><a href="development/c++.html"><strong aria-hidden="true">5.2.</strong> c++</a></li><li class="expanded "><a href="development/glibc.html"><strong aria-hidden="true">5.3.</strong> glibc</a></li><li class="expanded "><a href="development/gcc.html"><strong aria-hidden="true">5.4.</strong> gcc</a></li><li class="expanded "><a href="development/make.html"><strong aria-hidden="true">5.5.</strong> make</a></li><li class="expanded "><a href="development/ld.so.html"><strong aria-hidden="true">5.6.</strong> ld.so</a></li><li class="expanded "><a href="development/symbolver.html"><strong aria-hidden="true">5.7.</strong> symbol versioning</a></li><li class="expanded "><a href="development/python.html"><strong aria-hidden="true">5.8.</strong> python</a></li></ol></li><li class="expanded "><a href="linux/index.html"><strong aria-hidden="true">6.</strong> Linux</a></li><li><ol class="section"><li class="expanded "><a href="linux/systemd.html"><strong aria-hidden="true">6.1.</strong> systemd</a></li><li class="expanded "><a href="linux/coredump.html"><strong aria-hidden="true">6.2.</strong> coredump</a></li><li class="expanded "><a href="linux/ptrace_scope.html"><strong aria-hidden="true">6.3.</strong> ptrace_scope</a></li></ol></li><li class="expanded "><a href="network/index.html"><strong aria-hidden="true">7.</strong> Network</a></li><li><ol class="section"><li class="expanded "><a href="network/tcpdump.html"><strong aria-hidden="true">7.1.</strong> tcpdump</a></li></ol></li><li class="expanded "><a href="arch/index.html"><strong aria-hidden="true">8.</strong> Arch</a></li><li><ol class="section"><li class="expanded "><a href="arch/x86_64.html"><strong aria-hidden="true">8.1.</strong> x86_64</a></li><li class="expanded "><a href="arch/arm64.html"><strong aria-hidden="true">8.2.</strong> arm64</a></li><li class="expanded "><a href="arch/armv7.html"><strong aria-hidden="true">8.3.</strong> armv7</a></li><li class="expanded "><a href="arch/riscv.html"><strong aria-hidden="true">8.4.</strong> riscv</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar" class="menu-bar">
<div id="menu-bar-sticky-container">
<div class="left-buttons">
<button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</button>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="light">Light (default)</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Notes</h1>
<div class="right-buttons">
<a href="print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/johannst/notes" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
</div>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" name="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script type="text/javascript">
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1><a class="header" href="#notes" id="notes">Notes</a></h1>
<p>A personal collection of notes and cheatsheets.</p>
<p>Source code is located at <a href="https://github.com/johannst/notes">johannst/notes</a>.</p>
<h1><a class="header" href="#tools" id="tools">Tools</a></h1>
<ul>
<li><a href="tools/./zsh.html">zsh</a></li>
<li><a href="tools/./bash.html">bash</a></li>
<li><a href="tools/./fish.html">fish</a></li>
<li><a href="tools/./tmux.html">tmux</a></li>
<li><a href="tools/./git.html">git</a></li>
<li><a href="tools/./awk.html">awk</a></li>
<li><a href="tools/./emacs.html">emacs</a></li>
<li><a href="tools/./gpg.html">gpg</a></li>
<li><a href="tools/./gdb.html">gdb</a></li>
<li><a href="tools/./gdbserver.html">gdbserver</a></li>
<li><a href="tools/./radare2.html">radare2</a></li>
<li><a href="tools/./qemu.html">qemu</a></li>
<li><a href="tools/./pacman.html">pacman</a></li>
<li><a href="tools/./dot.html">dot</a></li>
</ul>
<h1><a class="header" href="#zsh1" id="zsh1">zsh(1)</a></h1>
<h2><a class="header" href="#keybindings" id="keybindings">Keybindings</a></h2>
<p>Change input mode:</p>
<pre><code class="language-zsh">bindkey -v change to vi keymap
bindkey -e change to emacs keymap
</code></pre>
<p>Define key-mappings:</p>
<pre><code class="language-zsh">bindkey list mappings in current keymap
bindkey in-str cmd create mapping for `in-str` to `cmd`
bindkey -r in-str remove binding for `in-str`
# C-v <key> dump <key> code, which can be used in `in-str`
# zle -l list all functions for keybindings
# man zshzle(1) STANDARD WIDGETS: get description of functions
</code></pre>
<p>Access edit buffer in zle widget:</p>
<pre><code class="language-zsh">$BUFFER # Entire edit buffer content
$LBUFFER # Edit buffer content left to cursor
$RBUFFER # Edit buffer content right to cursor
# create zle widget which adds text right of the cursor
function add-text() {
RBUFFER="some text $RBUFFER"
}
zle -N add-text
bindkey "^p" add-text
</code></pre>
<h2><a class="header" href="#parameter" id="parameter">Parameter</a></h2>
<p>Default value:</p>
<pre><code class="language-zsh"># default value
echo ${foo:-defval} # defval
foo=bar
echo ${foo:-defval} # bar
</code></pre>
<p>Alternative value:</p>
<pre><code class="language-zsh">echo ${foo:+altval} # ''
foo=bar
echo ${foo:+altval} # altval
</code></pre>
<p>Check variable set, error if not set:</p>
<pre><code class="language-zsh">echo ${foo:?msg} # print `msg` and return errno `1`
foo=bar
echo ${foo:?msg} # bar
</code></pre>
<p>Sub-string <code>${var:offset:length}</code>:</p>
<pre><code class="language-zsh">foo=abcdef
echo ${foo:1:3} # bcd
</code></pre>
<p>Trim prefix <code>${var#prefix}</code>:</p>
<pre><code class="language-zsh">foo=bar.baz
echo ${foo#bar} # .baz
</code></pre>
<p>Trim suffix <code>${var%suffix}</code>:</p>
<pre><code class="language-zsh">foo=bar.baz
echo ${foo%.baz} # bar
</code></pre>
<p>Substitute pattern <code>${var/pattern/replace}</code>:</p>
<pre><code class="language-zsh">foo=aabbccbbdd
echo ${foo/bb/XX} # aaXXccbbdd
echo ${foo//bb/XX} # aaXXccXXdd
# replace prefix
echo ${foo/#bb/XX} # aabbccbbdd
echo ${foo/#aa/XX} # XXbbccbbdd
# replace suffix
echo ${foo/%bb/XX} # aabbccbbdd
echo ${foo/%dd/XX} # aabbccbbXX
</code></pre>
<blockquote>
<p>Note: <code>prefix</code>/<code>suffix</code>/<code>pattern</code> are expanded as pathnames.</p>
</blockquote>
<h2><a class="header" href="#variables" id="variables">Variables</a></h2>
<pre><code class="language-zsh"># Variable with local scope
local var=val
# Read-only variable
readonly var=bal
</code></pre>
<p>Indexed arrays:</p>
<pre><code class="language-zsh">arr=(aa bb cc dd)
echo $arr[1] # aa
echo $arr[-1] # dd
arr+=(ee)
echo $arr[-1] # ee
echo $arr[1,3] # aa bb cc
</code></pre>
<p>Associative arrays:</p>
<pre><code class="language-zsh">typeset -A arr
arr[x]='aa'
arr[y]='bb'
echo $arr[x] # aa
</code></pre>
<p>Tied arrays:</p>
<pre><code class="language-zsh">typeset -T VEC vec=(1 2 3) '|'
echo $vec # 1 2 3
echo $VEC # 1|2|3
</code></pre>
<p>Unique arrays (set):</p>
<pre><code>typeset -U vec=(1 2 3)
echo $vec # 1 2 3
vec+=(1 2 4)
echo $vec # 1 2 3 4
</code></pre>
<h3><a class="header" href="#expansion-flags" id="expansion-flags">Expansion Flags</a></h3>
<p>Join array to string <code>j:sep:</code>:</p>
<pre><code class="language-zsh">foo=(1 2 3 4)
echo ${(j:-:)foo} # 1-2-3-4
echo ${(j:\n:)foo} # join with new lines
</code></pre>
<p>Split string to array <code>s:sep</code>:</p>
<pre><code class="language-zsh">foo='1-2-3-4'
bar=(${(s:-:)foo}) # capture as array
echo $bar # 1 2 3 4
echo $bar[2] # 2
</code></pre>
<p>Upper/Lower case string:</p>
<pre><code class="language-zsh">foo=aaBB
echo ${(L)foo} # aabb
echo ${(U)foo} # AABB
</code></pre>
<p>Key/values in associative arrays:</p>
<pre><code class="language-zsh">typeset -A vec; vec[a]='aa'; vec[b]='bb'
echo ${(k)vec} # a b
echo ${(v)vec} # aa bb
echo ${(kv)vec} # a aa b bb
# Iterate over key value pairs.
for k v in ${(kv)vec)}; do ...; done
</code></pre>
<h2><a class="header" href="#argument-parsing-with-zparseopts" id="argument-parsing-with-zparseopts">Argument parsing with <code>zparseopts</code></a></h2>
<pre><code class="language-zsh">zparseopts [-D] [-E] [-A assoc] specs
</code></pre>
<p>Arguments are copied into the associative array <code>assoc</code> according to <code>specs</code>.
Each spec is described by an entry as <code>opt[:][=array]</code>.</p>
<ul>
<li><code>opt</code> is the option without the <code>-</code> char. Passing <code>-f</code> is matched against <code>f</code>
opt, <code>--long</code> is matched against <code>-long</code>.</li>
<li>Using <code>:</code> means the option will take an argument.</li>
<li>The optional <code>=array</code> specifies an alternate storage container where this
option should be stored.</li>
</ul>
<blockquote>
<p>Documentation can be found in <code>man zshmodules</code>.</p>
</blockquote>
<h3><a class="header" href="#example" id="example">Example</a></h3>
<pre><code class="language-zsh">#!/bin/zsh
function test() {
zparseopts -D -E -A opts f=flag o: -long:
echo "flag $flag"
echo "o $opts[-o]"
echo "long $opts[--long]"
echo "pos $1"
}
test -f -o OPTION --long LONG_OPT POSITIONAL
# Outputs:
# flag -f
# o OPTION
# long LONG_OPT
# pos POSITIONAL
</code></pre>
<h2><a class="header" href="#regular-expressions" id="regular-expressions">Regular Expressions</a></h2>
<p>Zsh supports regular expression matching with the binary operator <code>=~</code>.
The match results can be accessed via the <code>$MATCH</code> variable and
<code>$match</code> indexed array:</p>
<ul>
<li><code>$MATCH</code> contains the full match</li>
<li><code>$match[1]</code> contains match of the first capture group</li>
</ul>
<pre><code class="language-zsh">INPUT='title foo : 1234'
REGEX='^title (.+) : ([0-9]+)$'
if [[ $INPUT =~ $REGEX ]]; then
echo "$MATCH" # title foo : 1234
echo "$match[1]" # foo
echo "$match[2]" # 1234
fi
</code></pre>
<h2><a class="header" href="#completion" id="completion">Completion</a></h2>
<h3><a class="header" href="#installation" id="installation">Installation</a></h3>
<p>Completion functions are provided via files and need to be placed in a location
covered by <code>$fpath</code>. By convention the completion files are names as <code>_<CMD></code>.</p>
<p>A completion skeleton for the command <code>foo</code>, stored in <code>_foo</code></p>
<pre><code class="language-zsh">#compdef _foo foo
function _foo() {
...
}
</code></pre>
<p>Alternatively one can install a completion function explicitly by calling <code>compdef <FUNC> <CMD></code>.</p>
<h3><a class="header" href="#completion-variables" id="completion-variables">Completion Variables</a></h3>
<p>Following variables are available in Completion functions:</p>
<pre><code class="language-zsh">$words # array with command line in words
$#words # number words
$CURRENT # index into $words for cursor position
$words[CURRENT-1] # previous word (relative to cursor position)
</code></pre>
<h3><a class="header" href="#completion-functions" id="completion-functions">Completion Functions</a></h3>
<ul>
<li><code>_describe</code> simple completion, just words + description</li>
<li><code>_arguments</code> sophisticated completion, allow to specify actions</li>
</ul>
<h4><a class="header" href="#completion-with-a-hrefhttpzshsourceforgenetdocreleasecompletion-systemhtmlcompletion-functions_describea" id="completion-with-a-hrefhttpzshsourceforgenetdocreleasecompletion-systemhtmlcompletion-functions_describea">Completion with <a href="http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Completion-Functions"><code>_describe</code></a></a></h4>
<pre><code class="language-zsh">_describe MSG COMP
</code></pre>
<ul>
<li><code>MSG</code> simple string with header message</li>
<li><code>COMP</code> array of completions where each entry is <code>"opt:description"</code></li>
</ul>
<pre><code class="language-zsh">function _foo() {
local -a opts
opts=('bla:desc for bla' 'blu:desc for blu')
_describe 'foo-msg' opts
}
compdef _foo foo
foo <TAB><TAB>
-- foo-msg --
bla -- desc for bla
blu -- desc for blu
</code></pre>
<h4><a class="header" href="#completion-with-a-hrefhttpzshsourceforgenetdocreleasecompletion-systemhtmlcompletion-functions_argumentsa" id="completion-with-a-hrefhttpzshsourceforgenetdocreleasecompletion-systemhtmlcompletion-functions_argumentsa">Completion with <a href="http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Completion-Functions"><code>_arguments</code></a></a></h4>
<pre><code class="language-zsh">_arguments SPEC [SPEC...]
</code></pre>
<p>where <code>SPEC</code> can have one of the following forms:</p>
<ul>
<li><code>OPT[DESC]:MSG:ACTION</code></li>
<li><code>N:MSG:ACTION</code></li>
</ul>
<p>Available actions</p>
<pre><code class="language-zsh">(op1 op2) list possible matches
->VAL set $state=VAL and continue, `$state` can be checked later in switch case
FUNC call func to generate matches
{STR} evaluate `STR` to generate matches
</code></pre>
<h3><a class="header" href="#example-1" id="example-1">Example</a></h3>
<p>Skeleton to copy/paste for writing simple completions.</p>
<p>Assume a program <code>foo</code> with the following interface:</p>
<pre><code class="language-zsh">foo -c green|red|blue -s low|high -f <file> -d <dir> -h
</code></pre>
<p>The completion handler could be implemented as follows in a file called <code>_foo</code>:</p>
<pre><code class="language-zsh">#compdef _foo foo
function _foo_color() {
local colors=()
colors+=('green:green color')
colors+=('red:red color')
colors+=('blue:blue color')
_describe "color" colors
}
function _foo() {
_arguments \
"-c[define color]:color:->s_color" \
"-s[select sound]:sound:(low high)" \
"-f[select file]:file:_files" \
"-d[select dir]:dir:_files -/" \
"-h[help]"
case $state in
s_color) _foo_color;;
esac
}
</code></pre>
<blockquote>
<p><code>_files</code> is a zsh builtin utility function to complete files/dirs see</p>
<ul>
<li><a href="http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Completion-Functions">zsh completion functions</a></li>
<li><a href="https://github.com/zsh-users/zsh-completions/blob/master/zsh-completions-howto.org#utility-functions">zsh completion utility functions</a></li>
</ul>
</blockquote>
<h1><a class="header" href="#bash1" id="bash1">bash(1)</a></h1>
<h2><a class="header" href="#expansion" id="expansion">Expansion</a></h2>
<h3><a class="header" href="#generator" id="generator">Generator</a></h3>
<pre><code class="language-bash"># generate sequence from n to m
{n..m}
# generate sequence from n to m step by s
{n..m..s}
# expand cartesian product
{a,b}{c,d}
</code></pre>
<h3><a class="header" href="#parameter-1" id="parameter-1">Parameter</a></h3>
<pre><code class="language-bash"># default value
bar=${foo:-some_val} # if $foo set, then bar=$foo else bar=some_val
# alternate value
bar=${foo:+bla $foo} # if $foo set, then bar="bla $foo" else bar=""
# check param set
bar=${foo:?msg} # if $foo set, then bar=$foo else exit and print msg
# indirect
FOO=foo
BAR=FOO
bar=${!BAR} # deref value of BAR -> bar=$FOO
# prefix
${foo#prefix} # remove prefix when expanding $foo
# suffix
${foo%suffix} # remove suffix when expanding $foo
# substitute
${foo/pattern/string} # replace pattern with string when expanding foo
# pattern starts with
# '/' replace all occurences of pattern
# '#' pattern match at beginning
# '%' pattern match at end
</code></pre>
<blockquote>
<p>Note: <code>prefix</code>/<code>suffix</code>/<code>pattern</code> are expanded as <a href="tools/bash.html#pathname">pathnames</a>.</p>
</blockquote>
<h3><a class="header" href="#pathname" id="pathname">Pathname</a></h3>
<pre><code class="language-bash">* match any string
? match any single char
\\ match backslash
[abc] match any char of 'a' 'b' 'c'
[a-z] match any char between 'a' - 'z'
[^ab] negate, match all not 'a' 'b'
[:class:] match any char in class, available:
alnum,alpha,ascii,blank,cntrl,digit,graph,lower,
print,punct,space,upper,word,xdigit
</code></pre>
<p>With <code>extglob</code> shell option enabled it is possible to have more powerful
patterns. In the following <code>pattern-list</code> is one ore more patterns separated
by <code>|</code> char.</p>
<pre><code class="language-bash">?(pattern-list) matches zero or one occurrence of the given patterns
*(pattern-list) matches zero or more occurrences of the given patterns
+(pattern-list) matches one or more occurrences of the given patterns
@(pattern-list) matches one of the given patterns
!(pattern-list) matches anything except one of the given patterns
</code></pre>
<blockquote>
<p>Note: <code>shopt -s extglob</code>/<code>shopt -u extglob</code> to enable/disable <code>extglob</code>
option.</p>
</blockquote>
<h2><a class="header" href="#io-redirection" id="io-redirection">I/O redirection</a></h2>
<blockquote>
<p>Note: The trick with bash I/O redirection is to interpret from left-to-right.</p>
</blockquote>
<pre><code class="language-bash"># stdout & stderr to file
command >file 2>&1
# equivalent
command &>file
# stderr to stdout & stdout to file
command 2>&1 >file
</code></pre>
<blockquote>
<p>The article <a href="https://catonmat.net/bash-one-liners-explained-part-three">Bash One-Liners Explained, Part III: All about
redirections</a>
contains some nice visualization to explain bash redirections.</p>
</blockquote>
<h3><a class="header" href="#explanation" id="explanation">Explanation</a></h3>
<pre><code class="language-bash">j>&i
</code></pre>
<p>Duplicate <code>fd i</code> to <code>fd j</code>, making <code>j</code> a copy of <code>i</code>. See <a href="http://man7.org/linux/man-pages/man2/dup.2.html">dup2(2)</a>.</p>
<p>Example:</p>
<pre><code class="language-bash">command 2>&1 >file
</code></pre>
<ol>
<li>duplicate <code>fd 1</code> to <code>fd 2</code>, effectively redirecting <code>stderr</code> to <code>stdout</code></li>
<li>redirect <code>stdout</code> to <code>file</code></li>
</ol>
<h2><a class="header" href="#argument-parsing-with-getopts" id="argument-parsing-with-getopts">Argument parsing with <code>getopts</code></a></h2>
<p>The <code>getopts</code> builtin uses following global variables:</p>
<ul>
<li><code>OPTARG</code>, value of last option argument</li>
<li><code>OPTIND</code>, index of the next argument to process (user must reset)</li>
<li><code>OPTERR</code>, display errors if set to <code>1</code></li>
</ul>
<pre><code class="language-bash">getopts <optstring> <param> [<args>]
</code></pre>
<ul>
<li><code><optstring></code> specifies the names of supported options, eg <code>f:c</code>
<ul>
<li><code>f:</code> means <code>-f</code> option with an argument</li>
<li><code>c</code> means <code>-c</code> option without an argument</li>
</ul>
</li>
<li><code><param></code> specifies a variable name which <code>getopts</code> fills with the last parsed option argument</li>
<li><code><args></code> optionally specify argument string to parse, by default <code>getopts</code> parses <code>$@</code></li>
</ul>
<h3><a class="header" href="#example-2" id="example-2">Example</a></h3>
<pre><code class="language-bash">#!/bin/bash
function parse_args() {
while getopts "f:c" PARAM; do
case $PARAM in
f) echo "GOT -f $OPTARG";;
c) echo "GOT -c";;
*) echo "ERR: print usage"; exit 1;;
esac
done
# users responsibility to reset OPTIND
OPTIND=1
}
parse_args -f xxx -c
parse_args -f yyy
</code></pre>
<h2><a class="header" href="#regular-expressions-1" id="regular-expressions-1">Regular Expressions</a></h2>
<p>Bash supports regular expression matching with the binary operator <code>=~</code>.
The match results can be accessed via the <code>$BASH_REMATCH</code> variable:</p>
<ul>
<li><code>${BASH_REMATCH[0]}</code> contains the full match</li>
<li><code>${BASH_REMATCH[1]}</code> contains match of the first capture group</li>
</ul>
<pre><code class="language-bash">INPUT='title foo : 1234'
REGEX='^title (.+) : ([0-9]+)$'
if [[ $INPUT =~ $REGEX ]]; then
echo "${BASH_REMATCH[0]}" # title foo : 1234
echo "${BASH_REMATCH[1]}" # foo
echo "${BASH_REMATCH[2]}" # 1234
fi
</code></pre>
<blockquote>
<p><strong>Caution</strong>: When specifying a <code>regex</code> in the <code>[[ ]]</code> block directly, quotes will be treated as part of the pattern.
<code>[[ $INPUT =~ "foo" ]]</code> will match against <code>"foo"</code> not <code>foo</code>!</p>
</blockquote>
<h2><a class="header" href="#completion-1" id="completion-1">Completion</a></h2>
<p>The <code>complete</code> builtin is used to interact with the completion system.</p>
<pre><code class="language-bash">complete # print currently installed completion handler
complete -F <func> <cmd> # install <func> as completion handler for <cmd>
complete -r <cmd> # uninstall completion handler for <cmd>
</code></pre>
<p>Variables available in completion functions:</p>
<pre><code class="language-bash"># in
$1 # <cmd>
$2 # current word
$3 # privous word
COMP_WORDS # array with current command line words
COMP_CWORD # index into COMP_WORDS with current cursor position
# out
COMPREPLY # array with possible completions
</code></pre>
<p>The <code>compgen</code> builtin is used to generate possible matches by comparing <code>word</code>
against words generated by <code>option</code>.</p>
<pre><code class="language-bash">compgen <option> <word>
# usefule options:
# -W <list> specify list of possible completions
# -d generate list with dirs
# -f generate list with files
# -u generate list with users
# -e generate list with exported variables
# compare "f" against words "foo" "foobar" "bar" and generate matches
compgen -W "foo foobar bar" "f"
# compare "hom" against file/dir names and generate matches
compgen -d -f "hom"
</code></pre>
<h3><a class="header" href="#example-3" id="example-3">Example</a></h3>
<p>Skeleton to copy/paste for writing simple completions.</p>
<p>Assume a program <code>foo</code> with the following interface:</p>
<pre><code class="language-bash">foo -c green|red|blue -s low|high -f <file> -h
</code></pre>
<p>The completion handler could be implemented as follows:</p>
<pre><code class="language-bash">function _foo() {
local curr=$2
local prev=$3
local opts="-c -s -f -h"
case $prev in
-c) COMPREPLY=( $(compgen -W "green red blue" -- $curr) );;
-s) COMPREPLY=( $(compgen -W "low high" -- $curr) );;
-f) COMPREPLY=( $(compgen -f -- $curr) );;
*) COMPREPLY=( $(compgen -W "$opts" -- $curr) );;
esac
}
complete -F _foo foo
</code></pre>
<h1><a class="header" href="#fish1" id="fish1">fish(1)</a></h1>
<h2><a class="header" href="#quick-info" id="quick-info">Quick Info</a></h2>
<p>Fish initialization file <code>~/.config/fish/config.fish</code></p>
<p>Switch between different key bindings:</p>
<ul>
<li><code>fish_default_key_bindings</code> to use default key bindings</li>
<li><code>fish_vi_key_bindings</code> to use vi key bindings</li>
</ul>
<h2><a class="header" href="#variables-1" id="variables-1">Variables</a></h2>
<p>Available scopes</p>
<ul>
<li><code>local</code> variable local to a block</li>
<li><code>global</code> variable global to shell instance</li>
<li><code>universal</code> variable universal to all shell instances + preserved across
shell restart</li>
</ul>
<h3><a class="header" href="#setunset-variables" id="setunset-variables">Set/Unset Variables</a></h3>
<pre><code class="language-text">set <name> [<values>]
-l local scope
-g global scope
-U universal scope
-e erase variable
-S show verbose info
-x export to ENV
-u unexport from ENV
</code></pre>
<h3><a class="header" href="#lists" id="lists">Lists</a></h3>
<p>In <code>fish</code> all variables are lists (start with index <code>1</code>, but lists can't
contain lists.</p>
<pre><code class="language-text">set foo a b c d
echo $foo[1] # a
echo $foo[-1] # d
echo $foo[2..3] # b c
echo $foo[1 3] # a c
</code></pre>
<p><code>$</code> can be seen as dereference operator.</p>
<pre><code class="language-text">set foo a; set a 1337
echo $$foo # outputs 1337
</code></pre>
<p>Cartesian product.</p>
<pre><code class="language-text">echo file.{h,cc}
# file.h file.cc
echo {a,b}{1,2}
# a1 b1 b2
</code></pre>
<h3><a class="header" href="#special-variables-lists" id="special-variables-lists">Special Variables (Lists)</a></h3>
<pre><code class="language-text">$status # exit code of last command
$pipestatus # list of exit codes of pipe chain
$CMD_DURATION # runtime of last command in ms
</code></pre>
<h4><a class="header" href="#path" id="path"><code>*PATH</code></a></h4>
<p>Lists ending with <code>PATH</code> are automatically split at <code>:</code> when used and joined
with <code>:</code> when exported to the environment.</p>
<pre><code class="language-text">set -x BLA_PATH a:b:c:d
echo $BLA_PATH # a b c d
env | grep BLA_PATH # BLA_PATH=a:b:c:d
</code></pre>
<h2><a class="header" href="#command-handling" id="command-handling">Command Handling</a></h2>
<pre><code class="language-text"># sub-commands are not run in quotes
echo "ls output: "(ls)
</code></pre>
<h3><a class="header" href="#io-redirection-1" id="io-redirection-1">I/O redirection</a></h3>
<pre><code class="language-text"># 'noclobber', fail if 'log' already exists
echo foo >? log
</code></pre>
<h2><a class="header" href="#control-flow" id="control-flow">Control Flow</a></h2>
<h3><a class="header" href="#if--else" id="if--else"><code>if</code> / <code>else</code></a></h3>
<pre><code class="language-text">if grep foo bar
# do sth
else if grep foobar bar
# do sth else
else
# do sth else
end
</code></pre>
<h3><a class="header" href="#switch" id="switch"><code>switch</code></a></h3>
<pre><code class="language-text">switch (echo foo)
case 'foo*'
# do start with foo
case bar dudel
# do bar and dudel
case '*'
# do else
end
</code></pre>
<h3><a class="header" href="#while-loop" id="while-loop"><code>while</code> Loop</a></h3>
<pre><code class="language-text">while true
echo foo
end
</code></pre>
<h3><a class="header" href="#for-loop" id="for-loop"><code>for</code> Loop</a></h3>
<pre><code class="language-text">for f in (ls)
echo $f
end
</code></pre>
<h2><a class="header" href="#functions" id="functions">Functions</a></h2>
<p>Function arguments are passed via <code>$argv</code> list.</p>
<pre><code class="language-text">function fn_foo
echo $argv
end
</code></pre>
<h3><a class="header" href="#autoloading" id="autoloading">Autoloading</a></h3>
<p>When running a command fish attempts to autoload a function. The shell looks
for <code><cmd>.fish</code> in the locations defined by <code>$fish_function_path</code> and loads
the function lazily if found.</p>
<p>This is the preferred way over monolithically defining all functions in a
startup script.</p>
<h3><a class="header" href="#helper" id="helper">Helper</a></h3>
<pre><code class="language-text">functions # list al functions
functions foo # describe function 'foo'
functions -e foo # erase function 'foo'
funced foo # edit function 'foo'
# '-e vim' to edit in vim
</code></pre>
<h2><a class="header" href="#prompt" id="prompt">Prompt</a></h2>
<p>The prompt is defined by the output of the <code>fish_prompt</code> function.</p>
<pre><code class="language-text">function fish_prompt
set -l cmd_ret
echo "> "(pwd) $cmd_ret" "
end
</code></pre>
<blockquote>
<p>Use <code>set_color</code> to manipulate terminal colors.</p>
</blockquote>
<h2><a class="header" href="#useful-builtins" id="useful-builtins">Useful Builtins</a></h2>
<pre><code class="language-text"># history
history search <str> # search history for <str>
history merge # merge histories from fish sessions
# list
count $var # count elements in list
# string
string split SEP STRING
</code></pre>
<h2><a class="header" href="#keymaps" id="keymaps">Keymaps</a></h2>
<pre><code class="language-text"> Shift-Tab ........... tab-completion with search
Alt-Up / Alt-Down ... search history with token under the cursor
Alt-l ............... list content of dir under cursor
Alt-p ............... append '2>&1 | less;' to current cmdline
</code></pre>
<h2><a class="header" href="#debug" id="debug">Debug</a></h2>
<pre><code class="language-text"> status print-stack-trace .. prints function stacktrace (can be used in scripts)
breakpoint ................ halt script execution and gives shell (C-d | exit
to continue)
</code></pre>
<h1><a class="header" href="#tmux1" id="tmux1">tmux(1)</a></h1>
<p>Terminology:</p>
<ul>
<li><code>session</code> is a collection of pseudo terminals which can have multiple
<code>windows</code></li>
<li><code>window</code> uses the entire screen and can be split into rectangular <code>panes</code></li>
<li><code>pane</code> is a single pseudo terminal instance</li>
</ul>
<h1><a class="header" href="#tmux-cli" id="tmux-cli">Tmux cli</a></h1>
<pre><code class="language-markdown"># Session
tmux creates new session
tmux ls list running sessions
tmux kill-session -t <s> kill running session <s>
tmux attach -t <s> [-d] attach to session <s>, detach other clients [-d]
tmux detach -s <s> detach all clients from session <s>
# Environment
tmux showenv -g show global tmux environment variables
tmux setenv -g <var> <val> set variable in global tmux env
# Misc
tmux source-file <file> source config <file>
tmux lscm list available tmux commnds
tmux show -g show global tmux options
tmux display <msg> display message in tmux status line
</code></pre>
<h2><a class="header" href="#scripting" id="scripting">Scripting</a></h2>
<pre><code class="language-markdown"># Session
tmux list-sessions -F '#S' list running sessions, only IDs
# Window
tmux list-windows -F '#I' -t <s> list window IDs for session <s>
tmux selectw -t <s>:<w> select window <w> in session <s>
# Pane
tmux list-panes -F '#P' -t <s>:<w> list pane IDs for window <w> in session <s>
tmux selectp -t <s>:<w>.<p> select pane <p> in window <w> in session <s>
# Run commands
tmux send -t <s>:<w>.<p> "ls" C-m send cmds/keys to pane
tmux run -t <p> <sh-cmd> run shell command <sh-cmd> in background and report output on pane -t <p>
</code></pre>
<p>For example cycle through all panes in all windows in all sessions:</p>
<pre><code class="language-bash"># bash
for s in $(tmux list-sessions -F '#S'); do
for w in $(tmux list-windows -F '#I' -t $s); do
for p in $(tmux list-panes -F '#P' -t $s:$w); do
echo $s:$w.$p
done
done
done
</code></pre>
<h1><a class="header" href="#bindings" id="bindings">Bindings</a></h1>
<pre><code class="language-markdown">prefix d detach from current session
prefix c create new window
prefix w open window list
prefix $ rename session
prefix , rename window
prefix . move current window
</code></pre>
<p>Following bindings are specific to my <a href="https://github.com/johannst/dotfiles/blob/master/tmux.conf"><code>tmux.conf</code></a>:</p>
<pre><code class="language-markdown">C-s prefix
# Panes
prefix s horizontal split
prefix v vertical split
prefix f toggle maximize/minimize current pane
# Movement
prefix Tab toggle between window
prefix h move to pane left
prefix j move to pane down
prefix k move to pane up
prefix l move to pane right
# Resize
prefix C-h resize pane left
prefix C-j resize pane down
prefix C-k resize pane up
prefix C-l resize pane right
# Copy/Paste
prefix C-v enter copy mode
prefix C-p paste yanked text
prefix C-b open copy-buffer list
# In Copy Mode
v enable visual mode
y yank selected text
</code></pre>
<h1><a class="header" href="#command-mode" id="command-mode">Command mode</a></h1>
<p>To enter command mode <code>prefix :</code>.</p>
<p>Some useful commands are:</p>
<pre><code class="language-markdown">setw synchronize-panes on/off enables/disables synchronized input to all panes
list-keys -t vi-copy list keymaps for vi-copy mode
</code></pre>
<h1><a class="header" href="#git1" id="git1">git(1)</a></h1>
<h2><a class="header" href="#working-areas" id="working-areas">Working areas</a></h2>
<pre><code class="language-text">+-------------------+ --- stash -----> +-------+
| working directory | | stash | // Shelving area.
+-------------------+ <-- stash pop -- +-------+
| ^
add |
| reset
v |
+-------------------+
| staging area |
+-------------------+
|
commit
|
v
+-------------------+
| local repository |
+-------------------+
| ^
push |
| fetch /
| pull
v |
+-------------------+
| remote repository |
+-------------------+
</code></pre>
<h2><a class="header" href="#staging" id="staging">Staging</a></h2>
<pre><code class="language-markdown"> git add -p [<file>] ............ partial staging (interactive)
</code></pre>
<h2><a class="header" href="#remote" id="remote">Remote</a></h2>
<pre><code class="language-markdown"> git remote -v .................. list remotes verbose (with URLs)
git remote show [-n] <remote> .. list info for <remote> (like remote HEAD,
remote branches, tracking mapping)
</code></pre>
<h2><a class="header" href="#branching" id="branching">Branching</a></h2>
<pre><code class="language-markdown"> git branch [-a] ................ list available branches; -a to include
remote branches
git branch -vv ................. list branch & annotate with head sha1 &
remote tracking branch
git branch <bname> ............. create local branch with name <bname>
git branch -d <bname> .......... delete local branch with name <bname>
git checkout <bname> ........... switch to branch with name <bname>
git checkout --track <branch> .. start to locally track a remote branch
# Remote
git push -u origin <rbname> ........ push local branch to origin (or other
remote), and setup <rbname> as tracking
branch
git push origin --delete <rbname> .. delete branch <rbname> from origin (or
other remote)
</code></pre>
<h2><a class="header" href="#tags" id="tags">Tags</a></h2>
<pre><code class="language-markdown"> git tag -a <tname> -m "descr" ........ creates an annotated tag (full object
containing tagger, date, ...)
git tag -l ........................... list available tags
git checkout tag/<tname> ............. checkout specific tag
git checkout tag/<tname> -b <bname> .. checkout specific tag in a new branch
# Remote
git push origin --tags .... push local tags to origin (or other remote)
</code></pre>
<h2><a class="header" href="#log--commit-history" id="log--commit-history">Log & Commit History</a></h2>
<pre><code class="language-markdown"> git log --oneline ......... shows log in single line per commit -> alias for
'--pretty=oneline --abbrev-commit'
git log --graph ........... text based graph of commit history
git log --decorate ........ decorate log with REFs
git log -p <file> ......... show commit history + diffs for <file>
git log --oneline <file> .. show commit history for <file> in compact format
</code></pre>
<h2><a class="header" href="#diff--commit-info" id="diff--commit-info">Diff & Commit Info</a></h2>
<pre><code class="language-markdown"> git diff <commit>..<commit> [<file>] .... show changes between two arbitrary
commits. If one <commit> is omitted
it is if HEAD is specified.
git diff -U$(wc -l <file>) <file> ....... shows complete file with diffs
instead of usual diff snippets
git diff --staged ....................... show diffs of staged files
git show --stat <commit> ................ show files changed by <commit>
git show <commit> [<file>] .............. show diffs for <commit>
git git show <commit>:<file> ............ show <file> at <commit>
</code></pre>
<h2><a class="header" href="#patching" id="patching">Patching</a></h2>
<pre><code class="language-markdown"> git format-patch <opt> <since>/<revision range>
opt:
-N ................... use [PATCH] instead [PATCH n/m] in subject when
generating patch description (for patches spanning
multiple commits)
--start-number <n> ... start output file generation with <n> as start
number instead '1'
since spcifier:
-3 .................. e.g: create a patch from last three commits
<commit hash> ....... create patch with commits starting after <commit hash>
git am <patch> ......... apply patch and create a commit for it
git apply --stat <PATCH> ... see which files the patch would change
git apply --check <PATCH> .. see if the patch can be applied cleanly
git apply <PATCH> .......... apply the patch locally without creating a commit
# eg: generate patches for each commit from initial commit on
git format-patch -N $(git rev-list --max-parents=0 HEAD)
# generate single patch file from a certain commit/ref
git format-patch <COMMIT/REF> --stdout > my-patch.patch
</code></pre>
<h2><a class="header" href="#resetting" id="resetting">Resetting</a></h2>
<pre><code class="language-markdown"> git reset [opt] <ref|commit>
opt:
--mixed .................... resets index, but not working tree
--hard ..................... matches the working tree and index to that
of the tree being switched to any changes to
tracked files in the working tree since
<commit> are lost
git reset HEAD <file> .......... remove file from staging
git reset --soft HEAD~1 ........ delete most recent commit but keep work
git reset --hard HEAD~1 ........ delete most recent commit and delete work
</code></pre>
<h2><a class="header" href="#submodules" id="submodules">Submodules</a></h2>
<pre><code class="language-markdown"> git submodule add <url> [<path>] .......... add new submodule to current project
git clone --recursive <url> ............... clone project and recursively all
submodules (same as using
'git submodule update --init
--recursive' after clone)
git submodule update --init --recursive ... checkout submodules recursively
using the commit listed in the
super-project (in detached HEAD)
git submodule update --remote <submod> .... fetch & merge remote changes for
<submod>, this will pull
origin/HEAD or a branch specified
for the submodule
git diff --submodule ...................... show commits that are part of the
submodule diff
</code></pre>
<h2><a class="header" href="#inspection" id="inspection">Inspection</a></h2>
<pre><code class="language-markdown"> git ls-tree [-r] <ref> .... show git tree for <ref>, -r to recursively ls sub-trees
git show <obj> ............ show <obj>
git cat-file -p <obj> ..... print content of <obj>
</code></pre>
<h2><a class="header" href="#revision-specifier" id="revision-specifier">Revision Specifier</a></h2>
<pre><code class="language-markdown"> HEAD ........ last commit
HEAD~1 ...... last commit-1
HEAD~N ...... last commit-N (linear backwards when in tree structure, check
difference between HEAD^ and HEAD~)
git rev-list --max-parents=0 HEAD ........... first commit
</code></pre>
<h1><a class="header" href="#awk1" id="awk1">awk(1)</a></h1>
<pre><code class="language-markdown">awk [opt] program [input]
-F <sepstr> field separator string (can be regex)
program awk program
input file or stdin if not file given
</code></pre>
<h2><a class="header" href="#input-processing" id="input-processing">Input processing</a></h2>
<p>Input is processed in two stages:</p>
<ol>
<li>Splitting input into a sequence of <code>records</code>.
By default split at <code>newline</code> character, but can be changed via the
builtin <code>RS</code> variable.</li>
<li>Splitting a <code>record</code> into <code>fields</code>. By default strings without <code>whitespace</code>,
but can be changed via the builtin variable <code>FS</code> or command line option
<code>-F</code>.</li>
</ol>
<p>Fields are accessed as follows:</p>
<ul>
<li><code>$0</code> whole <code>record</code></li>
<li><code>$1</code> field one</li>
<li><code>$2</code> field two</li>
<li>...</li>
</ul>
<h2><a class="header" href="#program" id="program">Program</a></h2>
<p>An <code>awk</code> program is composed of pairs of the form:</p>
<pre><code class="language-markdown">pattern { action }
</code></pre>
<p>The program is run against each <code>record</code> in the input stream. If a <code>pattern</code>
matches a <code>record</code> the corresponding <code>action</code> is executed and can access the
<code>fields</code>.</p>
<pre><code class="language-markdown">INPUT
|
v
record ----> ∀ pattern matched
| |
v v
fields ----> run associated action
</code></pre>
<p>Any valid awk <code>expr</code> can be a <code>pattern</code>.</p>
<h3><a class="header" href="#special-pattern" id="special-pattern">Special pattern</a></h3>
<p>awk provides two special patterns, <code>BEGIN</code> and <code>END</code>, which can be used
multiple times. Actions with those patterns are <strong>executed exactly once</strong>.</p>
<ul>
<li><code>BEGIN</code> actions are run before processing the first record</li>
<li><code>END</code> actions are run after processing the last record</li>
</ul>
<h3><a class="header" href="#special-variables" id="special-variables">Special variables</a></h3>
<ul>
<li><code>RS</code> <em>record separator</em>: first char is the record separator, by default
<newline></li>
<li><code>FS</code> <em>field separator</em>: regex to split records into fields, by default
<space></li>
<li><code>NR</code> <em>number record</em>: number of current record</li>
<li><code>NF</code> <em>number fields</em>: number of fields in the current record</li>
</ul>
<h3><a class="header" href="#special-statements--functions" id="special-statements--functions">Special statements & functions</a></h3>
<ul>
<li>
<p><code>printf "fmt", args...</code></p>
<p>Print format string, args are comma separated.</p>
<ul>
<li><code>%s</code> string</li>
<li><code>%d</code> decimal</li>
<li><code>%x</code> hex</li>
<li><code>%f</code> float</li>
</ul>
<p>Width can be specified as <code>%Ns</code>, this reserves <code>N</code> chars for a string.
For floats one can use <code>%N.Mf</code>, <code>N</code> is the total number including <code>.</code> and
<code>M</code>.</p>
</li>
<li>
<p><code>sprintf("fmt", expr, ...)</code></p>
<p>Format the expressions according to the format string. Similar as <code>printf</code>,
but this is a function and return value can be assigned to a variable.</p>
</li>
<li>
<p><code>strftime("fmt")</code></p>
<p>Print time stamp formatted by <code>fmt</code>.</p>
<ul>
<li><code>%Y</code> full year (eg 2020)</li>
<li><code>%m</code> month (01-12)</li>
<li><code>%d</code> day (01-31)</li>
<li><code>%F</code> alias for <code>%Y-%m-%d</code></li>
<li><code>%H</code> hour (00-23)</li>
<li><code>%M</code> minute (00-59)</li>
<li><code>%S</code> second (00-59)</li>
<li><code>%T</code> alias for <code>%H:%M:%S</code></li>
</ul>
</li>
</ul>
<h2><a class="header" href="#examples" id="examples">Examples</a></h2>
<h3><a class="header" href="#filter-records" id="filter-records">Filter records</a></h3>
<pre><code class="language-bash">awk 'NR%2 == 0 { print $0 }' <file>
</code></pre>
<p>The pattern <code>NR%2 == 0</code> matches every second record and the action <code>{ print $0 }</code>
prints the whole record.</p>
<h3><a class="header" href="#access-last-fields-in-records" id="access-last-fields-in-records">Access last fields in records</a></h3>
<pre><code class="language-bash">echo 'a b c d e f' | awk '{ print $NF $(NF-1) }'
</code></pre>
<p>Access last fields with arithmetic on the <code>NF</code> number of fields variable.</p>
<h3><a class="header" href="#capture-in-variables" id="capture-in-variables">Capture in variables</a></h3>
<pre><code class="language-bash"># /proc/<pid>/status
# Name: cat
# ...
# VmRSS: 516 kB
# ...
for f in /proc/*/status; do
cat $f | awk '
/^VmRSS/ { rss = $2/1024 }
/^Name/ { name = $2 }
END { printf "%16s %6d MB\n", name, rss }';
done | sort -k2 -n
</code></pre>
<p>We capture values from <code>VmRSS</code> and <code>Name</code> into variables and print them at the
<code>END</code> once processing all records is done.</p>
<h3><a class="header" href="#run-shell-command-and-capture-output" id="run-shell-command-and-capture-output">Run shell command and capture output</a></h3>
<pre><code class="language-bash">cat /proc/1/status | awk '
/^Pid/ {
"ps --no-header -o user " $2 | getline user;
print user
}'
</code></pre>
<p>We build a <code>ps</code> command line and capture the first line of the processes output
in the <code>user</code> variable and then print it.</p>
<h1><a class="header" href="#emacs1" id="emacs1">emacs(1)</a></h1>
<h2><a class="header" href="#help" id="help">help</a></h2>
<pre><code class="language-markdown"> C-h ? list available help modes
C-h e show message output (`*Messages*` buffer)
C-h f describe function
C-h v describe variable
C-h w describe which key invoke function (where-is)
C-h c <KEY> print command bound to <KEY>
C-h k <KEY> describe command bound to <KEY>
C-h b list buffer local key-bindings
<kseq> C-h list possible key-bindings with <kseq>
eg C-x C-h -> list key-bindings beginning with C-x
</code></pre>
<h2><a class="header" href="#package-manager" id="package-manager">package manager</a></h2>
<pre><code class="language-markdown"> key fn description
------------------------------------------------
package-refresh-contents refresh package list
package-list-packages list available/installed packages
`U x` to mark packages for Upgrade & eXecute
</code></pre>
<h2><a class="header" href="#window" id="window">window</a></h2>
<pre><code class="language-markdown"> key fn description
----------------------------------------------
C-x 0 delete-window kill focused window
C-x 1 delete-other-windows kill all other windows
C-x 2 split-window-below split horizontal
C-x 3 split-window-right split vertical
C-x o other-window other window (cycle)
</code></pre>
<h2><a class="header" href="#buffer" id="buffer">buffer</a></h2>
<pre><code class="language-markdown"> key fn description
---------------------------------------------
C-x C-q read-only-mode toggle read-only mode for buffer
C-x k kill-buffer kill buffer
C-x s save-some-buffers save buffer
C-x w write-file write buffer (save as)
C-x b switch-to-buffer switch buffer
C-x C-b list-buffers buffer list
</code></pre>
<h2><a class="header" href="#ibuffer" id="ibuffer">ibuffer</a></h2>
<p>Builtin advanced buffer selection mode</p>
<pre><code class="language-markdown"> key fn description
--------------------------------------
ibuffer enter buffer selection
h ibuffer help
o open buffer in other window
C-o open buffer in other window keep focus in ibuffer
s a sort by buffer name
s f sort by file name
s v sort by last viewed
s v sort by major mode
, cycle sorting mode
= compare buffer against file on disk (if file is dirty `*`)
/m filter by major mode
/n filter by buffer name
/f filter by file name
// remove all filter
/g create filter group
/\ remove all filter groups
</code></pre>
<h2><a class="header" href="#isearch" id="isearch">isearch</a></h2>
<pre><code class="language-markdown"> key fn description
-------------------------------------------------
C-s isearch-forward search forward from current position (C-s to go to next match)
C-r isearch-backward search backwards from current position (C-r to go to next match)
C-w isearch-yank-word-or-char feed next word to current search (extend)
M-p isearch-ring-advance previous search input
M-n isearch-ring-retreat next search input
</code></pre>
<h2><a class="header" href="#occur" id="occur">occur</a></h2>
<pre><code class="language-markdown"> key fn description
-----------------------------------
M-s o occur get matches for regexp in buffer
use during `isearch` to use current search term
C-n goto next line
C-p goto previous line
o open match in other window
C-o open match in other window keep focus in ibuffer
</code></pre>
<pre><code class="language-markdown"> key fn description
---------------------------------------------------------
multi-occur-in-matching-buffers run occur in buffers matching regexp
</code></pre>
<h2><a class="header" href="#grep" id="grep">grep</a></h2>
<pre><code class="language-markdown"> key fn description
-----------------------------------
rgrep recursive grep
find-grep run find-grep result in *grep* buffer
n/p navigate next/previous match in *grep* buffer
q quit *grep* buffer
</code></pre>
<h2><a class="header" href="#yankpaste" id="yankpaste">yank/paste</a></h2>
<pre><code class="language-markdown"> key fn description
---------------------------------------------
C-<SPACE> set-mark-command set start mark to select text
M-w kill-ring-save copy selected text
C-w kill-region kill selected text
C-y yank paste selected text
M-y yank-pop cycle through kill-ring (only after paste)
</code></pre>
<h2><a class="header" href="#register" id="register">register</a></h2>
<pre><code class="language-markdown"> key fn description
------------------------------------------------
C-x r s <reg> copy-to-register save region in register <reg>
C-x r i <reg> insert-register insert content of register <reg>
</code></pre>
<h2><a class="header" href="#blockrect" id="blockrect">block/rect</a></h2>
<pre><code class="language-markdown"> key fn description
------------------------------------------------
C-x <SPC> rectangle-mark-mode activate rectangle-mark-mode
string-rectangle insert text in marked rect
</code></pre>
<h2><a class="header" href="#mass-edit" id="mass-edit">mass edit</a></h2>
<pre><code class="language-markdown"> key fn description
------------------------------------------------
C-x h mark-whole-buffer mark whole buffer
delete-matching-line delete lines matching regex
M-% query-replace search & replace
C-M-% query-replace-regexp search & replace regex
</code></pre>
<h2><a class="header" href="#narrow" id="narrow">narrow</a></h2>
<pre><code class="language-markdown"> key fn description
---------------------------------------------
C-x n n narrow-to-region show only focused region (narrow)
C-x n w widen show whole buffer (wide)
</code></pre>
<h2><a class="header" href="#org" id="org">org</a></h2>
<pre><code class="language-markdown"> key fn description
------------------------------------
M-up/M-down re-arrange items in same hierarchy
M-left/M-right change item hierarchy
C-RET create new item below current
C-S-RET create new TODO item below current
S-left/S-right cycle TODO states
</code></pre>
<h3><a class="header" href="#org-source" id="org-source">org source</a></h3>
<pre><code class="language-markdown"> key fn description
------------------------------
<s TAB generate a source block
C-c ' edit source block (in lang specific buffer)
C-c C-c eval source block
</code></pre>
<h2><a class="header" href="#comapny" id="comapny">comapny</a></h2>
<pre><code class="language-markdown"> key fn description
-------------------------------
C-s search through completion candidates
C-o filter completion candidates based on search term
<f1> get doc for completion condidate
M-<digit> select completion candidate
</code></pre>
<h2><a class="header" href="#tags-1" id="tags-1">tags</a></h2>
<p>To generate <code>etags</code> using <code>ctags</code></p>
<pre><code class="language-markdown"> ctags -R -e . generate emacs tag file (important `-e`)
</code></pre>
<p>Navigate using tags</p>
<pre><code class="language-markdown"> key fn description
-----------------------------------------------
xref-find-definitions find definition of tag
xref-find-apropos find symbols matching regexp
xref-find-references find references of tag
</code></pre>
<h2><a class="header" href="#lisp" id="lisp">lisp</a></h2>
<pre><code class="language-markdown"> key fn description
------------------------------
ielm open interactive elips shell
</code></pre>
<p>In <code>lisp-interaction-mode</code> (<code>*scratch*</code> buffer by defult)</p>
<pre><code class="language-markdown"> key fn description
--------------------------------------------------------
C-j eval-print-last-sexp evaluate & print preceeding lisp expr
C-x C-e eval-last-sexp evaluate lisp expr
C-u C-x C-e eval-last-sexp evaluate & print
</code></pre>
<h2><a class="header" href="#ido" id="ido">ido</a></h2>
<p>Builtin fuzzy completion mode (eg buffer select, dired, ...).</p>
<pre><code class="language-markdown"> key fn description
------------------------------------------
ido-mode toggle ido mode
<Left>/<Right> cycle through available competions
<RET> select completion
</code></pre>
<h2><a class="header" href="#evil" id="evil">evil</a></h2>
<pre><code class="language-markdown"> key fn description
--------------------------
C-z toggle emacs/evil mode
C-^ toggle between previous and current buffer
C-p after paste cycle kill-ring back
C-n after paste cycle kill-ring forward
</code></pre>
<h2><a class="header" href="#dired" id="dired">dired</a></h2>
<pre><code class="language-markdown"> key fn description
--------------------------
i open sub-dir in same buffer
+ create new directory
C copy file/dir
q quit
</code></pre>
<h1><a class="header" href="#gpg1" id="gpg1">gpg(1)</a></h1>
<pre><code>gpg
-o|--output Specify output file
-a|--armor Create ascii output
-u|--local-user <name> Specify key for signing
-r|--recipient Encrypt for user
</code></pre>
<h2><a class="header" href="#generate-new-keypair" id="generate-new-keypair">Generate new keypair</a></h2>
<pre><code class="language-bash">gpg --full-generate-key
</code></pre>
<h2><a class="header" href="#list-keys" id="list-keys">List keys</a></h2>
<pre><code>gpg -k / --list-key # public keys
gpg -K / --list-secret-keys # secret keys
</code></pre>
<h2><a class="header" href="#edit-keys" id="edit-keys">Edit keys</a></h2>
<pre><code class="language-bash">gpg --edit-key <KEY ID>
</code></pre>
<p>Gives prompt to modify <code>KEY ID</code>, common commands:</p>
<pre><code class="language-bash">help show help
save save & quit
list list keys and user IDs
key <N> select subkey <N>
uid <N> select user ID <N>
expire change expiration of selected key
adduid add user ID
deluid delete selected user ID
addkey add subkey
delkey delete selected subkey
</code></pre>
<h2><a class="header" href="#export--import-keys" id="export--import-keys">Export & Import Keys</a></h2>
<pre><code class="language-bash">gpg --export --armor --output <KEY.PUB> <KEY ID>
gpg --export-secret-key --armor --output <KEY.PUB> <KEY ID>
gpg --import <FILE>
</code></pre>
<h2><a class="header" href="#search--send-keys" id="search--send-keys">Search & Send keys</a></h2>
<pre><code class="language-bash">gpg --keyserver <SERVER> --send-keys <KEY ID>
gpg --keyserver <SERVER> --search-keys <KEY ID>
</code></pre>
<h2><a class="header" href="#encrypt-passphrase" id="encrypt-passphrase">Encrypt (passphrase)</a></h2>
<p>Encrypt file using <code>passphrase</code> and write encrypted data to <code><file>.gpg</code>.</p>
<pre><code class="language-bash">gpg --symmetric <file>
# Decrypt using passphrase
gpg -o <file> --decrypt <file>.gpg
</code></pre>
<h2><a class="header" href="#encrypt-public-key" id="encrypt-public-key">Encrypt (public key)</a></h2>
<p>Encrypt file with <code>public key</code> of specified <code>recipient</code> and write encrypted
data to <code><file>.gpg</code>.</p>
<pre><code class="language-bash">gpg --encrypt -r foo@bar.de <file>
# Decrypt at foos side (private key required)
gpg -o <file> --decrypt <file>.gpg
</code></pre>
<h2><a class="header" href="#signing" id="signing">Signing</a></h2>
<p>Generate a signed file and write to <code><file>.gpg</code>.</p>
<pre><code class="language-bash"># Sign with private key of foo@bar.de
gpg --sign -u foor@bar.de <file>
# Verify with public key of foo@bar.de
gpg --verify <file>
# Extract content from signed file
gpg -o <file> --decrypt <file>.gpg
</code></pre>
<blockquote>
<p>Without <code>-u</code> use first private key in list <code>gpg -K</code> for signing.</p>
</blockquote>
<p>Files can also be <code>signed</code> and <code>encrypted</code> at once, gpg will first sign the
file and then encrypt it.</p>
<pre><code class="language-bash">gpg --sign --encrypt -r <recipient> <file>
</code></pre>
<h2><a class="header" href="#signing-detached" id="signing-detached">Signing (detached)</a></h2>
<p>Generate a <code>detached</code> signature and write to <code><file>.asc</code>.
Send <code><file>.asc</code> along with <code><file></code> when distributing.</p>
<pre><code class="language-bash">gpg --detach-sign --armor -u foor@bar.de <file>
# Verify
gpg --verify <file>.asc <file>
</code></pre>
<blockquote>
<p>Without <code>-u</code> use first private key in list <code>gpg -K</code> for signing.</p>
</blockquote>
<h2><a class="header" href="#abbreviations" id="abbreviations">Abbreviations</a></h2>
<ul>
<li><code>sec</code> secret key</li>
<li><code>ssb</code> secret subkey</li>
<li><code>pub</code> public key</li>
<li><code>sub</code> public subkey</li>
</ul>
<h2><a class="header" href="#keyservers" id="keyservers">Keyservers</a></h2>
<ul>
<li>http://pgp.mit.edu</li>
<li>http://keyserver.ubuntu.com</li>
<li>hkps://pgp.mailbox.org</li>
</ul>
<h1><a class="header" href="#gdb1" id="gdb1">gdb(1)</a></h1>
<h1><a class="header" href="#cli" id="cli">CLI</a></h1>
<pre><code class="language-markdown"> gdb [opts] [prg [-c coredump | -p pid]]
gdb [opts] --args prg <prg-args>
opts:
-p <pid> attach to pid
-c <coredump> use <coredump>
-x <file> execute script <file> before prompt
-ex <cmd> execute command <cmd> before prompt
--tty <tty> set I/O tty for debugee
</code></pre>
<h1><a class="header" href="#interactive-usage" id="interactive-usage">Interactive usage</a></h1>
<h2><a class="header" href="#misc" id="misc">Misc</a></h2>
<pre><code class="language-markdown"> tty <tty>
Set <tty> as tty for debugee.
Make sure nobody reads from target tty, easiest is to spawn a shell
and run following in target tty:
> while true; do sleep 1024; done
sharedlibrary [<regex>]
Load symbols of shared libs loaded by debugee. Optionally use <regex>
to filter libs for symbol loading.
display [/FMT] <expr>
Print <expr> every time debugee stops. Eg print next instr, see
examples below.
undisplay [<num>]
Delete display expressions either all or one referenced by <num>.
info display
List display expressions.
</code></pre>
<h2><a class="header" href="#breakpoints" id="breakpoints">Breakpoints</a></h2>
<pre><code class="language-markdown"> break [-qualified] <sym> thread <tnum>
Set a breakpoint only for a specific thread.
-qualified: Treat <sym> as fully qualified symbol (quiet handy to set
breakpoints on C symbols in C++ contexts)
break <sym> if <cond>
Set conditional breakpoint (see examples below).
delete [<num>]
Delete breakpoint either all or one referenced by <num>.
info break
List breakpoints.
cond <bp> <cond>
Make existing breakpoint <bp> conditional with <cond>.
tbreak
Set temporary breakpoint, will be deleted when hit.
Same syntax as `break`.
rbreak <regex>
Set breakpoints matching <regex>, where matching internally is done
on: .*<regex>.*
command [<bp_list>]
Define commands to run after breakpoint hit. If <bp_list> is not
specified attach command to last created breakpoint. Command block
terminated with 'end' token.
<bp_list>: Space separates list, eg 'command 2 5-8' to run command
for breakpoints: 2,5,6,7,8.
</code></pre>
<h2><a class="header" href="#watchpoints" id="watchpoints">Watchpoints</a></h2>
<pre><code class="language-markdown"> watch [-location|-l] <expr> [thread <tnum>]
Create a watchpoint for <expr>, will break if <expr> is written to.
Watchpoints respect scope of variables, -l can be used to watch the
memory location instead.
rwatch ...
Sets a read watchpoint, will break if <expr> is read from.
awatch ...
Sets an access watchpoint, will break if <expr> is written to or read
from.
</code></pre>
<h2><a class="header" href="#inspection-1" id="inspection-1">Inspection</a></h2>
<pre><code class="language-markdown"> info functions [<regex>]
List functions matching <regex>. List all functions if no <regex>
provided.
info variables [<regex>]
List variables matching <regex>. List all variables if no <regex>
provided.
</code></pre>
<h2><a class="header" href="#signal-handling" id="signal-handling">Signal handling</a></h2>
<pre><code class="language-markdown"> info handle [<signal>]
Print how to handle <signal>. If no <signal> specified print for all
signals.
handle <signal> <action>
Configure how gdb handles <signal> sent to debugee.
<action>:
stop/nostop Catch signal in gdb and break.
print/noprint Print message when gdb catches signal.
pass/nopass Pass signal down to debugee.
catch signal <signal>
Create a catchpoint for <signal>.
</code></pre>
<h2><a class="header" href="#source-file-locations" id="source-file-locations">Source file locations</a></h2>
<pre><code class="language-markdown"> dir <path>
Add <path> to the beginning of the searh path for source files.
show dir
Show current search path.
set substitute-path <from> <to>
Add substitution rule checked during source file lookup.
show substitute-path
Show current substitution rules.
</code></pre>
<h2><a class="header" href="#configuration" id="configuration">Configuration</a></h2>
<pre><code class="language-markdown"> set follow-fork-mode <child | parent>
Specify which process to follow when debuggee makes a fork(2)
syscall.
set pagination <on | off>
Turn on/off gdb's pagination.
set breakpoint pending <on | off | auto>
on: always set pending breakpoints.
off: error when trying to set pending breakpoints.
auto: interatively query user to set breakpoint.
set print pretty <on | off>
Turn on/off pertty printing of structures.
set logging <on | off>
Enable output logging to file (default gdb.txt).
set logging file <fname>
Change output log file to <fname>
set logging redirect <on/off>
on: only log to file.
off: log to file and tty.
</code></pre>
<h1><a class="header" href="#user-commands-macros" id="user-commands-macros">User commands (macros)</a></h1>
<p>Gdb allows to create & document user commands as follows:</p>
<pre><code class="language-markdown"> define <cmd>
# cmds
end
document <cmd>
# docu
end
</code></pre>
<p>To get all user commands or documentations one can use:</p>
<pre><code class="language-markdown"> help user-defined
help <cmd>
</code></pre>
<h1><a class="header" href="#hooks" id="hooks">Hooks</a></h1>
<p>Gdb allows to create two types of command <code>hooks</code></p>
<ul>
<li><code>hook-</code> will be run before <code><cmd></code></li>
<li><code>hookpost-</code> will be run after <code><cmd></code></li>
</ul>
<pre><code class="language-markdown"> define hook-<cmd>
# cmds
end
define hookpost-<cmd>
# cmds
end
</code></pre>
<h1><a class="header" href="#examples-1" id="examples-1">Examples</a></h1>
<h2><a class="header" href="#automatically-print-next-instr" id="automatically-print-next-instr">Automatically print next instr</a></h2>
<p>When ever the debugee stops automatically print the memory at the current
instruction pointer (<code>$rip</code> x86) and format as instruction <code>/i</code>.</p>
<pre><code class="language-markdown"> # rip - x86
display /i $rip
# step instruction, after the step the next instruction is automatically printed
si
</code></pre>
<h2><a class="header" href="#conditional-breakpoints" id="conditional-breakpoints">Conditional breakpoints</a></h2>
<p>Create conditional breakpoints for a function <code>void foo(int i)</code> in the debugee.</p>
<pre><code class="language-markdown"> # Create conditional breakpoint
b foo if i == 42
b foo # would create bp 2
# Make existing breakpoint conditional
cond 2 if i == 7
</code></pre>
<h2><a class="header" href="#catch-sigsegv-and-execute-commands" id="catch-sigsegv-and-execute-commands">Catch SIGSEGV and execute commands</a></h2>
<p>This creates a <code>catchpoint</code> for the <code>SIGSEGV</code> signal and attached the <code>command</code>
to it.</p>
<pre><code class="language-markdown"> catch signal SIGSEGV
command
bt
c
end
</code></pre>
<h2><a class="header" href="#run-backtrace-on-thread-1-batch-mode" id="run-backtrace-on-thread-1-batch-mode">Run <code>backtrace</code> on thread 1 (batch mode)</a></h2>
<pre><code class="language-markdown"> gdb --batch -ex 'thread 1' -ex 'bt' -p <pid>
</code></pre>
<h2><a class="header" href="#script-gdb-for-automating-debugging-sessions" id="script-gdb-for-automating-debugging-sessions">Script gdb for automating debugging sessions</a></h2>
<p>To script gdb add commands into a file and pass it to gdb via <code>-x</code>.
For example create <code>run.gdb</code>:</p>
<pre><code class="language-markdown"> set pagination off
break mmap
command
info reg rdi rsi rdx
bt
c
end
#initial drop
c
</code></pre>
<p>This script can be used as:</p>
<pre><code class="language-markdown"> gdb --batch -x ./run.gdb -p <pid>
</code></pre>
<h1><a class="header" href="#know-bugs" id="know-bugs">Know Bugs</a></h1>
<h2><a class="header" href="#workaround-command--finish-bug" id="workaround-command--finish-bug">Workaround <code>command + finish</code> bug</a></h2>
<p>When using <code>finish</code> inside a <code>command</code> block, commands after <code>finish</code> are not
executed. To workaround that bug one can create a wrapper function which calls
<code>finish</code>.</p>
<pre><code class="language-markdown"> define handler
bt
finish
info reg rax
end
command
handler
end
</code></pre>
<h1><a class="header" href="#gdbserver1" id="gdbserver1">gdbserver(1)</a></h1>
<h1><a class="header" href="#cli-1" id="cli-1">CLI</a></h1>
<pre><code class="language-markdown"> gdbserver [opts] comm prog [args]
opts:
--disable-randomization
--no-disable-randomization
comm:
host:port
tty
</code></pre>
<h1><a class="header" href="#example-4" id="example-4">Example</a></h1>
<pre><code class="language-markdown"># Start gdbserver.
gdbserver localhost:1234 /bin/ls
# Attach gdb.
gdb -ex 'target remote localhost:1234'
</code></pre>
<h1><a class="header" href="#radare21" id="radare21">radare2(1)</a></h1>
<h2><a class="header" href="#print" id="print">print</a></h2>
<pre><code class="language-markdown">
pd <n> [@ <addr>] # print disassembly for <n> instructions
# with optional temporary seek to <addr>
</code></pre>
<h2><a class="header" href="#flags" id="flags">flags</a></h2>
<pre><code class="language-markdown"> fs # list flag-spaces
fs <fs> # select flag-space <fs>
f # print flags of selected flag-space
</code></pre>
<h2><a class="header" href="#help-1" id="help-1">help</a></h2>
<pre><code class="language-markdown"> ?*~<kw> # '?*' list all commands and '~' grep for <kw>
?*~... # '..' less mode /'...' interactive search
</code></pre>
<h2><a class="header" href="#relocation" id="relocation">relocation</a></h2>
<pre><code class="language-markdown"> > r2 -B <baddr> <exe> # open <exe> mapped to addr <baddr>
oob <addr> # reopen current file at <baddr>
</code></pre>
<h1><a class="header" href="#examples-2" id="examples-2">Examples</a></h1>
<h2><a class="header" href="#patch-file-alter-bytes" id="patch-file-alter-bytes">Patch file (alter bytes)</a></h2>
<pre><code class="language-markdown"> > r2 [-w] <file>
oo+ # re-open for write if -w was not passed
s <addr> # seek to position
wv <data> # write 4 byte (dword)
</code></pre>
<h2><a class="header" href="#assemble--disassmble-rasm2" id="assemble--disassmble-rasm2">Assemble / Disassmble (rasm2)</a></h2>
<pre><code class="language-markdown"> rasm2 -L # list supported archs
> rasm2 -a x86 'mov eax, 0xdeadbeef'
b8efbeadde
> rasm2 -a x86 -d "b8efbeadde"
mov eax, 0xdeadbeef
</code></pre>
<h1><a class="header" href="#qemu1" id="qemu1">qemu(1)</a></h1>
<p>All the examples & notes use <code>qemu-system-x86_64</code> but in most cases
this can be swapped with the system emulator for other architectures.</p>
<h2><a class="header" href="#keybindings-1" id="keybindings-1">Keybindings</a></h2>
<p>Graphic mode:</p>
<pre><code class="language-markdown">Ctrl+Alt+g release mouse capture from VM
Ctrl+Alt+1 switch to display of VM
Ctrl+Alt+2 switch to qemu monitor
</code></pre>
<p>No graphic mode:</p>
<pre><code class="language-markdown">Ctrl+a h print help
Ctrl+a x exit emulator
Ctrl+a c switch between monitor and console
</code></pre>
<h2><a class="header" href="#vm-config-snippet" id="vm-config-snippet">VM config snippet</a></h2>
<p>Following command-line gives a good starting point to assemble a VM:</p>
<pre><code>qemu-system-x86_64 \
-cpu host -enable-kvm -smp 4 \
-m 8G \
-vga virtio -display sdl,gl=on \
-boot menu=on \
-cdrom <iso> \
-hda <disk> \
-device qemu-xhci,id=xhci \
-device usb-host,bus=xhci.0,vendorid=0x05e1,productid=0x0408,id=capture-card
</code></pre>
<h3><a class="header" href="#cpu--ram" id="cpu--ram">CPU & RAM</a></h3>
<pre><code class="language-bash"># Emulate host CPU in guest VM, enabling all supported host featured (requires KVM).
# List available CPUs `qemu-system-x86_64 -cpu help`.
-cpu host
# Enable KVM instead software emulation.
-enable-kvm
# Configure number of guest CPUs.
-smp <N>
# Configure size of guest RAM.
-m 8G
</code></pre>
<h3><a class="header" href="#graphic--display" id="graphic--display">Graphic & Display</a></h3>
<pre><code class="language-bash"># Use sdl window as display and enable openGL context.
-display sdl,gl=on
# Use vnc server as display (eg on display `:42` here).
-display vnc=localhost:42
# Confifure virtio as 3D video graphic accelerator (requires virgl in guest).
-vga virtio
</code></pre>
<h3><a class="header" href="#boot-menu" id="boot-menu">Boot Menu</a></h3>
<pre><code class="language-bash"># Enables boot menu to select boot device (enter with `ESC`).
-boot menu=on
</code></pre>
<h3><a class="header" href="#block-devices" id="block-devices">Block devices</a></h3>
<pre><code class="language-bash"># Attach cdrom drive with iso to a VM.
-cdrom <iso>
# Attach disk drive to a VM.
-hda <disk>
# Generic way to configure & attach a drive to a VM.
-drive file=<file>,format=qcow2
</code></pre>
<h4><a class="header" href="#create-a-disk-with-a-hrefhttpsqemu-projectgitlabioqemutoolsqemu-imghtmlqemu-imga" id="create-a-disk-with-a-hrefhttpsqemu-projectgitlabioqemutoolsqemu-imghtmlqemu-imga">Create a disk with <a href="https://qemu-project.gitlab.io/qemu/tools/qemu-img.html"><code>qemu-img</code></a></a></h4>
<p>To create a <code>qcow2</code> disk (qemu copy-on-write) of size <code>10G</code>:</p>
<pre><code class="language-bash">qemu-img create -f qcow2 disk.qcow2 10G
</code></pre>
<p>The disk does not contain any <code>partitions</code> or a <code>partition table</code>.
We can format the disk from <strong>within the <strong>guest</strong></strong> as following example:</p>
<pre><code class="language-bash"># Create `gpt` partition table.
sudo parted /dev/sda mktable gpt
# Create two equally sized primary partitions.
sudo parted /dev/sda mkpart primary 0% 50%
sudo parted /dev/sda mkpart primary 50% 100%
# Create filesystem on each partition.
sudo mkfs.ext3 /dev/sda1
sudo mkfs.ext4 /dev/sda2
lsblk -f /dev/sda
NAME FSTYPE LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
sda
├─sda1 ext3 ....
└─sda2 ext4 ....
</code></pre>
<h3><a class="header" href="#usb" id="usb">USB</a></h3>
<h4><a class="header" href="#host-controller" id="host-controller">Host Controller</a></h4>
<pre><code class="language-bash"># Add XHCI USB controller to the VM (supports USB 3.0, 2.0, 1.1).
# `id=xhci` creates a usb bus named `xhci`.
-device qemu-xhci,id=xhci
</code></pre>
<h4><a class="header" href="#usb-device" id="usb-device">USB Device</a></h4>
<pre><code class="language-bash"># Pass-through USB device from host identified by vendorid & productid and
# attach to usb bus `xhci.0` (defined with controller `id`).
-device usb-host,bus=xhci.0,vendorid=0x05e1,productid=0x0408
</code></pre>
<h2><a class="header" href="#debugging" id="debugging">Debugging</a></h2>
<pre><code class="language-bash"># Open gdbstub on tcp `<port>` (`-s` shorthand for `-gdb tcp::1234`).
-gdb tcp::<port>
# Freeze guest CPU at startup and wait for debugger connection.
-S
</code></pre>
<h2><a class="header" href="#io-redirection-2" id="io-redirection-2">IO redirection</a></h2>
<pre><code class="language-bash"># Create raw tcp server for `serial IO` and wait until a client connects
# before executing the guest.
-serial tcp:localhost:12345,server,wait
# Create telnet server for `serial IO` and wait until a client connects
# before executing the guest.
-serial telnet:localhost:12345,server,wait
# Configure redirection for the QEMU `mointor`, arguments similar to `-serial`
# above.
-monitor ...
</code></pre>
<blockquote>
<p>In <code>server</code> mode use <code>nowait</code> to execute guest without waiting for a client
connection.</p>
</blockquote>
<h2><a class="header" href="#network" id="network">Network</a></h2>
<pre><code class="language-bash"># Redirect host tcp port `1234` to guest port `4321`.
-nic user,hostfwd=tcp:localhost:1234-:4321
</code></pre>
<h2><a class="header" href="#shared-drives" id="shared-drives">Shared drives</a></h2>
<pre><code class="language-bash"># Attach a `virtio-9p-pci` device to the VM.
# The guest requires 9p support and can mount the shared drive as:
# mount -t 9p -o trans=virtio someName /mnt
-virtfs local,id=someName,path=<someHostPath>,mount_tag=someName,security_model=none
</code></pre>
<h2><a class="header" href="#debug-logging" id="debug-logging">Debug logging</a></h2>
<pre><code class="language-bash"># List debug items.
-d help
# Write debug log to file instead stderr.
-D <file>
# Examples
-d in_asm Log executed guest instructions.
</code></pre>
<h2><a class="header" href="#tracing" id="tracing">Tracing</a></h2>
<pre><code class="language-bash"># List name of all trace points.
-trace help
# Enable trace points matching pattern and optionally write trace to file.
-trace <pattern>[,file=<file>]
# Enable trace points for all events listed in the <events> file.
# File must contain one event/pattern per line.
-trace events=<events>
</code></pre>
<h2><a class="header" href="#vm-snapshots" id="vm-snapshots">VM snapshots</a></h2>
<p>VM snapshots require that there is at least on <code>qcow2</code> disk attached to the VM
(<a href="https://qemu-project.gitlab.io/qemu/system/images.html#vm-005fsnapshots">VM Snapshots</a>).</p>
<p>Commands for qemu <a href="https://qemu-project.gitlab.io/qemu/system/monitor.html">Monitor</a> or <a href="https://qemu-project.gitlab.io/qemu/interop/qemu-qmp-ref.html">QMP</a>:</p>
<pre><code class="language-bash"># List available snapshots.
info snapshots
# Create/Load/Delete snapshot with name <tag>.
savevm <tag>
loadvm <tag>
delvm <tag>
</code></pre>
<p>The snapshot can also be directly specified when invoking qemu as:</p>
<pre><code class="language-bash">qemu-system-x86_64 \
-loadvm <tag> \
...
</code></pre>
<h2><a class="header" href="#vm-migration" id="vm-migration">VM Migration</a></h2>
<p><code>Online</code> migration example:</p>
<pre><code class="language-bash"># Start machine 1 on host ABC.
qemu-system-x86_64 -monitor stdio -cdrom <iso>
# Prepare machine 2 on host DEF as migration target.
# Listen for any connection on port 12345.
qemu-system-x86_64 -monitor stdio -incoming tcp:0.0.0.0:12345
# Start migration from the machine 1 monitor console.
(qemu) migrate tcp:DEF:12345
</code></pre>
<p>Save to external file example:</p>
<pre><code class="language-bash">```bash
# Start machine 1.
qemu-system-x86_64 -monitor stdio -cdrom <iso>
# Save VM state to file.
(qemu) migrate "exec:gzip -c > vm.gz"
# Load VM from file.
qemu-system-x86_64 -monitor stdio -incoming "exec: gzip -d -c vm.gz"
</code></pre>
<blockquote>
<p>The migration source machine and the migration target machine should be
launched with the <strong>same</strong> parameters.</p>
</blockquote>
<h2><a class="header" href="#appendix-direct-kernel-boot" id="appendix-direct-kernel-boot">Appendix: Direct <code>Kernel</code> boot</a></h2>
<p>Example command line to directly boot a <code>Kernel</code> with an <code>initrd</code> ramdisk.</p>
<pre><code class="language-bash">qemu-system-x86_64 \
-cpu host \
-enable-kvm \
-kernel <dir>/arch/x86/boot/bzImage \
-append "earlyprintk=ttyS0 console=ttyS0 nokaslr init=/init debug" \
-initrd <dir>/initramfs.cpio.gz \
...
</code></pre>
<p>Instructions to build a minimal <a href="https://blog.memzero.de/kernel-debugging-qemu"><code>Kernel</code> and <code>initrd</code></a>.</p>
<h2><a class="header" href="#references" id="references">References</a></h2>
<ul>
<li><a href="https://github.com/qemu/qemu/blob/master/docs/usb2.txt">QEMU USB</a></li>
<li><a href="https://qemu-project.gitlab.io/qemu/tools/qemu-img.html">QEMU IMG</a></li>
<li><a href="https://qemu-project.gitlab.io/qemu/tools/index.html">QEMU Tools</a></li>
<li><a href="https://qemu-project.gitlab.io/qemu/system/index.html">QEMU System</a></li>
<li><a href="https://qemu-project.gitlab.io/qemu/system/invocation.html">QEMU Invocation (command line args)</a></li>
<li><a href="https://qemu-project.gitlab.io/qemu/system/monitor.html">QEMU Monitor</a></li>
<li><a href="https://qemu-project.gitlab.io/qemu/interop/qemu-qmp-ref.html">QEMU machine protocol (QMP)</a></li>
<li><a href="https://qemu-project.gitlab.io/qemu/system/images.html#vm-005fsnapshots">QEMU VM Snapshots</a></li>
</ul>
<h1><a class="header" href="#pacman1" id="pacman1">pacman(1)</a></h1>
<h2><a class="header" href="#remote-package-repositories" id="remote-package-repositories">Remote package repositories</a></h2>
<pre><code class="language-text">pacman -Sy refresh package database
pacman -S <pkg> install pkg
pacman -Ss <regex> search remote package database
pacman -Si <pkg> get info for pkg
pacman -Su upgrade installed packages
pacman -Sc clean local package cache
</code></pre>
<h2><a class="header" href="#remove-packages" id="remove-packages">Remove packages</a></h2>
<pre><code class="language-text">pacman -Rsn <pkg> uninstall package and unneeded deps + config files
</code></pre>
<h2><a class="header" href="#local-package-database" id="local-package-database">Local package database</a></h2>
<p>Local package database of installed packages.</p>
<pre><code class="language-text">pacman -Q list all installed packages
pacman -Qs <regex> search local package database
pacman -Ql <pkg> list files installed by pkg
pacman -Qo <file> query package that owns file
pacman -Qe only list explicitly installed packages
</code></pre>
<h2><a class="header" href="#local-file-database" id="local-file-database">Local file database</a></h2>
<p>Local file database which allows to search packages owning certain files.
Also searches non installed packages, but database must be synced.</p>
<pre><code class="language-text">pacman -Fy refresh file database
pacman -Fl <pkg> list files in pkg (must not be installed)
pacman -Fx <regex> search
</code></pre>
<h2><a class="header" href="#hacks" id="hacks">Hacks</a></h2>
<p>Uninstall all orphaned packages (including config files) that were installed as
dependencies.</p>
<pre><code class="language-text">pacman -Rsn $(pacman -Qqtq)
</code></pre>
<p>List explicitly installed packages that are not required as dependency by any
package and sort by size.</p>
<pre><code class="language-text">pacman -Qetq | xargs pacman -Qi |
awk '/Name/ { name=$3 }
/Installed Size/ { printf "%8.2f%s %s\n", $4, $5, name }' |
sort -h
</code></pre>
<h1><a class="header" href="#dot1" id="dot1">dot(1)</a></h1>
<p><a href="https://edotor.net/">Online playground</a></p>
<h2><a class="header" href="#example-dot-file-to-copy--paste-from" id="example-dot-file-to-copy--paste-from">Example <code>dot</code> file to copy & paste from.</a></h2>
<p>Can be rendered to <code>svg</code> with the following command.</p>
<pre><code class="language-bash">dot -T svg -o g.svg g.dot
</code></pre>
<p>Example <code>dot</code> file.</p>
<pre><code class="language-dot">// file: g.dot
digraph {
// Render ranks from left to right.
rankdir=LR
// Make background transparent.
bgcolor=transparent
// Global node attributes.
node [shape=box]
// Global edge attributes.
edge [style=dotted,color=red]
// Add nodes & edge.
stage1 -> stage2
// Add multiple edges at once.
stage2 -> { stage3_1, stage3_2 }
// Add edge with custom attributes.
stage3_2 -> stage4 [label="some text"]
// Set custom attributes for specific node.
stage4 [color=green,fillcolor=lightgray,style="filled,dashed",label="s4"]
// Create a subgraph. This can be used to group nodes/edges or as scope for
// global node/edge attributes.
// If the name starts with 'cluster' a border is drawn.
subgraph cluster_1 {
stage5_1
stage5_2
}
// Add some edges to subgraph nodes.
stage3_1 -> { stage5_1, stage5_2 }
}
</code></pre>
<p>Rendered <code>svg</code> file.
<img src="https://johannst.github.io/notes/assets/g.svg" alt="g.svg" /></p>
<h2><a class="header" href="#references-1" id="references-1">References</a></h2>
<ul>
<li><a href="https://graphviz.org/doc/info/lang.html">DOT language</a></li>
<li><a href="https://graphviz.org/doc/info/attrs.html">Attributes</a></li>
<li><a href="https://graphviz.org/doc/info/shapes.html">Node shapes</a></li>
<li><a href="https://graphviz.org/doc/info/colors.html">Colors</a></li>
<li><a href="https://graphviz.org/pdf/dotguide.pdf">User manual</a></li>
</ul>
<h1><a class="header" href="#resource-analysis--monitor" id="resource-analysis--monitor">Resource analysis & monitor</a></h1>
<ul>
<li><a href="monitor/./lsof.html">lsof</a></li>
<li><a href="monitor/./ss.html">ss</a></li>
<li><a href="monitor/./pidstat.html">pidstat</a></li>
<li><a href="monitor/./pgrep.html">pgrep</a></li>
<li><a href="monitor/./pmap.html">pmap</a></li>
<li><a href="monitor/./pstack.html">pstack</a></li>
</ul>
<h1><a class="header" href="#lsof8" id="lsof8">lsof(8)</a></h1>
<pre><code class="language-markdown">lsof
-r <s> ..... repeatedly execute command ervery <s> seconds
-a ......... AND slection filters instead ORing (OR: default)
-p <pid> ... filter by <pid>
+fg ........ show file flags for file descripros
-n ......... don't convert network addr to hostnames
-P ......... don't convert network port to service names
-i <@h[:p]>. show connections to h (hostname|ip addr) with optional port p
-s <p:s> ... in conjunction with '-i' filter for protocol <p> in state <s>
-U ......... show unix domain sockets ('@' indicates abstract sock name, see unix(7))
</code></pre>
<pre><code class="language-markdown">file flags:
R/W/RW ..... read/write/read-write
CR ......... create
AP ......... append
TR ......... truncate
</code></pre>
<pre><code class="language-markdown">-s protocols
TCP, UDP
-s states (TCP)
CLOSED, IDLE, BOUND, LISTEN, ESTABLISHED, SYN_SENT, SYN_RCDV, ESTABLISHED,
CLOSE_WAIT, FIN_WAIT1, CLOSING, LAST_ACK, FIN_WAIT_2, TIME_WAIT
-s states (UDP)
Unbound, Idle
</code></pre>
<h1><a class="header" href="#examples-3" id="examples-3">Examples</a></h1>
<h2><a class="header" href="#file-flags" id="file-flags">File flags</a></h2>
<p>Show open files with file flags for process:</p>
<pre><code class="language-markdown">lsof +fg -p <pid>
</code></pre>
<h2><a class="header" href="#open-tcp-connections" id="open-tcp-connections">Open TCP connections</a></h2>
<p>Show open tcp connections for <code>$USER</code>:</p>
<pre><code class="language-markdown">lsof -a -u $USER -i TCP
</code></pre>
<p><strong>Note</strong>: <code>-a</code> <em>ands</em> the results. If <code>-a</code> is not given all open files matching
<code>$USER</code> and all tcp connections are listed (<em>ored</em>).</p>
<h2><a class="header" href="#open-connection-to-specific-host" id="open-connection-to-specific-host">Open connection to specific host</a></h2>
<p>Show open connections to <code>localhost</code> for <code>$USER</code>:</p>
<pre><code class="language-markdown">lsof -a -u $USER -i @localhost
</code></pre>
<h2><a class="header" href="#open-connection-to-specific-port" id="open-connection-to-specific-port">Open connection to specific port</a></h2>
<p>Show open connections to port <code>:1234</code> for <code>$USER</code>:</p>
<pre><code class="language-markdown">lsof -a -u $USER -i :1234
</code></pre>
<h2><a class="header" href="#ipv4-tcp-connections-in-established-state" id="ipv4-tcp-connections-in-established-state">IPv4 TCP connections in <code>ESTABLISHED</code> state</a></h2>
<pre><code class="language-markdown">lsof -i 4TCP -s TCP:ESTABLISHED
</code></pre>
<h1><a class="header" href="#ss8" id="ss8">ss(8)</a></h1>
<pre><code class="language-markdown">ss [option] [filter]
</code></pre>
<pre><code class="language-markdown">[option]
-p ..... Show process using socket
-l ..... Show sockets in listening state
-4/-6 .. Show IPv4/6 sockets
-x ..... Show unix sockets
-n ..... Show numeric ports (no resolve)
-O ..... Oneline output per socket
</code></pre>
<pre><code class="language-markdown">[filter]
dport/sport PORT .... Filter for destination/source port
dst/src ADDR ........ Filter for destination/source address
and/or .............. Logic operator
==/!= ............... Comparison operator
(EXPR) .............. Group exprs
</code></pre>
<h1><a class="header" href="#examples-4" id="examples-4">Examples</a></h1>
<p>Show all tcp IPv4 sockets connecting to port <code>443</code>:</p>
<pre><code class="language-markdown">ss -4 'dport 443'
</code></pre>
<p>Show all tcp IPv4 sockets that don't connect to port <code>443</code> or connect to address <code>1.2.3.4</code>.</p>
<pre><code class="language-markdown">ss -4 'dport != 443 or dst 1.2.3.4'
</code></pre>
<h1><a class="header" href="#pidstat1" id="pidstat1">pidstat(1)</a></h1>
<pre><code class="language-markdown">pidstat [opt] [interval] [cont]
-U [user] show username instead UID, optionally only show for user
-r memory statistics
-d I/O statistics
-h single line per process and no lines with average
</code></pre>
<h1><a class="header" href="#page-fault-and-memory-utilization" id="page-fault-and-memory-utilization">Page fault and memory utilization</a></h1>
<pre><code class="language-markdown">pidstat -r -p <pid> [interval] [count]
</code></pre>
<pre><code class="language-markdown">minor_pagefault: Happens when the page needed is already in memory but not
allocated to the faulting process, in that case the kernel
only has to create a new page-table entry pointing to the
shared physical page (not required to load a memory page from
disk).
major_pagefault: Happens when the page needed is NOT in memory, the kernel
has to create a new page-table entry and populate the
physical page (required to load a memory page from disk).
</code></pre>
<h1><a class="header" href="#io-statistics" id="io-statistics">I/O statistics</a></h1>
<pre><code class="language-markdown">pidstat -d -p <pid> [interval] [count]
</code></pre>
<h1><a class="header" href="#pgrep1" id="pgrep1">pgrep(1)</a></h1>
<pre><code class="language-markdown">pgrep [opts] <pattern>
-n only list newest matching process
-u <usr> only show matching for user <usr>
-l additionally list command
-a additionally list command + arguments
</code></pre>
<h2><a class="header" href="#debug-newest-process" id="debug-newest-process">Debug newest process</a></h2>
<p>For example attach gdb to newest zsh process from <code>$USER</code>.</p>
<pre><code class="language-markdown">gdb -p $(pgrep -n -u $USER zsh)
</code></pre>
<h1><a class="header" href="#pmap1" id="pmap1">pmap(1)</a></h1>
<pre><code class="language-markdown">pmap <pid>
Dump virtual memory map of process.
Compared to /proc/<pid>/maps it shows the size of the mappings.
</code></pre>
<h1><a class="header" href="#pstack1" id="pstack1">pstack(1)</a></h1>
<pre><code class="language-markdown">pstack <pid>
Dump stack for all threads of process.
</code></pre>
<h1><a class="header" href="#trace-and-profile" id="trace-and-profile">Trace and Profile</a></h1>
<ul>
<li><a href="trace_profile/./strace.html">strace</a></li>
<li><a href="trace_profile/./ltrace.html">ltrace</a></li>
<li><a href="trace_profile/./perf.html">perf</a></li>
<li><a href="trace_profile/./oprofile.html">OProfile</a></li>
<li><a href="trace_profile/./time.html">time</a></li>
</ul>
<h1><a class="header" href="#strace1" id="strace1">strace(1)</a></h1>
<pre><code class="language-markdown">strace [opts] [prg]
-f .......... follow child processes on fork(2)
-p <pid> .... attach to running process
-s <size> ... max string size, truncate of longer (default: 32)
-e <expr> ... expression for trace filtering
-o <file> ... log output into <file>
-c .......... dump syscall statitics at the end
-k .......... dump stack trace for each syscall
-P <path> ... only trace syscall accesing path
-y .......... print paths for FDs
-tt ......... print absolute timestamp (with us precision)
-r .......... print relative timestamp
</code></pre>
<pre><code class="language-markdown"><expr>:
trace=syscall[,syscall] .... trace only syscall listed
trace=file ................. trace all syscall that take a filename as arg
trace=process .............. trace process management related syscalls
trace=signal ............... trace signal related syscalls
signal ..................... trace signals delivered to the process
</code></pre>
<h1><a class="header" href="#examples-5" id="examples-5">Examples</a></h1>
<p>Trace <code>open(2)</code> & <code>socket(2)</code> syscalls for a running process + child processes:</p>
<pre><code class="language-markdown">strace -f -e trace=open,socket -p <pid>
</code></pre>
<p>Trace signals delivered to a running process:</p>
<pre><code class="language-markdown">strace -e signal -e 'trace=!all' -p <pid>
</code></pre>
<h1><a class="header" href="#ltrace1" id="ltrace1">ltrace(1)</a></h1>
<pre><code class="language-markdown">ltrace [opts] [prg]
-f .......... follow child processes on fork(2)
-p <pid> .... attach to running process
-o <file> ... log output into <file>
-l <filter> . show who calls into lib matched by <filter>
-C .......... demangle
</code></pre>
<h1><a class="header" href="#example-5" id="example-5">Example</a></h1>
<p>List which program/libs call into <code>libstdc++</code>:</p>
<pre><code class="language-bash">ltrace -l '*libstdc++*' -C -o ltrace.log ./main
</code></pre>
<h1><a class="header" href="#perf1" id="perf1">perf(1)</a></h1>
<pre><code class="language-markdown">perf list show supported hw/sw events
perf stat
-p <pid> .. show stats for running process
-I <ms> ... show stats periodically over interval <ms>
-e <ev> ... filter for events
perf top
-p <pid> .. show stats for running process
-F <hz> ... sampling frequency
-K ........ hide kernel threads
perf record
-p <pid> ............... record stats for running process
-F <hz> ................ sampling frequency
--call-graph <method> .. [fp, dwarf, lbr] method how to caputre backtrace
fp : use frame-pointer, need to compile with
-fno-omit-frame-pointer
dwarf: use .cfi debug information
lbr : use hardware last branch record facility
-g ..................... short-hand for --call-graph fp
-e <ev> ................ filter for events
perf report
-n .................... annotate symbols with nr of samples
--stdio ............... report to stdio, if not presen tui mode
-g graph,0.5,caller ... show caller based call chains with value >0.5
</code></pre>
<pre><code class="language-markdown">Useful <ev>:
page-faults
minor-faults
major-faults
cpu-cycles`
task-clock
</code></pre>
<h2><a class="header" href="#a-hrefhttpsgithubcombrendangreggflamegraphflamegrapha" id="a-hrefhttpsgithubcombrendangreggflamegraphflamegrapha"><a href="https://github.com/brendangregg/FlameGraph"><code>Flamegraph</code></a></a></h2>
<h3><a class="header" href="#flamegraph-with-single-event-trace" id="flamegraph-with-single-event-trace">Flamegraph with single event trace</a></h3>
<pre><code class="language-markdown">perf record -g -e cpu-cycles -p <pid>
perf script | FlameGraph/stackcollapse-perf.pl | FlameGraph/flamegraph.pl > cycles-flamegraph.svg
</code></pre>
<h3><a class="header" href="#flamegraph-with-multiple-event-traces" id="flamegraph-with-multiple-event-traces">Flamegraph with multiple event traces</a></h3>
<pre><code class="language-markdown">perf record -g -e cpu-cycles,page-faults -p <pid>
perf script --per-event-dump
# fold & generate as above
</code></pre>
<h1><a class="header" href="#a-hrefhttpsoprofilesourceforgeiooprofilea" id="a-hrefhttpsoprofilesourceforgeiooprofilea"><a href="https://oprofile.sourceforge.io/">OProfile</a></a></h1>
<pre><code class="language-markdown">operf -g -p <pid>
-g ...... caputre call-graph information
opreport [opt] FILE
show time spent per binary image
-l ...... show time spent per symbol
-c ...... show callgraph information (see below)
-a ...... add column with time spent accumulated over child nodes
ophelp show supported hw/sw events
</code></pre>
<h1><a class="header" href="#usrbintime1" id="usrbintime1">/usr/bin/time(1)</a></h1>
<pre><code class="language-markdown"># statistics of process run
/usr/bin/time -v <cmd>
</code></pre>
<h1><a class="header" href="#binary" id="binary">Binary</a></h1>
<ul>
<li><a href="binary/./od.html">od</a></li>
<li><a href="binary/./xxd.html">xxd</a></li>
<li><a href="binary/./readelf.html">readelf</a></li>
<li><a href="binary/./objdump.html">objdump</a></li>
<li><a href="binary/./nm.html">nm</a></li>
</ul>
<h1><a class="header" href="#od1" id="od1">od(1)</a></h1>
<pre><code class="language-markdown"> od [opts] <file>
-An don't print addr info
-tx4 print hex in 4 byte chunks
-ta print as named character
-tc printable chars or backslash escape
-w4 print 4 bytes per line
-j <n> skip <n> bytes from <file> (hex if start with 0x)
-N <n> dump <n> bytes (hex of start with 0x)
</code></pre>
<h2><a class="header" href="#ascii-to-hex-string" id="ascii-to-hex-string">ASCII to hex string</a></h2>
<pre><code class="language-markdown"> echo -n AAAABBBB | od -An -w4 -tx4
>> 41414141
>> 42424242
echo -n '\x7fELF\n' | od -tx1 -ta -tc
>> 0000000 7f 45 4c 46 0a # tx1
>> del E L F nl # ta
>> 177 E L F \n # tc
</code></pre>
<h2><a class="header" href="#extract-parts-of-file" id="extract-parts-of-file">Extract parts of file</a></h2>
<p>For example <code>.rodata</code> section from an elf file. We can use <code>readelf</code> to get the
offset into the file where the <code>.rodata</code> section starts.</p>
<pre><code class="language-markdown"> readelf -W -S foo
>> Section Headers:
>> [Nr] Name Type Address Off Size ES Flg Lk Inf Al
>> ...
>> [15] .rodata PROGBITS 00000000004009c0 0009c0 000030 00 A 0 0 16
</code></pre>
<p>With the offset of <code>-j 0x0009c0</code> we can dump <code>-N 0x30</code> bytes from the beginning of
the <code>.rodata</code> section as follows:</p>
<pre><code class="language-markdown"> od -j 0x0009c0 -N 0x30 -tx4 -w4 foo
>> 0004700 00020001
>> 0004704 00000000
>> *
>> 0004740 00000001
>> 0004744 00000002
>> 0004750 00000003
>> 0004754 00000004
</code></pre>
<p><strong>Note</strong>: Numbers starting with <code>0x</code> will be interpreted as hex by <code>od</code>.</p>
<h1><a class="header" href="#xxd1" id="xxd1">xxd(1)</a></h1>
<pre><code class="language-markdown"> xxd [opts]
-p dump continuous hexdump
-r convert hexdump into binary ('revert')
-e dump as little endian mode
-i output as C array
</code></pre>
<h2><a class="header" href="#ascii-to-hex-stream" id="ascii-to-hex-stream">ASCII to hex stream</a></h2>
<pre><code class="language-markdown"> echo -n 'aabb' | xxd -p
>> 61616262
</code></pre>
<h2><a class="header" href="#hex-to-binary-stream" id="hex-to-binary-stream">Hex to binary stream</a></h2>
<pre><code class="language-markdown"> echo -n '61616262' | xxd -p -r
>> aabb
</code></pre>
<h2><a class="header" href="#ascii-to-binary" id="ascii-to-binary">ASCII to binary</a></h2>
<pre><code class="language-markdown"> echo -n '\x7fELF' | xxd -p | xxd -p -r | file -p -
>> ELF
</code></pre>
<h2><a class="header" href="#ascii-to-c-array-hex-encoded" id="ascii-to-c-array-hex-encoded">ASCII to <code>C</code> array (hex encoded)</a></h2>
<pre><code class="language-markdown"> xxd -i <(echo -n '\x7fELF')
>> unsigned char _proc_self_fd_11[] = {
>> 0x7f, 0x45, 0x4c, 0x46
>> };
>> unsigned int _proc_self_fd_11_len = 4;
</code></pre>
<h1><a class="header" href="#readelf1" id="readelf1">readelf(1)</a></h1>
<pre><code class="language-markdown"> readelf [opts] <elf>
-W|--wide wide output, dont break output at 80 chars
-h print ELF header
-S print section headers
-l print program headers + segment mapping
-d print .dynamic section (dynamic link information)
--syms print symbol tables (.symtab .dynsym)
--dyn-syms print dynamic symbol table (exported symbols for dynamic linker)
-r print relocation sections (.rel.*, .rela.*)
</code></pre>
<h1><a class="header" href="#objdump1" id="objdump1">objdump(1)</a></h1>
<pre><code class="language-markdown"> objdump [opts] <elf>
-M intel use intil syntax
-d disassemble text section
-D disassemble all sections
-S mix disassembly with source code
-C demangle
-j <section> display info for section
--[no-]show-raw-insn [dont] show object code next to disassembly
</code></pre>
<h2><a class="header" href="#disassemble-section" id="disassemble-section">Disassemble section</a></h2>
<p>For example <code>.plt</code> section:</p>
<pre><code class="language-markdown"> objdump -j .plt -d <elf>
</code></pre>
<h1><a class="header" href="#nm1" id="nm1">nm(1)</a></h1>
<pre><code class="language-markdown"> nm [opts] <elf>
-C demangle
-u undefined only
</code></pre>
<h1><a class="header" href="#development" id="development">Development</a></h1>
<ul>
<li><a href="development/./c++filt.html">c++filt</a></li>
<li><a href="development/./c++.html">c++</a></li>
<li><a href="development/./glibc.html">glibc</a></li>
<li><a href="development/./gcc.html">gcc</a></li>
<li>[make] (./make.md)</li>
<li><a href="development/./ld.so.html">ld.so</a></li>
<li><a href="development/./symbolver.html">symbol versioning</a></li>
<li><a href="development/./python.html">python</a></li>
</ul>
<h1><a class="header" href="#cfilt1" id="cfilt1">c++filt(1)</a></h1>
<h2><a class="header" href="#demangle-symbol" id="demangle-symbol">Demangle symbol</a></h2>
<pre><code class="language-markdown"> c++-filt <symbol_str>
</code></pre>
<h2><a class="header" href="#demangle-stream" id="demangle-stream">Demangle stream</a></h2>
<p>For example dynamic symbol table:</p>
<pre><code class="language-markdown"> readelf -W --dyn-syms <elf> | c++filt
</code></pre>
<h1><a class="header" href="#c" id="c">c++</a></h1>
<h2><a class="header" href="#type-deduction" id="type-deduction">Type deduction</a></h2>
<p>Force compile error to see what <code>auto</code> is deduced to.</p>
<pre><code class="language-cpp">auto foo = bar();
// force compile error
typename decltype(foo)::_;
</code></pre>
<h2><a class="header" href="#variadic-templates-a-hrefhttpsencppreferencecomwcpplanguageparameter_packparameter-packa" id="variadic-templates-a-hrefhttpsencppreferencecomwcpplanguageparameter_packparameter-packa">Variadic templates (<a href="https://en.cppreference.com/w/cpp/language/parameter_pack">parameter pack</a>)</a></h2>
<pre><code class="language-cpp">{{#include c++/meta.cc:3:}}
</code></pre>
<h2><a class="header" href="#a-hrefhttpsencppreferencecomwcpplanguagesfinaesfinaea-example-a-hrefhttpsencppreferencecomwcpptypesenable_ifenable_ifa" id="a-hrefhttpsencppreferencecomwcpplanguagesfinaesfinaea-example-a-hrefhttpsencppreferencecomwcpptypesenable_ifenable_ifa"><a href="https://en.cppreference.com/w/cpp/language/sfinae">SFINAE</a> example (<a href="https://en.cppreference.com/w/cpp/types/enable_if">enable_if</a>)</a></h2>
<pre><code class="language-cpp">{{#include c++/meta2.cc:3:}}
</code></pre>
<h1><a class="header" href="#glibc" id="glibc">glibc</a></h1>
<h2><a class="header" href="#malloc-tracer-a-hrefhttpman7orglinuxman-pagesman3mtrace3htmlmtrace3a" id="malloc-tracer-a-hrefhttpman7orglinuxman-pagesman3mtrace3htmlmtrace3a">malloc tracer <a href="http://man7.org/linux/man-pages/man3/mtrace.3.html"><code>mtrace(3)</code></a></a></h2>
<p>Trace memory allocation and de-allocation to detect memory leaks.
Need to call <code>mtrace(3)</code> to install the tracing hooks.</p>
<p>If we can't modify the binary to call <code>mtrace</code> we can create a small shared
library and pre-load it.</p>
<pre><code class="language-c">// libmtrace.c
#include <mcheck.h>
__attribute__((constructor)) static void init_mtrace() { mtrace(); }
</code></pre>
<p>Compile as:</p>
<pre><code class="language-bash">gcc -shared -fPIC -o libmtrace.so libmtrace.c
</code></pre>
<p>To generate the trace file run:</p>
<pre><code class="language-bash">export MALLOC_TRACE=<file>
LD_PRELOAD=./libmtrace.so <binary>
</code></pre>
<p><strong>Note</strong>: If <code>MALLOC_TRACE</code> is not set <code>mtrace</code> won't install tracing hooks.</p>
<p>To get the results of the trace file:</p>
<pre><code class="language-bash">mtrace <binary> $MALLOC_TRACE
</code></pre>
<h2><a class="header" href="#malloc-check-a-hrefhttpman7orglinuxman-pagesman3mallopt3htmlmallopt3a" id="malloc-check-a-hrefhttpman7orglinuxman-pagesman3mallopt3htmlmallopt3a">malloc check <a href="http://man7.org/linux/man-pages/man3/mallopt.3.html"><code>mallopt(3)</code></a></a></h2>
<p>Configure action when glibc detects memory error.</p>
<pre><code class="language-bash">export MALLOC_CHECK_=<N>
</code></pre>
<p>Useful values:</p>
<pre><code class="language-markdown">1 print detailed error & continue
3 print detailed error + stack trace + memory mappings & abort
7 print simple error message + stack trace + memory mappings & abort
</code></pre>
<h1><a class="header" href="#gcc1" id="gcc1">gcc(1)</a></h1>
<h2><a class="header" href="#cli-2" id="cli-2">CLI</a></h2>
<h3><a class="header" href="#preprocessing" id="preprocessing">Preprocessing</a></h3>
<p>While debugging can be helpful to just pre-process files.</p>
<pre><code class="language-bash">gcc -E [-dM] ...
</code></pre>
<ul>
<li><code>-E</code> run only preprocessor</li>
<li><code>-dM</code> list only <code>#define</code> statements</li>
<li><code>-###</code> dry-run, outputting exact compiler/linker invocations</li>
<li><code>-print-multi-lib</code> print available multilib configurations</li>
</ul>
<h3><a class="header" href="#target-options" id="target-options">Target options</a></h3>
<pre><code class="language-bash"># List all target options with their description.
gcc --help=target
# Configure for current cpu arch and query (-Q) value of options.
gcc -march=native -Q --help=target
</code></pre>
<h2><a class="header" href="#a-hrefhttpsgccgnuorgonlinedocsgccother-builtinshtmlbuiltinsa" id="a-hrefhttpsgccgnuorgonlinedocsgccother-builtinshtmlbuiltinsa"><a href="https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html">Builtins</a></a></h2>
<h3><a class="header" href="#__builtin_expectexpr-cond" id="__builtin_expectexpr-cond"><code>__builtin_expect(expr, cond)</code></a></h3>
<p>Give the compiler a hint which branch is hot, so it can lay out the code
accordingly to reduce number of jump instructions.
See on <a href="https://godbolt.org/z/MbTHAP">compiler explorer</a>.</p>
<pre><code class="language-bash">echo "
extern void foo();
extern void bar();
void run0(int x) {
if (__builtin_expect(x,0)) { foo(); }
else { bar(); }
}
void run1(int x) {
if (__builtin_expect(x,1)) { foo(); }
else { bar(); }
}
" | gcc -O2 -S -masm=intel -o /dev/stdout -xc -
</code></pre>
<p>Will generate something similar to the following.</p>
<ul>
<li><code>run0</code>: <code>bar</code> is on the path without branch</li>
<li><code>run1</code>: <code>foo</code> is on the path without branch</li>
</ul>
<pre><code class="language-x86asm">run0:
test edi, edi
jne .L4
xor eax, eax
jmp bar
.L4:
xor eax, eax
jmp foo
run1:
test edi, edi
je .L6
xor eax, eax
jmp foo
.L6:
xor eax, eax
jmp bar
</code></pre>
<h2><a class="header" href="#abi-linux" id="abi-linux">ABI (Linux)</a></h2>
<ul>
<li>C ABI - <a href="https://www.uclibc.org/docs/psABI-x86_64.pdf">SystemV ABI</a></li>
<li>C++ ABI - <a href="https://itanium-cxx-abi.github.io/cxx-abi">C++ Itanium ABI</a></li>
</ul>
<h1><a class="header" href="#make1" id="make1">make(1)</a></h1>
<h2><a class="header" href="#anatomy-of-make-rules" id="anatomy-of-make-rules">Anatomy of <code>make</code> rules</a></h2>
<pre><code class="language-make">target .. : prerequisite ..
recipe
..
</code></pre>
<ul>
<li><code>target</code>: an output generated by the rule</li>
<li><code>prerequisite</code>: an input that is used to generate the target</li>
<li><code>recipe</code>: list of actions to generate the output from the input</li>
</ul>
<blockquote>
<p>Use <code>make -p</code> to print all rules and variables (implicitly + explicitly defined).</p>
</blockquote>
<h2><a class="header" href="#pattern-rules--automatic-variables" id="pattern-rules--automatic-variables">Pattern rules & Automatic variables</a></h2>
<h3><a class="header" href="#pattern-rules" id="pattern-rules">Pattern rules</a></h3>
<p>A pattern rule contains the <code>%</code> char (exactly one of them) and look like this example:</p>
<pre><code class="language-make">%.o : %.c
$(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
</code></pre>
<p>The target matches files of the pattern <code>%.o</code>, where <code>%</code> matches any none-empty
substring and other character match just them self.</p>
<p>The substring matched by <code>%</code> is called the <code>stem</code>.</p>
<p><code>%</code> in the prerequisite stands for the matched <code>stem</code> in the target.</p>
<h3><a class="header" href="#automatic-variables" id="automatic-variables">Automatic variables</a></h3>
<p>As targets and prerequisites in pattern rules can't be spelled explicitly in
the recipe, make provides a set of automatic variables to work with:</p>
<ul>
<li><code>$@</code>: Name of the target that triggered the rule.</li>
<li><code>$<</code>: Name of the first prerequisite.</li>
<li><code>$^</code>: Names of all prerequisites (without duplicates).</li>
<li><code>$+</code>: Names of all prerequisites (with duplicates).</li>
<li><code>$*</code>: Stem of the pattern rule.</li>
</ul>
<pre><code class="language-make"># file: Makefile
all: foobar blabla
foo% bla%: aaa bbb bbb
@echo "@ = $@"
@echo "< = $<"
@echo "^ = $^"
@echo "+ = $+"
@echo "* = $*"
@echo "----"
aaa:
bbb:
</code></pre>
<p>Running above <code>Makefile</code> gives:</p>
<pre><code class="language-test">@ = foobar
< = aaa
^ = aaa bbb
+ = aaa bbb bbb
* = bar
----
@ = blabla
< = aaa
^ = aaa bbb
+ = aaa bbb bbb
* = bla
----
</code></pre>
<p>Variables related to filesystem paths:</p>
<ul>
<li><code>$(CURDIR)</code>: Path of current working dir after using <code>make -C path</code></li>
</ul>
<h2><a class="header" href="#useful-functions" id="useful-functions">Useful functions</a></h2>
<h3><a class="header" href="#substitution-references" id="substitution-references">Substitution references</a></h3>
<p>Substitute strings matching pattern in a list.</p>
<pre><code class="language-make">in := a.o l.a c.o
out := $(in:.o=.c)
# => out = a.c l.a c.c
</code></pre>
<h3><a class="header" href="#filter" id="filter"><code>filter</code></a></h3>
<p>Keep strings matching a pattern in a list.</p>
<pre><code class="language-make">in := a.a b.b c.c d.d
out := $(filter %.b %.c, $(in))
# => out = b.b c.c
</code></pre>
<h3><a class="header" href="#filter-out" id="filter-out"><code>filter-out</code></a></h3>
<p>Remove strings matching a pattern from a list.</p>
<pre><code class="language-make">in := a.a b.b c.c d.d
out := $(filter-out %.b %.c, $(in))
# => out = a.a d.d
</code></pre>
<h3><a class="header" href="#abspath" id="abspath"><code>abspath</code></a></h3>
<p>Resolve each file name as absolute path (don't resolve symlinks).</p>
<pre><code class="language-make">$(abspath fname1 fname2 ..)
### `realpath`
Resolve each file name as canonical path.
```make
$(realpath fname1 fname2 ..)
</code></pre>
<h1><a class="header" href="#ldso8" id="ldso8">ld.so(8)</a></h1>
<h2><a class="header" href="#environment-variables" id="environment-variables">Environment Variables</a></h2>
<pre><code class="language-console"> LD_PRELOAD=<l_so> colon separated list of libso's to be pre loaded
LD_DEBUG=<opts> comma separated list of debug options
=help list available options
=libs show library search path
=files processing of input files
=symbols show search path for symbol lookup
=bindings show against which definition a symbol is bound
</code></pre>
<h2><a class="header" href="#ld_preload-initialization-order-and-link-map" id="ld_preload-initialization-order-and-link-map">LD_PRELOAD: Initialization Order and Link Map</a></h2>
<p>Libraries specified in <code>LD_PRELOAD</code> are loaded from <code>left-to-right</code> but
initialized from <code>right-to-left</code>.</p>
<pre><code class="language-markdown"> > ldd ./main
>> libc.so.6 => /usr/lib/libc.so.6
> LD_PRELOAD=liba.so:libb.so ./main
-->
preloaded in this order
<--
initialized in this order
</code></pre>
<p>The preload order determines:</p>
<ul>
<li>the order libraries are inserted into the <code>link map</code></li>
<li>the initialization order for libraries</li>
</ul>
<p>For the example listed above the resulting <code>link map</code> will look like the
following:</p>
<pre><code class="language-makrdown"> +------+ +------+ +------+ +------+
| main | -> | liba | -> | libb | -> | libc |
+------+ +------+ +------+ +------+
</code></pre>
<p>This can be seen when running with <code>LD_DEBUG=files</code>:</p>
<pre><code class="language-makrdown"> > LD_DEBUG=files LD_PRELOAD=liba.so:libb.so ./main
# load order (-> determines link map)
>> file=liba.so [0]; generating link map
>> file=libb.so [0]; generating link map
>> file=libc.so.6 [0]; generating link map
# init order
>> calling init: /usr/lib/libc.so.6
>> calling init: <path>/libb.so
>> calling init: <path>/liba.so
>> initialize program: ./main
</code></pre>
<p>To verify the <code>link map</code> order we let <code>ld.so</code> resolve the <code>memcpy(3)</code> libc
symbol (used in <em>main</em>) dynamically, while enabling <code>LD_DEBUG=symbols,bindings</code>
to see the resolving in action.</p>
<pre><code class="language-makrdown"> > LD_DEBUG=symbols,bindings LD_PRELOAD=liba.so:libb.so ./main
>> symbol=memcpy; lookup in file=./main [0]
>> symbol=memcpy; lookup in file=<path>/liba.so [0]
>> symbol=memcpy; lookup in file=<path>/libb.so [0]
>> symbol=memcpy; lookup in file=/usr/lib/libc.so.6 [0]
>> binding file ./main [0] to /usr/lib/libc.so.6 [0]: normal symbol `memcpy' [GLIBC_2.14]
</code></pre>
<h2><a class="header" href="#dynamic-linking-x86_64" id="dynamic-linking-x86_64">Dynamic Linking (x86_64)</a></h2>
<p>Dynamic linking basically works via one indirect jump. It uses a combination of
function trampolines (<code>.plt</code> section) and a function pointer table (<code>.got.plt</code>
section).
On the first call the trampoline sets up some metadata and then jumps to the
<code>ld.so</code> runtime resolve function, which in turn patches the table with the
correct function pointer.</p>
<pre><code class="language-makrdown"> .plt ....... procedure linkage table, contains function trampolines, usually
located in code segment (rx permission)
.got.plt ... global offset table for .plt, holds the function pointer table
</code></pre>
<p>Using <code>radare2</code> we can analyze this in more detail:</p>
<pre><code class="language-makrdown"> [0x00401040]> pd 4 @ section..got.plt
;-- section..got.plt:
;-- .got.plt: ; [22] -rw- section size 32 named .got.plt
;-- _GLOBAL_OFFSET_TABLE_:
[0] 0x00404000 .qword 0x0000000000403e10 ; section..dynamic
[1] 0x00404008 .qword 0x0000000000000000
; CODE XREF from section..plt @ +0x6
[2] 0x00404010 .qword 0x0000000000000000
;-- reloc.puts:
; CODE XREF from sym.imp.puts @ 0x401030
[3] 0x00404018 .qword 0x0000000000401036 ; RELOC 64 puts
[0x00401040]> pd 6 @ section..plt
;-- section..plt:
;-- .plt: ; [12] -r-x section size 32 named .plt
┌─> 0x00401020 ff35e22f0000 push qword [0x00404008]
â•Ž 0x00401026 ff25e42f0000 jmp qword [0x00404010]
â•Ž 0x0040102c 0f1f4000 nop dword [rax]
┌ 6: int sym.imp.puts (const char *s);
â”” â•Ž 0x00401030 ff25e22f0000 jmp qword [reloc.puts]
â•Ž 0x00401036 6800000000 push 0
└─< 0x0040103b e9e0ffffff jmp sym..plt
</code></pre>
<ul>
<li>At address <code>0x00401030</code> in the <code>.plt</code> section we see the indirect jump for
<code>puts</code> using the function pointer in <code>_GLOBAL_OFFSET_TABLE_[3] (GOT)</code>.</li>
<li><code>GOT[3]</code> initially points to instruction after the <code>puts</code> trampoline
<code>0x00401036</code>.</li>
<li>This pushes the relocation index <code>0</code> and then jumps to the first trampoline
<code>0x00401020</code>.</li>
<li>The first trampoline jumps to <code>GOT[2]</code> which will be filled at program
startup by the <code>ld.so</code> with its resolve function.</li>
<li>The <code>ld.so</code> resolve function fixes the relocation referenced by the
relocation index pushed by the <code>puts</code> trampoline.</li>
<li>The relocation entry at index <code>0</code> tells the resolve function which symbol to
search for and where to put the function pointer:
<pre><code class="language-makrdown"> > readelf -r <main>
>> Relocation section '.rela.plt' at offset 0x4b8 contains 1 entry:
>> Offset Info Type Sym. Value Sym. Name + Addend
>> 000000404018 000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0
</code></pre>
As we can see the offset from relocation at index <code>0</code> points to <code>GOT[3]</code>.</li>
</ul>
<h1><a class="header" href="#elf-symbol-versioning" id="elf-symbol-versioning">ELF Symbol Versioning</a></h1>
<p>The <a href="https://refspecs.linuxbase.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/symversion.html">ELF symbol versioning</a> mechanism allows to attach version
information to symbols.
This can be used to express symbol version requirements or to provide certain
symbols multiple times in the same ELF file with different versions (eg for
backwards compatibility).</p>
<p>The <code>libpthread.so</code> library is an example which provides the
<code>pthread_cond_wait</code> symbol multiple times but in different versions.
With readelf the version of the symbol can be seen after the <code>@</code>.</p>
<pre><code class="language-bash">> readelf -W --dyn-syms /lib/libpthread.so
Symbol table '.dynsym' contains 342 entries:
Num: Value Size Type Bind Vis Ndx Name
...
141: 0000f080 696 FUNC GLOBAL DEFAULT 16 pthread_cond_wait@@GLIBC_2.3.2
142: 00010000 111 FUNC GLOBAL DEFAULT 16 pthread_cond_wait@GLIBC_2.2.5
</code></pre>
<p>The <code>@@</code> denotes the <strong>default symbol version</strong> which will be used during
static linking against the library.
The following dump shows that the <code>tmp</code> program linked against <code>lpthread</code> will
depend on the symbol version <code>GLIBC_2.3.2</code>, which is the default version.</p>
<pre><code class="language-bash">> echo "#include <pthread.h>
int main() {
return pthread_cond_wait(0,0);
}" | gcc -o tmp -xc - -lpthread;
readelf -W --dyn-syms tmp | grep pthread_cond_wait;
Symbol table '.dynsym' contains 7 entries:
Num: Value Size Type Bind Vis Ndx Name
...
2: 00000000 0 FUNC GLOBAL DEFAULT UND pthread_cond_wait@GLIBC_2.3.2 (2)
</code></pre>
<blockquote>
<p>Only <strong>one</strong> symbol can be annotated as the <code>@@</code> default version.</p>
</blockquote>
<p>Using the <code>--version-info</code> flag with readelf, more details on the symbol
version info compiled into the <code>tmp</code> ELF file can be obtained.</p>
<ul>
<li>The <code>.gnu.version</code> section contains the version definition for each symbol in
the <code>.dynsym</code> section. <code>pthread_cond_wait</code> is at index <code>2</code> in the <code>.dynsym</code>
section, the corresponding symbol version is at index <code>2</code> in the
<code>.gnu.version</code> section.</li>
<li>The <code>.gnu.version_r</code> section contains symbol version requirements per shared
library dependency (<code>DT_NEEDED</code> dynamic entry).</li>
</ul>
<pre><code class="language-bash">> readelf -W --version-info --dyn-syms tmp
Symbol table '.dynsym' contains 7 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable
2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND pthread_cond_wait@GLIBC_2.3.2 (2)
3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (3)
4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
5: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable
6: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.2.5 (3)
Version symbols section '.gnu.version' contains 7 entries:
Addr: 0x0000000000000534 Offset: 0x000534 Link: 6 (.dynsym)
000: 0 (*local*) 0 (*local*) 2 (GLIBC_2.3.2) 3 (GLIBC_2.2.5)
004: 0 (*local*) 0 (*local*) 3 (GLIBC_2.2.5)
Version needs section '.gnu.version_r' contains 2 entries:
Addr: 0x0000000000000548 Offset: 0x000548 Link: 7 (.dynstr)
000000: Version: 1 File: libc.so.6 Cnt: 1
0x0010: Name: GLIBC_2.2.5 Flags: none Version: 3
0x0020: Version: 1 File: libpthread.so.0 Cnt: 1
0x0030: Name: GLIBC_2.3.2 Flags: none Version: 2
</code></pre>
<p>The gnu dynamic linker allows to inspect the version processing during runtime
by setting the <code>LD_DEBUG</code> environment variable accordingly.</p>
<pre><code class="language-text"># version: Display version dependencies.
> LD_DEBUG=versions ./tmp
717904: checking for version `GLIBC_2.2.5' in file /usr/lib/libc.so.6 [0] required by file ./tmp [0]
717904: checking for version `GLIBC_2.3.2' in file /usr/lib/libpthread.so.0 [0] required by file ./tmp [0]
...
# symbols : Display symbol table processing.
# bindings: Display information about symbol binding.
> LD_DEBUG=symbols,bindings ./tmp
...
718123: symbol=pthread_cond_wait; lookup in file=./tmp [0]
718123: symbol=pthread_cond_wait; lookup in file=/usr/lib/libpthread.so.0 [0]
718123: binding file ./tmp [0] to /usr/lib/libpthread.so.0 [0]: normal symbol `pthread_cond_wait' [GLIBC_2.3.2]
</code></pre>
<h2><a class="header" href="#example-version-script" id="example-version-script">Example: version script</a></h2>
<p>The following shows an example C++ library <code>libfoo</code> which provides the same
symbol multiple times but in different versions.</p>
<pre><code class="language-cpp">// file: libfoo.cc
#include<stdio.h>
// Bind function symbols to version nodes.
//
// ..@ -> Is the unversioned symbol.
// ..@@.. -> Is the default symbol.
__asm__(".symver func_v0,func@");
__asm__(".symver func_v1,func@LIB_V1");
__asm__(".symver func_v2,func@@LIB_V2");
extern "C" {
void func_v0() { puts("func_v0"); }
void func_v1() { puts("func_v1"); }
void func_v2() { puts("func_v2"); }
}
__asm__(".symver _Z11func_cpp_v1i,_Z8func_cppi@LIB_V1");
__asm__(".symver _Z11func_cpp_v2i,_Z8func_cppi@@LIB_V2");
void func_cpp_v1(int) { puts("func_cpp_v1"); }
void func_cpp_v2(int) { puts("func_cpp_v2"); }
void func_cpp(int) { puts("func_cpp_v2"); }
</code></pre>
<p>Version script for <code>libfoo</code> which defines which symbols for which versions are
exported from the ELF file.</p>
<pre><code class="language-ld"># file: libfoo.ver
LIB_V1 {
global:
func;
extern "C++" {
"func_cpp(int)";
};
local:
*;
};
LIB_V2 {
global:
func;
extern "C++" {
"func_cpp(int)";
};
} LIB_V1;
</code></pre>
<blockquote>
<p>The <strong>local:</strong> section in <code>LIB_V1</code> is a catch all, that matches any symbol
not explicitly specified, and defines that the symbol is local and therefore
not exported from the ELF file.</p>
</blockquote>
<p>The library <code>libfoo</code> can be linked with the version definitions in <code>libfoo.ver</code>
by passing the version script to the linker with the <code>--version-script</code> flag.</p>
<pre><code class="language-bash">> g++ -shared -fPIC -o libfoo.so libfoo.cc -Wl,--version-script=libfoo.ver
> readelf -W --dyn-syms libfoo.so | c++filt
Symbol table '.dynsym' contains 14 entries:
Num: Value Size Type Bind Vis Ndx Name
...
6: 0000000000000000 0 OBJECT GLOBAL DEFAULT ABS LIB_V1
7: 000000000000114b 29 FUNC GLOBAL DEFAULT 13 func_cpp(int)@LIB_V1
8: 0000000000001168 29 FUNC GLOBAL DEFAULT 13 func_cpp(int)@@LIB_V2
9: 0000000000001185 29 FUNC GLOBAL DEFAULT 13 func_cpp(int)@@LIB_V1
10: 0000000000000000 0 OBJECT GLOBAL DEFAULT ABS LIB_V2
11: 0000000000001109 22 FUNC GLOBAL DEFAULT 13 func
12: 000000000000111f 22 FUNC GLOBAL DEFAULT 13 func@LIB_V1
13: 0000000000001135 22 FUNC GLOBAL DEFAULT 13 func@@LIB_V2
</code></pre>
<p>The following program demonstrates how to make use of the different versions:</p>
<pre><code class="language-cpp">// file: main.cc
#include <dlfcn.h>
#include <assert.h>
// Links against default symbol in the lib.so.
extern "C" void func();
int main() {
// Call the default version.
func();
#ifdef _GNU_SOURCE
typedef void (*fnptr)();
// Unversioned lookup.
fnptr fn_v0 = (fnptr)dlsym(RTLD_DEFAULT, "func");
// Version lookup.
fnptr fn_v1 = (fnptr)dlvsym(RTLD_DEFAULT, "func", "LIB_V1");
fnptr fn_v2 = (fnptr)dlvsym(RTLD_DEFAULT, "func", "LIB_V2");
assert(fn_v0 != 0);
assert(fn_v1 != 0);
assert(fn_v2 != 0);
fn_v0();
fn_v1();
fn_v2();
#endif
return 0;
}
</code></pre>
<p>Compiling and running results in:</p>
<pre><code class="language-bash">> g++ -o main main.cc -ldl ./libfoo.so && ./main
func_v2
func_v0
func_v1
func_v2
</code></pre>
<h2><a class="header" href="#references-2" id="references-2">References</a></h2>
<ul>
<li><a href="https://akkadia.org/drepper/symbol-versioning">ELF Symbol Versioning</a></li>
<li><a href="https://sourceware.org/binutils/docs/ld/VERSION.html">Binutils ld: Symbol Versioning</a></li>
<li><a href="https://refspecs.linuxbase.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/symversion.html">LSB: Symbol Versioning</a></li>
<li><a href="https://akkadia.org/drepper/dsohowto.pdf">How To Write Shared Libraries</a></li>
</ul>
<h1><a class="header" href="#python" id="python">python</a></h1>
<h2><a class="header" href="#decorator-a-hrefhttpswwwonline-pythoncomiddie0gpyuruna" id="decorator-a-hrefhttpswwwonline-pythoncomiddie0gpyuruna">Decorator [<a href="https://www.online-python.com/IDdiE0gpYU">run</a>]</a></h2>
<p>Some decorator examples with type annotation.</p>
<pre><code class="language-python">from typing import Callable
def log(f: Callable[[int], None]) -> Callable[[int], None]:
def inner(x: int):
print(f"log::inner f={f.__name__} x={x}")
f(x)
return inner
@log
def some_fn(x: int):
print(f"some_fn x={x}")
def log_tag(tag: str) -> Callable[[Callable[[int], None]], Callable[[int], None]]:
def decorator(f: Callable[[int], None]) -> Callable[[int], None]:
def inner(x: int):
print(f"log_tag::inner f={f.__name__} tag={tag} x={x}")
f(x)
return inner
return decorator
@log_tag("some_tag")
def some_fn2(x: int):
print(f"some_fn2 x={x}")
</code></pre>
<h2><a class="header" href="#walrus-operator-a-hrefhttpswwwonline-pythoncom9t12pvmkvyruna" id="walrus-operator-a-hrefhttpswwwonline-pythoncom9t12pvmkvyruna">Walrus operator [<a href="https://www.online-python.com/9T12PvmKVy">run</a>]</a></h2>
<p>Walrus operator <code>:=</code> added since <strong>python 3.8</strong>.</p>
<pre><code class="language-python">from typing import Optional
# Example 1: if let statements
def foo(ret: Optional[int]) -> Optional[int]:
return ret
if r := foo(None):
print(f"foo(None) -> {r}")
if r := foo(1337):
print(f"foo(1337) -> {r}")
# Example 2: while let statements
toks = iter(['a', 'b', 'c'])
while tok := next(toks, None):
print(f"{tok}")
# Example 3: list comprehension
print([tok for t in [" a", " ", " b "] if (tok := t.strip())])
</code></pre>
<h2><a class="header" href="#a-hrefhttpsdocspythonorg3libraryunittesthtmlunittesta-a-hrefhttpswwwonline-pythoncom2fit4ucbziruna" id="a-hrefhttpsdocspythonorg3libraryunittesthtmlunittesta-a-hrefhttpswwwonline-pythoncom2fit4ucbziruna"><a href="https://docs.python.org/3/library/unittest.html">Unittest</a> [<a href="https://www.online-python.com/2fit4UcbzI">run</a>]</a></h2>
<p>Run unittests directly from the command line as <br />
<code>python3 -m unittest -v test</code></p>
<p>Optionally pass <code>-k <patter></code> to only run subset of tests.</p>
<pre><code class="language-python"># file: test.py
import unittest
class MyTest(unittest.TestCase):
def setUp(self):
pass
def tearDown(self):
pass
# Tests need to start with the prefix 'test'.
def test_foo(self):
self.assertEqual(1 + 2, 3)
def test_bar(self):
with self.assertRaises(IndexError):
list()[0]
</code></pre>
<h2><a class="header" href="#a-hrefhttpsdocspythonorg3librarydoctesthtmldoctesta-a-hrefhttpswwwonline-pythoncomlzst51unihruna" id="a-hrefhttpsdocspythonorg3librarydoctesthtmldoctesta-a-hrefhttpswwwonline-pythoncomlzst51unihruna"><a href="https://docs.python.org/3/library/doctest.html">Doctest</a> [<a href="https://www.online-python.com/LZst51UNIH">run</a>]</a></h2>
<p>Run doctests directly from the command line as <br />
<code>python -m doctest -v test.py</code></p>
<pre><code class="language-python"># file: test.py
def sum(a: int, b: int) -> int:
"""Sum a and b.
>>> sum(1, 2)
3
>>> sum(10, 20)
30
"""
return a + b
</code></pre>
<h2><a class="header" href="#a-hrefhttpsdocspythonorg3librarytimeithtmltimeita" id="a-hrefhttpsdocspythonorg3librarytimeithtmltimeita"><a href="https://docs.python.org/3/library/timeit.html">timeit</a></a></h2>
<p>Micro benchmarking.</p>
<pre><code class="language-bash">python -m timeit '[x.strip() for x in ["a ", " b"]]'
</code></pre>
<h1><a class="header" href="#linux" id="linux">Linux</a></h1>
<ul>
<li><a href="linux/./systemd.html">systemd</a></li>
<li><a href="linux/./coredump.html">coredump</a></li>
<li><a href="linux/./ptrace_scope.html">ptrace_scope</a></li>
</ul>
<h1><a class="header" href="#systemd" id="systemd">systemd</a></h1>
<h2><a class="header" href="#systemctl" id="systemctl">systemctl</a></h2>
<p>Inspect units:</p>
<pre><code class="language-text">systemctl [opts] [cmd]
[opts]
--user
[cmd]
list-units <pattern> List units in memory
status <unit> Show runtime status of unit
start <unit> Start a unit
stop <unit> Stop a unit
restart <unit> Restart a unit
reload <unit> Reload a unit
enable <unit> Enable a unit (persistent)
disable <unit> Disable a unit
cat <unit> Print unit file
show <unit> Show properties of unit
</code></pre>
<h3><a class="header" href="#example-trivial-user-unit" id="example-trivial-user-unit">Example: Trivial user unit</a></h3>
<pre><code class="language-bash"># Generate unit
mkdir -p ~/.config/systemd/user
echo '[Unit]
Description=Test logger
[Service]
Type=oneshot
ExecStart=logger "Hello from test unit"' > ~/.config/systemd/user/test.service
# Run unit
systemctl --user start test
# See log message
journalctl --user -u test -n 5
</code></pre>
<h2><a class="header" href="#journalctl" id="journalctl">journalctl</a></h2>
<p>Inspect journal logs:</p>
<pre><code class="language-text">journalctl [opts] [matches]
--user Current user journal (system by default)
-u <unit> Show logs for specified <unit>
-n <lines> Show only last <lines>
-f Follow journal
-g <pattern> Grep for <pattern>
</code></pre>
<p>Cleanup:</p>
<pre><code class="language-text">journalctl [opts]
--disk-usage Show current disk usage
--vacuum-size=<size> Reduce journal log to <size> (K/M/G)
</code></pre>
<h2><a class="header" href="#references-3" id="references-3">References</a></h2>
<ul>
<li><a href="https://www.man7.org/linux/man-pages/man5/systemd.unit.5.html">man systemd.unit(5)</a></li>
<li><a href="https://www.man7.org/linux/man-pages/man5/systemd.service.5.html">man systemd.service(5)</a></li>
</ul>
<h1><a class="header" href="#core5" id="core5">core(5)</a></h1>
<p>There are multiple requirements that must be satisfied that <code>coredumps</code> are
being generated, a full list can be found in <a href="https://man7.org/linux/man-pages/man5/core.5.html">core(5)</a>.</p>
<p>An important one is to configure the soft resource limit <code>RLMIT_CORE</code>
(typically as unlimited during debugging).
In a typical bash/zsh this can be done as</p>
<pre><code class="language-bash">ulimit -Sc unlimited
</code></pre>
<h2><a class="header" href="#naming-of-coredump-files" id="naming-of-coredump-files">Naming of coredump files</a></h2>
<p>There are two important kernel configs to control the naming:</p>
<pre><code class="language-config">/proc/sys/kernel/core_pattern
<pattern> => Specifies a name pattern for the coredump file. This can
include certain FORMAT specifier.
|<cmdline> => Coredump is pipe through stdin to the user space process
specified by the cmdline, this can also contain FORMAT specifier.
FORMAT specifier (full list, see core(5)):
%E Pathname of the executable ('/' replaced by '!').
%p PID of the dumping process in its pid namespace.
%P PID of the dumping process in the initial pid namespace.
%u Real UID of dumping process.
%s Signal number causing the dump.
/proc/sys/kernel/core_uses_pid
1 => Append ".<pid>" suffic to the coredump file name
(pid of the dumping process).
0 => Do not append the suffix.
</code></pre>
<h2><a class="header" href="#control-which-segments-are-dumped" id="control-which-segments-are-dumped">Control which segments are dumped</a></h2>
<p>Each process has a coredump filter defined in <code>/proc/<pid>/coredump_filter</code>
which specifies which memory segments are being dumped.
Filters are preseved across <code>fork/exec</code> calls and hence child processes inherit
the parents filters.</p>
<p>The filter is a bitmask where <code>1</code> indicates to dump the given type.</p>
<pre><code>From core(5):
bit 0 Dump anonymous private mappings.
bit 1 Dump anonymous shared mappings.
bit 2 Dump file-backed private mappings.
bit 3 Dump file-backed shared mappings.
bit 4 Dump ELF headers.
bit 5 Dump private huge pages.
bit 6 Dump shared huge pages.
bit 7 Dump private DAX pages.
bit 8 Dump shared DAX pages.
Default filter 0x33.
</code></pre>
<h1><a class="header" href="#some-examples-out-there" id="some-examples-out-there">Some examples out there</a></h1>
<h2><a class="header" href="#coredumpctl-systemd" id="coredumpctl-systemd">coredumpctl (systemd)</a></h2>
<pre><code class="language-bash"># List available coredumps.
coredumpctl list
TIME PID UID GID SIG COREFILE EXE SIZE
...
Fri 2022-03-11 12:10:48 CET 6363 1000 1000 SIGSEGV present /usr/bin/sleep 18.1K
# Get detailed info on specific coredump.
coredumpctl info 6363
# Debug specific coredump.
coredumpctl debug 6363
# Dump specific coredump to file.
coredumpctl dump 6363 -o <file>
</code></pre>
<h2><a class="header" href="#apport-ubuntu" id="apport-ubuntu">apport (ubuntu)</a></h2>
<p>Known crash report locations:</p>
<ul>
<li><code>/var/crash</code></li>
</ul>
<p>To get to the raw coredump, crash reports can be unpacked as:</p>
<pre><code class="language-bash">apport-unpack <crash_repot> <dest_dir>
</code></pre>
<p>The coredump resides under <code><dest_dir>/CoreDump</code>.</p>
<h1><a class="header" href="#ptrace_scope" id="ptrace_scope">ptrace_scope</a></h1>
<p>In case the kernel was compiled with the <code>yama</code> security module
(<code>CONFIG_SECURITY_YAMA</code>), tracing processes with <code>ptrace(2)</code> can be restricted.</p>
<pre><code class="language-config">/proc/sys/kernel/yama/ptrace_scope
0 => No restrictions.
1 => Restricted attach, only the following can attach
- A process in the parent hierarchy.
- A process with CAP_SYS_PTRACE.
- A process with the PID that the tracee allowed by via
PR_SET_PTRACER.
2 => Only processes with CAP_SYS_PTRACE in the user namespace of the tracee
can attach.
3 => No tracing allowed.
</code></pre>
<p>Further details in <a href="https://man7.org/linux/man-pages/man2/ptrace.2.html"><code>ptrace(2)</code></a>.</p>
<h1><a class="header" href="#network-1" id="network-1">Network</a></h1>
<ul>
<li><a href="network/./tcpdump.html">tcpdump</a></li>
</ul>
<h1><a class="header" href="#tcpdump1" id="tcpdump1">tcpdump(1)</a></h1>
<h1><a class="header" href="#cli-3" id="cli-3">CLI</a></h1>
<pre><code class="language-markdown">tcpdump [opts] -i <if> [<filter>]
-n Don't covert host/port names.
-w <file|-> Write pcap trace to file or stdout (-).
-r <file> Read & parse pcap file.
</code></pre>
<p>Some useful filters.</p>
<pre><code class="language-markdown">src <ip> Filter for source IP.
dst <ip> Filter for destination IP.
host <ip> Filter for IP (src + dst).
net <ip>/<range> Filter traffic on subnet.
[src/dst] port <port> Filter for port (optionally src/dst).
tcp/udp/icmp Filter for protocol.
</code></pre>
<blockquote>
<p>Use <code>and/or/not</code> and <code>()</code> to build filter expressions.</p>
</blockquote>
<h1><a class="header" href="#examples-6" id="examples-6">Examples</a></h1>
<h2><a class="header" href="#capture-packets-from-remote-host" id="capture-packets-from-remote-host">Capture packets from remote host</a></h2>
<pre><code class="language-makrdown"># -k: Start capturing immediately.
ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i -
</code></pre>
<h1><a class="header" href="#arch" id="arch">Arch</a></h1>
<ul>
<li><a href="arch/./x86_64.html">x86_64</a></li>
<li><a href="arch/./arm64.html">arm64</a></li>
<li><a href="arch/./armv7.html">armv7</a></li>
<li><a href="arch/./riscv.html">riscv</a></li>
</ul>
<h1><a class="header" href="#x86_64" id="x86_64">x86_64</a></h1>
<p>keywords: x86_64, x86, abi</p>
<ul>
<li>64bit synonyms: <code>x86_64</code>, <code>x64</code>, <code>amd64</code>, <code>intel 64</code></li>
<li>32bit synonyms: <code>x86</code>, <code>ia32</code>, <code>i386</code></li>
<li>ISA type: <code>CISC</code></li>
<li>Endianness: <code>little</code></li>
</ul>
<h2><a class="header" href="#registers" id="registers">Registers</a></h2>
<h3><a class="header" href="#general-purpose-register" id="general-purpose-register">General purpose register</a></h3>
<pre><code class="language-markdown">bytes
[7:0] [3:0] [1:0] [1] [0] desc
----------------------------------------------------------
rax eax ax ah al accumulator
rbx ebx bx bh bl base register
rcx ecx cx ch cl counter
rdx edx dx dh dl data register
rsi esi si - sil source index
rdi edi di - dil destination index
rbp ebp bp - bpl base pointer
rsp esp sp - spl stack pointer
r8-15 rNd rNw - rNb
</code></pre>
<h3><a class="header" href="#special-register" id="special-register">Special register</a></h3>
<pre><code class="language-markdown">bytes
[7:0] [3:0] [1:0] desc
---------------------------------------------------
rflags eflags flags flags register
rip eip ip instruction pointer
</code></pre>
<h3><a class="header" href="#flags-register" id="flags-register">FLAGS register</a></h3>
<pre><code class="language-markdown">rflags
bits desc instr comment
--------------------------------------------------------------------------------------------------------------
[21] ID identification ability to set/clear -> indicates support for CPUID instr
[18] AC alignment check alignment exception for PL 3 (user), requires CR0.AM
[13:12] IOPL io privilege level
[11] OF overflow flag
[10] DF direction flag cld/std increment (0) or decrement (1) registers in string operations
[9] IF interrupt enable cli/sti
[7] SF sign flag
[6] ZF zero flag
[4] AF auxiliary carry flag
[2] PF parity flag
[0] CF carry flag
</code></pre>
<p>Change flag bits with <code>pushf</code> / <code>popf</code> instructions:</p>
<pre><code class="language-x86asm">pushfd // push flags (4bytes) onto stack
or dword ptr [esp], (1 << 18) // enable AC flag
popfd // pop flags (4byte) from stack
</code></pre>
<blockquote>
<p>There is also <code>pushfq</code> / <code>popfq</code> to push and pop all 8 bytes of <code>rflags</code>.</p>
</blockquote>
<h3><a class="header" href="#model-specific-register-msr" id="model-specific-register-msr">Model Specific Register (MSR)</a></h3>
<pre><code class="language-x86asm">rdmsr // Read MSR register, effectively does EDX:EAX <- MSR[ECX]
wrmsr // Write MSR register, effectively does MSR[ECX] <- EDX:EAX
</code></pre>
<h2><a class="header" href="#size-directives" id="size-directives">Size directives</a></h2>
<p>Explicitly specify size of the operation.</p>
<pre><code class="language-x86asm">mov byte ptr [rax], 0xff // save 1 byte(s) at [rax]
mov word ptr [rax], 0xff // save 2 byte(s) at [rax]
mov dword ptr [rax], 0xff // save 4 byte(s) at [rax]
mov qword ptr [rax], 0xff // save 8 byte(s) at [rax]
</code></pre>
<h2><a class="header" href="#addressing" id="addressing">Addressing</a></h2>
<pre><code class="language-x86asm">mov qword ptr [rax], rbx // save val in rbx at [rax]
mov qword ptr [imm], rbx // save val in rbx at [imm]
mov rax, qword ptr [rbx+4*rcx] // load val at [rbx+4*rcx] into rax
</code></pre>
<p><code>rip</code> relative addressing:</p>
<pre><code class="language-x86asm">lea rax, [rip+.my_str] // load addr of .my_str into rax
...
.my_str:
.asciz "Foo"
</code></pre>
<h2><a class="header" href="#string-instructions" id="string-instructions">String instructions</a></h2>
<p>The operand size of a string instruction is defined by the instruction suffix
<code>b | w | d | q</code>.</p>
<p>Source and destination registers are modified according to the <code>direction flag (DF)</code> in the <code>flags</code> register</p>
<ul>
<li><code>DF=0</code> increment src/dest registers</li>
<li><code>DF=1</code> decrement src/dest registers</li>
</ul>
<p>Following explanation assumes <code>byte</code> operands with <code>DF=0</code>:</p>
<pre><code class="language-x86asm">movsb // move data from string to string
// ES:[DI] <- DS:[SI]
// DI <- DI + 1
// SI <- SI + 1
lodsb // load string
// AL <- DS:[SI]
// SI <- SI + 1
stosb // store string
// ES:[DI] <- AL
// DI <- DI + 1
cmpsb // compare string operands
// DS:[SI] - ES:[DI] ; set status flag (eg ZF)
// SI <- SI + 1
// DI <- DI + 1
scasb // scan string
// AL - ES:[DI] ; set status flag (eg ZF)
// DI <- DI + 1
</code></pre>
<p>String operations can be repeated:</p>
<pre><code class="language-x86asm">rep // repeat until rcx = 0
repz // repeat until rcx = 0 or while ZF = 0
repnz // repeat until rcx = 0 or while ZF = 1
</code></pre>
<h3><a class="header" href="#example-simple-memset" id="example-simple-memset">Example: Simple <code>memset</code></a></h3>
<pre><code class="language-x86asm">// memset (dest, 0xaa /* char */, 0x10 /* len */)
lea di, [dest]
mov al, 0xaa
mov cx, 0x10
rep stosb
</code></pre>
<h2><a class="header" href="#a-hrefhttpswwwuclibcorgdocspsabi-x86_64pdfsysv-x86_64-abia" id="a-hrefhttpswwwuclibcorgdocspsabi-x86_64pdfsysv-x86_64-abia"><a href="https://www.uclibc.org/docs/psABI-x86_64.pdf">SysV x86_64 ABI</a></a></h2>
<h3><a class="header" href="#passing-arguments-to-functions" id="passing-arguments-to-functions">Passing arguments to functions</a></h3>
<ul>
<li>Integer/Pointer arguments
<pre><code class="language-markdown">reg arg
-----------
rdi 1
rsi 2
rdx 3
rcx 4
r8 5
r9 6
</code></pre>
</li>
<li>Floating point arguments
<pre><code class="language-markdown">reg arg
-----------
xmm0 1
.. ..
xmm7 8
</code></pre>
</li>
<li>Additional arguments are passed on the stack. Arguments are pushed
right-to-left (RTL), meaning next arguments are closer to current <code>rsp</code>.</li>
</ul>
<h3><a class="header" href="#return-values-from-functions" id="return-values-from-functions">Return values from functions</a></h3>
<ul>
<li>Integer/Pointer return values
<pre><code class="language-markdown">reg size
-----------------
rax 64 bit
rax+rdx 128 bit
</code></pre>
</li>
<li>Floating point return values:
<pre><code class="language-markdown">reg size
-------------------
xmm0 64 bit
xmm0+xmm1 128 bit
</code></pre>
</li>
</ul>
<h3><a class="header" href="#caller-saved-registers" id="caller-saved-registers">Caller saved registers</a></h3>
<p>Caller must save these registers if they should be preserved across function
calls.</p>
<ul>
<li><code>rax</code></li>
<li><code>rcx</code></li>
<li><code>rdx</code></li>
<li><code>rsi</code></li>
<li><code>rdi</code></li>
<li><code>rsp</code></li>
<li><code>r8</code> - <code>r11</code></li>
</ul>
<h3><a class="header" href="#callee-saved-registers" id="callee-saved-registers">Callee saved registers</a></h3>
<p>Caller can expect these registers to be preserved across function calls. Callee
must must save these registers in case they are used.</p>
<ul>
<li><code>rbx</code></li>
<li><code>rbp</code></li>
<li><code>r12</code> – <code>r15</code></li>
</ul>
<h3><a class="header" href="#stack" id="stack">Stack</a></h3>
<ul>
<li>grows downwards</li>
<li>frames aligned on 16 byte boundary
<pre><code class="language-text">Hi ADDR
| +------------+
| | prev frame |
| +------------+ <--- 16 byte aligned (X & ~0xf)
| [rbp+8] | saved RIP |
| [rbp] | saved RBP |
| [rbp-8] | func stack |
| | ... |
v +------------+
Lo ADDR
</code></pre>
</li>
</ul>
<h3><a class="header" href="#function-prologue--epilogue" id="function-prologue--epilogue">Function prologue & epilogue</a></h3>
<ul>
<li>prologue
<pre><code class="language-x86asm">push rbp // save caller base pointer
mov rbp, rsp // save caller stack pointer
</code></pre>
</li>
<li>epilogue
<pre><code class="language-x86asm">mov rsp, rbp // restore caller stack pointer
pop rbp // restore caller base pointer
</code></pre>
<blockquote>
<p>Equivalent to <code>leave</code> instruction.</p>
</blockquote>
</li>
</ul>
<h2><a class="header" href="#asm-skeleton" id="asm-skeleton">ASM skeleton</a></h2>
<p>Small assembler skeleton, ready to use with following properties:</p>
<ul>
<li>use raw Linux syscalls (<code>man 2 syscall</code> for ABI)</li>
<li>no <code>C runtime (crt)</code></li>
<li>gnu assembler <a href="https://sourceware.org/binutils/docs/as"><code>gas</code></a></li>
<li>intel syntax</li>
</ul>
<pre><code class="language-x86asm"># file: greet.s
.intel_syntax noprefix
.section .text, "ax", @progbits
.global _start
_start:
mov rdi, 1 # fd
lea rsi, [rip + greeting] # buf
mov rdx, [rip + greeting_len] # count
mov rax, 1 # write(2) syscall nr
syscall
mov rdi, 0 # exit code
mov rax, 60 # exit(2) syscall nr
syscall
.section .rdonly, "a", @progbits
greeting:
.asciz "Hi ASM-World!\n"
greeting_len:
.int .-greeting
</code></pre>
<blockquote>
<p>Syscall numbers are defined in <code>/usr/include/asm/unistd.h</code>.</p>
</blockquote>
<p>To compile and run:</p>
<pre><code class="language-bash">> gcc -o greet greet.s -nostartfiles -nostdlib && ./greet
Hi ASM-World!
</code></pre>
<h2><a class="header" href="#references-4" id="references-4">References</a></h2>
<ul>
<li><a href="https://www.uclibc.org/docs/psABI-x86_64.pdf">SystemV AMD64 ABI</a></li>
<li><a href="https://www.amd.com/system/files/TechDocs/24592.pdf">AMD64 Vol1: Application Programming</a></li>
<li><a href="https://www.amd.com/system/files/TechDocs/24593.pdf">AMD64 Vol2: System Programming</a></li>
<li><a href="https://www.amd.com/system/files/TechDocs/24594.pdf">AMD64 Vol3: General-Purpose & System Instructions</a></li>
<li><a href="https://cs.brown.edu/courses/cs033/docs/guides/x64_cheatsheet.pdf">X86_64 Cheat-Sheet</a></li>
<li><a href="https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-software-developers-manual-volume-1-basic-architecture.html">Intel 64 Vol1: Basic Architecture</a></li>
<li><a href="https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-2a-2b-2c-and-2d-instruction-set-reference-a-z.html">Intel 64 Vol2: Instruction Set Reference</a></li>
<li><a href="https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-3a-3b-3c-and-3d-system-programming-guide.html">Intel 64 Vol3: System Programming Guide</a></li>
<li><a href="https://sourceware.org/binutils/docs/as">GNU Assembler</a></li>
<li><a href="https://sourceware.org/binutils/docs/as/Pseudo-Ops.html#Pseudo-Ops">GNU Assembler Directives</a></li>
<li><a href="https://sourceware.org/binutils/docs/as/i386_002dDependent.html">GNU Assembler <code>x86_64</code> dependent features</a></li>
</ul>
<h1><a class="header" href="#arm64" id="arm64">arm64</a></h1>
<p>keywords: arm64, aarch64, abi</p>
<ul>
<li>64bit synonyms: <code>arm64</code>, <code>aarch64</code></li>
<li>ISA type: <code>RISC</code></li>
<li>Endianness: <code>little</code>, <code>big</code></li>
</ul>
<h2><a class="header" href="#registers-1" id="registers-1">Registers</a></h2>
<h3><a class="header" href="#general-purpose-registers" id="general-purpose-registers">General purpose registers</a></h3>
<pre><code class="language-markdown">bytes
[7:0] [3:0] desc
---------------------------------------------
x0-x28 w0-w28 general purpose registers
x29 w29 frame pointer (FP)
x30 w30 link register (LR)
sp wsp stack pointer (SP)
pc program counter (PC)
xzr wzr zero register
</code></pre>
<blockquote>
<p>Write to <code>wN</code> register clears upper 32bit.</p>
</blockquote>
<h3><a class="header" href="#special-registers-per-el" id="special-registers-per-el">Special registers per EL</a></h3>
<pre><code class="language-markdown">bytes
[7:0] desc
---------------------------------------------
sp_el0 stack pointer EL0
sp_el1 stack pointer EL1
elr_el1 exception link register EL1
spsr_el1 saved process status register EL1
sp_el2 stack pointer EL2
elr_el2 exception link register EL2
spsr_el2 saved process status register EL2
sp_el3 stack pointer EL3
elr_el3 exception link register EL3
spsr_el3 saved process status register EL3
</code></pre>
<h2><a class="header" href="#instructions-cheatsheet" id="instructions-cheatsheet">Instructions cheatsheet</a></h2>
<h3><a class="header" href="#accessing-system-registers" id="accessing-system-registers">Accessing system registers</a></h3>
<p>Reading from system registers:</p>
<pre><code class="language-armasm">mrs x0, vbar_el1 // move vbar_el1 into x0
</code></pre>
<p>Writing to system registers:</p>
<pre><code class="language-armasm">msr vbar_el1, x0 // move x0 into vbar_el1
</code></pre>
<h3><a class="header" href="#control-flow-1" id="control-flow-1">Control Flow</a></h3>
<pre><code class="language-armasm">b <offset> // relative forward/back branch
br <Xn> // absolute branch to address in register Xn
// branch & link, store return address in X30 (LR)
bl <offset> // relative forward/back branch
blr <Xn> // absolute branch to address in register Xn
ret {Xn} // return to address in X30, or Xn if supplied
</code></pre>
<h2><a class="header" href="#addressing-1" id="addressing-1">Addressing</a></h2>
<h3><a class="header" href="#offset" id="offset">Offset</a></h3>
<pre><code class="language-armasm">ldr x0, [x1] // x0 = [x1]
ldr x0, [x1, 8] // x0 = [x1 + 8]
ldr x0, [x1, x2, lsl #3] // x0 = [x1 + (x2<<3)]
ldr x0, [x1, w2, stxw] // x0 = [x1 + sign_ext(w2)]
ldr x0, [x1, w2, stxw #3] // x0 = [x1 + (sign_ext(w2)<<3)]
</code></pre>
<blockquote>
<p>Shift amount can either be <code>0</code> or <code>log2(access_size_bytes)</code>. Eg for 8byte
access it can either be <code>{0, 3}</code>.</p>
</blockquote>
<h3><a class="header" href="#index" id="index">Index</a></h3>
<pre><code class="language-armasm">ldr x0, [x1, 8]! // pre-inc : x1+=8; x0 = [x1]
ldr x0, [x1], 8 // post-inc: x0 = [x1]; x1+=8
</code></pre>
<h3><a class="header" href="#pair-access" id="pair-access">Pair access</a></h3>
<pre><code class="language-armasm">ldp x1, x2, [x0] // x1 = [x0]; x2 = [x0 + 8]
stp x1, x2, [x0] // [x0] = x1; [x0 + 8] = x2
</code></pre>
<h2><a class="header" href="#procedure-call-standard-arm64-a-hrefhttpsgithubcomarm-softwareabi-aablobmasteraapcs64aapcs64rstaapcs64a" id="procedure-call-standard-arm64-a-hrefhttpsgithubcomarm-softwareabi-aablobmasteraapcs64aapcs64rstaapcs64a">Procedure Call Standard ARM64 (<a href="https://github.com/ARM-software/abi-aa/blob/master/aapcs64/aapcs64.rst"><code>aapcs64</code></a>)</a></h2>
<h3><a class="header" href="#passing-arguments-to-functions-1" id="passing-arguments-to-functions-1">Passing arguments to functions</a></h3>
<ul>
<li>Integer/Pointer arguments
<pre><code class="language-markdown">reg arg
-----------
x0 1
.. ..
x7 8
</code></pre>
</li>
<li>Additional arguments are passed on the stack. Arguments are pushed
<code>right-to-left (RTL)</code>, meaning next arguments are closer to current <code>sp</code>.
<pre><code class="language-markdown">void take(..., int a9, int a10);
| | | ... | Hi
| +-->| a10 | |
+---------->| a9 | <-SP |
+-----+ v
| ... | Lo
</code></pre>
</li>
</ul>
<h3><a class="header" href="#return-values-from-functions-1" id="return-values-from-functions-1">Return values from functions</a></h3>
<ul>
<li>Integer/Pointer return values
<pre><code class="language-markdown">reg size
-----------------
x0 64 bit
</code></pre>
</li>
</ul>
<h3><a class="header" href="#callee-saved-registers-1" id="callee-saved-registers-1">Callee saved registers</a></h3>
<ul>
<li><code>x19</code> - <code>x28</code></li>
<li><code>SP</code></li>
</ul>
<h3><a class="header" href="#stack-1" id="stack-1">Stack</a></h3>
<ul>
<li>full descending
<ul>
<li>full: <code>sp</code> points to the last used location (valid item)</li>
<li>descending: stack grows downwards</li>
</ul>
</li>
<li><code>sp</code> must be 16byte aligned when used to access memory for r/w</li>
<li><code>sp</code> must be 16byte aligned on public interface interfaces</li>
</ul>
<h3><a class="header" href="#frame-chain" id="frame-chain">Frame chain</a></h3>
<ul>
<li>linked list of stack-frames</li>
<li>each frame links to the frame of its caller by a <code>frame record</code>
<ul>
<li>a frame record is described as a <code>(FP,LR)</code> pair</li>
</ul>
</li>
<li><code>x29 (FP)</code> must point to the frame record of the current stack-frame
<pre><code class="language-markdown"> +------+ Hi
| 0 | frame0 |
+->| 0 | |
| | ... | |
| +------+ |
| | LR | frame1 |
+--| FP |<-+ |
| ... | | |
+------+ | |
| LR | | current |
x29 ->| FP |--+ frame v
| ... | Lo
</code></pre>
</li>
<li>end of the frame chain is indicated by following frame record <code>(0,-)</code></li>
<li>location of the frame record in the stack frame is not specified</li>
</ul>
<h3><a class="header" href="#function-prologue--epilogue-1" id="function-prologue--epilogue-1">Function prologue & epilogue</a></h3>
<ul>
<li>prologue
<pre><code class="language-armasm">sub sp, sp, 16
stp x29, x30, [sp] // [sp] = x29; [sp + 8] = x30
mov x29, sp // FP points to frame record
</code></pre>
</li>
<li>epilogue
<pre><code class="language-armasm">ldp x29, x30, [sp] // x29 = [sp]; x30 = [sp + 8]
add sp, sp, 16
ret
</code></pre>
</li>
</ul>
<h2><a class="header" href="#asm-skeleton-1" id="asm-skeleton-1">ASM skeleton</a></h2>
<p>Small assembler skeleton, ready to use with following properties:</p>
<ul>
<li>use raw Linux syscalls (<code>man 2 syscall</code> for ABI)</li>
<li>no <code>C runtime (crt)</code></li>
<li>gnu assembler <a href="https://sourceware.org/binutils/docs/as"><code>gas</code></a></li>
</ul>
<pre><code class="language-armasm">// file: greet.S
#include <asm/unistd.h> // syscall NRs
.arch armv8-a
.section .text, "ax", @progbits
.balign 4 // align code on 4byte boundary
.global _start
_start:
mov x0, 2 // fd
ldr x1, =greeting // buf
ldr x2, =greeting_len // &len
ldr x2, [x2] // len
mov w8, __NR_write // write(2) syscall
svc 0
mov x0, 0 // exit code
mov w8, __NR_exit // exit(2) syscall
svc 0
.balign 8 // align data on 8byte boundary
.section .rodata, "a", @progbits
greeting:
.asciz "Hi ASM-World!\n"
greeting_len:
.int .-greeting
</code></pre>
<blockquote>
<p>man gcc: <code>file.S</code> assembler code that must be preprocessed.</p>
</blockquote>
<p>To cross-compile and run:</p>
<pre><code class="language-bash">> aarch64-linux-gnu-g++ -o greet greet.S -nostartfiles -nostdlib \
-Wl,--dynamic-linker=/usr/aarch64-linux-gnu/lib/ld-linux-aarch64.so.1 \
&& qemu-aarch64 ./greet
Hi ASM-World!
</code></pre>
<blockquote>
<p>Cross-compiling on <code>Ubuntu 20.04 (x86_64)</code>, paths might differ on other
distributions. Explicitly specifying the dynamic linker should not be
required when compiling natively on arm64.</p>
</blockquote>
<h2><a class="header" href="#references-5" id="references-5">References</a></h2>
<ul>
<li><a href="https://github.com/ARM-software/abi-aa/blob/master/aapcs64/aapcs64.rst">Procedure Call Standard ARM64</a></li>
<li><a href="https://developer.arm.com/documentation/den0024/latest">ARMv8-A Programmer's Guide</a></li>
<li><a href="https://developer.arm.com/documentation/ddi0487/latest">ARMv8-A Architecture Reference Manual</a></li>
<li><a href="https://developer.arm.com/documentation/dai0527/latest">AppNote: ARMv8 Bare-metal boot code</a></li>
<li><a href="https://sourceware.org/binutils/docs/as">GNU Assembler</a></li>
<li><a href="https://sourceware.org/binutils/docs/as/Pseudo-Ops.html#Pseudo-Ops">GNU Assembler Directives</a></li>
<li><a href="https://sourceware.org/binutils/docs/as/AArch64_002dDependent.html">GNU Assembler <code>AArch64</code> dependent features</a></li>
</ul>
<h1><a class="header" href="#armv7a" id="armv7a">armv7a</a></h1>
<p>keywords: arm, armv7, abi</p>
<ul>
<li>ISA type: <code>RISC</code></li>
<li>Endianness: <code>little</code>, <code>big</code></li>
</ul>
<h2><a class="header" href="#registers-2" id="registers-2">Registers</a></h2>
<h3><a class="header" href="#general-purpose-registers-1" id="general-purpose-registers-1">General purpose registers</a></h3>
<pre><code class="language-markdown">bytes
[3:0] alt desc
---------------------------------------------
r0-r12 general purpose registers
r11 fp
r13 sp stack pointer
r14 lr link register
r15 pc program counter
</code></pre>
<h3><a class="header" href="#special-registers" id="special-registers">Special registers</a></h3>
<pre><code class="language-markdown">bytes
[3:0] desc
---------------------------------------------
cpsr current program status register
</code></pre>
<h3><a class="header" href="#cpsr-register" id="cpsr-register">CPSR register</a></h3>
<pre><code class="language-markdown">cpsr
bits desc
-----------------------------
[31] N negative flag
[30] Z zero flag
[29] C carry flag
[28] V overflow flag
[27] Q cummulative saturation (sticky)
[9] E load/store endianness
[8] A disable asynchronous aborts
[7] I disable IRQ
[6] F disable FIQ
[5] T indicate Thumb state
[4:0] M process mode (USR, FIQ, IRQ, SVC, ABT, UND, SYS)
</code></pre>
<h2><a class="header" href="#instructions-cheatsheet-1" id="instructions-cheatsheet-1">Instructions cheatsheet</a></h2>
<h3><a class="header" href="#accessing-system-registers-1" id="accessing-system-registers-1">Accessing system registers</a></h3>
<p>Reading from system registers:</p>
<pre><code class="language-armasm">mrs r0, cpsr // move cpsr into r0
</code></pre>
<p>Writing to system registers:</p>
<pre><code class="language-armasm">msr cpsr, r0 // move r0 into cpsr
</code></pre>
<h3><a class="header" href="#control-flow-2" id="control-flow-2">Control Flow</a></h3>
<pre><code class="language-armasm">b <lable> // relative forward/back branch
bl <lable> // relative forward/back branch & link return addr in r14 (LR)
// branch & exchange (can change between ARM & Thumb instruction set)
// bit Rm[0] == 0 -> ARM
// bit Rm[0] == 1 -> Thumb
bx <Rm> // absolute branch to address in register Rm
blx <Rm> // absolute branch to address in register Rm &
// link return addr in r14 (LR)
</code></pre>
<h3><a class="header" href="#loadstore" id="loadstore">Load/Store</a></h3>
<p>Different addressing modes.</p>
<pre><code class="language-armasm">ldr r1, [r0] // r1 = [r0]
ldr r1, [r0, #4] // r1 = [r0+4]
ldr r1, [r0, #4]! // pre-inc : r0+=4; r1 = [r0]
ldr r1, [r0], #4 // post-inc: [r0] = r1; r0+=4
ldr r0, [r1, r2, lsl #3] // r0 = [r1 + (r2<<3)]
</code></pre>
<p>Load/store multiple registers full-descending.</p>
<pre><code class="language-armasm">stmfd r0!, {r1-r2, r5} // r0-=4; [r0]=r5
// r0-=4; [r0]=r2
// r0-=4; [r0]=r1
ldmfd r0!, {r1-r2, r5} // r1=[r0]; r0+=4
// r2=[r0]; r0+=4
// r5=[r0]; r0+=4
</code></pre>
<blockquote>
<p><code>!</code> is optional but has the effect to update the base pointer register <code>r0</code> here.</p>
</blockquote>
<p>Push/Pop</p>
<pre><code class="language-armasm">push {r0-r2} // effectively stmfd sp!, {r0-r2}
pop {r0-r2} // effectively ldmfd sp!, {r0-r2}
</code></pre>
<h2><a class="header" href="#procedure-call-standard-arm-a-hrefhttpsgithubcomarm-softwareabi-aablobmasteraapcs32aapcs32rstaapcs32a" id="procedure-call-standard-arm-a-hrefhttpsgithubcomarm-softwareabi-aablobmasteraapcs32aapcs32rstaapcs32a">Procedure Call Standard ARM (<a href="https://github.com/ARM-software/abi-aa/blob/master/aapcs32/aapcs32.rst"><code>aapcs32</code></a>)</a></h2>
<h3><a class="header" href="#passing-arguments-to-functions-2" id="passing-arguments-to-functions-2">Passing arguments to functions</a></h3>
<ul>
<li>integer/pointer arguments
<pre><code class="language-markdown">reg arg
-----------
r0 1
.. ..
r3 4
</code></pre>
</li>
<li>a double word (64bit) is passed in two consecutive registers (eg <code>r1+r2</code>)</li>
<li>additional arguments are passed on the stack. Arguments are pushed
<code>right-to-left (RTL)</code>, meaning next arguments are closer to current <code>sp</code>.
<pre><code class="language-markdown">void take(..., int a5, int a6);
| | | ... | Hi
| +-->| a6 | |
+---------->| a5 | <-SP |
+-----+ v
| ... | Lo
</code></pre>
</li>
</ul>
<h3><a class="header" href="#return-values-from-functions-2" id="return-values-from-functions-2">Return values from functions</a></h3>
<ul>
<li>integer/pointer return values
<pre><code class="language-markdown">reg size
-----------------
r0 32 bit
r0+r1 64 bit
</code></pre>
</li>
</ul>
<h3><a class="header" href="#callee-saved-registers-2" id="callee-saved-registers-2">Callee saved registers</a></h3>
<ul>
<li><code>r4</code> - <code>r11</code></li>
<li><code>sp</code></li>
</ul>
<h3><a class="header" href="#stack-2" id="stack-2">Stack</a></h3>
<ul>
<li>full descending
<ul>
<li>full: <code>sp</code> points to the last used location (valid item)</li>
<li>descending: stack grows downwards</li>
</ul>
</li>
<li><code>sp</code> must be 4byte aligned (word boundary) at all time</li>
<li><code>sp</code> must be 8byte aligned on public interface interfaces</li>
</ul>
<h3><a class="header" href="#frame-chain-1" id="frame-chain-1">Frame chain</a></h3>
<ul>
<li>not strictly required by each platform</li>
<li>linked list of stack-frames</li>
<li>each frame links to the frame of its caller by a <code>frame record</code>
<ul>
<li>a frame record is described as a <code>(FP,LR)</code> pair (2x32bit)</li>
</ul>
</li>
<li><code>r11 (FP)</code> must point to the frame record of the current stack-frame
<pre><code class="language-markdown"> +------+ Hi
| 0 | frame0 |
+->| 0 | |
| | ... | |
| +------+ |
| | LR | frame1 |
+--| FP |<-+ |
| ... | | |
+------+ | |
| LR | | current |
r11 ->| FP |--+ frame v
| ... | Lo
</code></pre>
</li>
<li>end of the frame chain is indicated by following frame record <code>(0,-)</code></li>
<li>location of the frame record in the stack frame is not specified</li>
<li><code>r11</code> is not updated before the new frame record is fully constructed</li>
</ul>
<h3><a class="header" href="#function-prologue--epilogue-2" id="function-prologue--epilogue-2">Function prologue & epilogue</a></h3>
<ul>
<li>prologue
<pre><code class="language-armasm">push {fp, lr}
mov fp, sp // FP points to frame record
</code></pre>
</li>
<li>epilogue
<pre><code class="language-armasm">pop {fp, pc} // pop LR directly into PC
</code></pre>
</li>
</ul>
<h2><a class="header" href="#asm-skeleton-2" id="asm-skeleton-2">ASM skeleton</a></h2>
<p>Small assembler skeleton, ready to use with following properties:</p>
<ul>
<li>use raw Linux syscalls (<code>man 2 syscall</code> for ABI)</li>
<li>no <code>C runtime (crt)</code></li>
<li>gnu assembler <a href="https://sourceware.org/binutils/docs/as"><code>gas</code></a></li>
</ul>
<pre><code class="language-armasm">// file: greet.S
#include <asm/unistd.h> // syscall NRs
.arch armv7-a
.section .text, "ax"
.balign 4
// Emit `arm` instructions, same as `.arm` directive.
.code 32
.global _start
_start:
// Branch with link and exchange instruction set.
blx _do_greet
mov r0, #0 // exit code
mov r7, #__NR_exit // exit(2) syscall
swi 0x0
// Emit `thumb` instructions, same as `.thumb` directive.
.code 16
.thumb_func
_do_greet:
mov r0, #2 // fd
ldr r1, =greeting // buf
ldr r2, =greeting_len // &len
ldr r2, [r2] // len
mov r7, #__NR_write // write(2) syscall
swi 0x0
// Branch and exchange instruction set.
bx lr
.balign 8 // align data on 8byte boundary
.section .rodata, "a"
greeting:
.asciz "Hi ASM-World!\n"
greeting_len:
.int .-greeting
</code></pre>
<blockquote>
<p>man gcc: <code>file.S</code> assembler code that must be preprocessed.</p>
</blockquote>
<p>To cross-compile and run:</p>
<pre><code class="language-bash">> arm-linux-gnueabi-gcc -o greet greet.S -nostartfiles -nostdlib \
-Wl,--dynamic-linker=/usr/arm-linux-gnueabi/lib/ld-linux.so.3 \
&& qemu-arm ./greet
Hi ASM-World!
</code></pre>
<blockquote>
<p>Cross-compiling on <code>Ubuntu 20.04 (x86_64)</code>, paths might differ on other
distributions. Explicitly specifying the dynamic linker should not be
required when compiling natively on arm.</p>
</blockquote>
<h2><a class="header" href="#references-6" id="references-6">References</a></h2>
<ul>
<li><a href="https://github.com/ARM-software/abi-aa/blob/master/aapcs32/aapcs32.rst">Procedure Call Standard ARM</a></li>
<li><a href="https://developer.arm.com/documentation/den0013/latest">ARMv7-A Programmer's Guide</a></li>
<li><a href="https://developer.arm.com/documentation/ddi0406/latest">ARMv7-A Architecture Reference Manual</a></li>
<li><a href="https://sourceware.org/binutils/docs/as">GNU Assembler</a></li>
<li><a href="https://sourceware.org/binutils/docs/as/Pseudo-Ops.html#Pseudo-Ops">GNU Assembler Directives</a></li>
<li><a href="https://sourceware.org/binutils/docs/as/ARM_002dDependent.html">GNU Assembler <code>ARM</code> dependent features</a></li>
</ul>
<h1><a class="header" href="#riscv" id="riscv">riscv</a></h1>
<p>keywords: rv32, rv64</p>
<ul>
<li>ISA type: <code>RISC</code></li>
<li>Endianness: <code>little</code>, <code>big</code></li>
</ul>
<h2><a class="header" href="#registers-3" id="registers-3">Registers</a></h2>
<ul>
<li>riscv32 => <code>XLEN=32</code></li>
<li>riscv64 => <code>XLEN=64</code></li>
</ul>
<h3><a class="header" href="#general-purpose-registers-2" id="general-purpose-registers-2">General purpose registers</a></h3>
<pre><code class="language-markdown">[XLEN-1:0] abi name desc
---------------------------------------------
x0 zero zero register
x1 ra return addr
x2 sp stack ptr
x3 gp global ptr
x4 tp thread ptr
x5-x7 t0-t2 temp regs
x8-x9 s0-s1 saved regs
x10-x17 a0-a7 arg regs
x18-x27 s2-s11 saved regs
x28-x31 t3-t6 temp regs
</code></pre>
<h2><a class="header" href="#asm-skeleton-3" id="asm-skeleton-3">ASM skeleton</a></h2>
<p>Small assembler skeleton, ready to use with following properties:</p>
<ul>
<li>use raw Linux syscalls (<code>man 2 syscall</code> for ABI)</li>
<li>no <code>C runtime (crt)</code></li>
<li>gnu assembler <a href="https://sourceware.org/binutils/docs/as"><code>gas</code></a></li>
</ul>
<pre><code class="language-mipsasm">// file: greet.S
#include <asm/unistd.h> // syscall NRs
.section .text, "ax", @progbits
.balign 4 // align code on 4byte boundary
.global _start
_start:
li a0, 2 // fd
la a1, greeting // buf
ld a2, (greeting_len) // &len
li a7, __NR_write // write(2) syscall
ecall
li a0, 42 // exit code
li a7, __NR_exit // exit(2) syscall
ecall
.balign 8 // align data on 8byte boundary
.section .rodata, "a", @progbits
greeting:
.asciz "Hi ASM-World!\n"
greeting_len:
.int .-greeting
</code></pre>
<blockquote>
<p>man gcc: <code>file.S</code> assembler code that must be preprocessed.</p>
</blockquote>
<p>To cross-compile and run:</p>
<pre><code class="language-bash">> riscv64-linux-gnu-gcc -o greet greet.S -nostartfiles -nostdlib \
-Wl,--dynamic-linker=/usr/riscv64-linux-gnu/lib/ld-linux-riscv64-lp64d.so.1 \
&& qemu-riscv64 ./greet
Hi ASM-World!
</code></pre>
<blockquote>
<p>Cross-compiling on <code>Ubuntu 20.04 (x86_64)</code>, paths might differ on other
distributions. Explicitly specifying the dynamic linker should not be
required when compiling natively on riscv.</p>
<p>Select dynamic linker according to abi used during compile & link.</p>
</blockquote>
<h2><a class="header" href="#references-7" id="references-7">References</a></h2>
<ul>
<li><a href="https://sourceware.org/binutils/docs/as">GNU Assembler</a></li>
<li><a href="https://sourceware.org/binutils/docs/as/Pseudo-Ops.html#Pseudo-Ops">GNU Assembler Directives</a></li>
</ul>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
</nav>
</div>
<script type="text/javascript">
window.playpen_copyable = true;
</script>
<script src="elasticlunr.min.js" type="text/javascript" charset="utf-8"></script>
<script src="mark.min.js" type="text/javascript" charset="utf-8"></script>
<script src="searcher.js" type="text/javascript" charset="utf-8"></script>
<script src="clipboard.min.js" type="text/javascript" charset="utf-8"></script>
<script src="highlight.js" type="text/javascript" charset="utf-8"></script>
<script src="book.js" type="text/javascript" charset="utf-8"></script>
<!-- Custom JS scripts -->
<script type="text/javascript">
window.addEventListener('load', function() {
window.setTimeout(window.print, 100);
});
</script>
</body>
</html>