From fef4d6ff2ad9f48e6dccde0f061453e6a3ac624e Mon Sep 17 00:00:00 2001 From: johannst Date: Sun, 19 Apr 2020 22:13:44 +0200 Subject: added new hierarchy --- src/SUMMARY.md | 66 ++++++++++------- src/awk.md | 126 ------------------------------- src/bash.md | 169 ------------------------------------------ src/binary/README.md | 1 + src/binary/nm.md | 7 ++ src/binary/objdump.md | 18 +++++ src/binary/od.md | 49 ++++++++++++ src/binary/readelf.md | 13 ++++ src/binary/xxd.md | 36 +++++++++ src/c++.md | 12 --- src/c++filt.md | 12 --- src/development/README.md | 1 + src/development/c++.md | 12 +++ src/development/c++filt.md | 12 +++ src/development/gcc.md | 58 +++++++++++++++ src/development/glibc.md | 47 ++++++++++++ src/development/ld.so.md | 130 ++++++++++++++++++++++++++++++++ src/emacs.md | 86 --------------------- src/fish.md | 16 ---- src/gcc.md | 58 --------------- src/gdb.md | 162 ---------------------------------------- src/git.md | 129 -------------------------------- src/glibc.md | 47 ------------ src/ld.so.md | 130 -------------------------------- src/lsof.md | 40 ---------- src/misc/README.md | 0 src/misc/awk.md | 126 +++++++++++++++++++++++++++++++ src/misc/bash.md | 169 ++++++++++++++++++++++++++++++++++++++++++ src/misc/emacs.md | 86 +++++++++++++++++++++ src/misc/fish.md | 16 ++++ src/misc/gdb.md | 162 ++++++++++++++++++++++++++++++++++++++++ src/misc/git.md | 129 ++++++++++++++++++++++++++++++++ src/misc/radare2.md | 27 +++++++ src/misc/tmux.md | 110 +++++++++++++++++++++++++++ src/misc/zsh.md | 125 +++++++++++++++++++++++++++++++ src/monitor/README.md | 1 + src/monitor/lsof.md | 40 ++++++++++ src/monitor/pgrep.md | 15 ++++ src/monitor/pidstat.md | 31 ++++++++ src/monitor/pmap.md | 7 ++ src/monitor/pstack.md | 6 ++ src/nm.md | 7 -- src/objdump.md | 18 ----- src/od.md | 49 ------------ src/oprofile.md | 14 ---- src/perf.md | 56 -------------- src/pgrep.md | 15 ---- src/pidstat.md | 31 -------- src/pmap.md | 7 -- src/pstack.md | 6 -- src/radare2.md | 27 ------- src/readelf.md | 13 ---- src/strace.md | 32 -------- src/time.md | 6 -- src/tmux.md | 110 --------------------------- src/trace_profile/README.md | 1 + src/trace_profile/ltrace.md | 17 +++++ src/trace_profile/oprofile.md | 14 ++++ src/trace_profile/perf.md | 56 ++++++++++++++ src/trace_profile/strace.md | 32 ++++++++ src/trace_profile/time.md | 6 ++ src/xxd.md | 36 --------- src/zsh.md | 125 ------------------------------- 63 files changed, 1599 insertions(+), 1566 deletions(-) delete mode 100644 src/awk.md delete mode 100644 src/bash.md create mode 100644 src/binary/README.md create mode 100644 src/binary/nm.md create mode 100644 src/binary/objdump.md create mode 100644 src/binary/od.md create mode 100644 src/binary/readelf.md create mode 100644 src/binary/xxd.md delete mode 100644 src/c++.md delete mode 100644 src/c++filt.md create mode 100644 src/development/README.md create mode 100644 src/development/c++.md create mode 100644 src/development/c++filt.md create mode 100644 src/development/gcc.md create mode 100644 src/development/glibc.md create mode 100644 src/development/ld.so.md delete mode 100644 src/emacs.md delete mode 100644 src/fish.md delete mode 100644 src/gcc.md delete mode 100644 src/gdb.md delete mode 100644 src/git.md delete mode 100644 src/glibc.md delete mode 100644 src/ld.so.md delete mode 100644 src/lsof.md create mode 100644 src/misc/README.md create mode 100644 src/misc/awk.md create mode 100644 src/misc/bash.md create mode 100644 src/misc/emacs.md create mode 100644 src/misc/fish.md create mode 100644 src/misc/gdb.md create mode 100644 src/misc/git.md create mode 100644 src/misc/radare2.md create mode 100644 src/misc/tmux.md create mode 100644 src/misc/zsh.md create mode 100644 src/monitor/README.md create mode 100644 src/monitor/lsof.md create mode 100644 src/monitor/pgrep.md create mode 100644 src/monitor/pidstat.md create mode 100644 src/monitor/pmap.md create mode 100644 src/monitor/pstack.md delete mode 100644 src/nm.md delete mode 100644 src/objdump.md delete mode 100644 src/od.md delete mode 100644 src/oprofile.md delete mode 100644 src/perf.md delete mode 100644 src/pgrep.md delete mode 100644 src/pidstat.md delete mode 100644 src/pmap.md delete mode 100644 src/pstack.md delete mode 100644 src/radare2.md delete mode 100644 src/readelf.md delete mode 100644 src/strace.md delete mode 100644 src/time.md delete mode 100644 src/tmux.md create mode 100644 src/trace_profile/README.md create mode 100644 src/trace_profile/ltrace.md create mode 100644 src/trace_profile/oprofile.md create mode 100644 src/trace_profile/perf.md create mode 100644 src/trace_profile/strace.md create mode 100644 src/trace_profile/time.md delete mode 100644 src/xxd.md delete mode 100644 src/zsh.md diff --git a/src/SUMMARY.md b/src/SUMMARY.md index b01baac..6f6b8f2 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -1,29 +1,41 @@ # Summary -- [ld.so](./ld.so.md) -- [git](./git.md) -- [bash](./bash.md) -- [zsh](./zsh.md) -- [tmux](./tmux.md) -- [awk](./awk.md) -- [gdb](./gdb.md) -- [radare2](./radare2.md) -- [emacs](./emacs.md) -- [fish](./fish.md) -- [strace](./strace.md) -- [lsof](./lsof.md) -- [pidstat](./pidstat.md) -- [time](./time.md) -- [pgrep](./pgrep.md) -- [pstack](./pstack.md) -- [perf](./perf.md) -- [OProfile](./oprofile.md) -- [od](./od.md) -- [xxd](./xxd.md) -- [readelf](./readelf.md) -- [objdump](./objdump.md) -- [nm](./nm.md) -- [c++filt](./c++filt.md) -- [c++](./c++.md) -- [glibc](./glibc.md) -- [gcc](./gcc.md) +# Misc +- [Misc](./misc/README.md) + - [zsh](./misc/zsh.md) + - [bash](./misc/bash.md) + - [fish](./misc/fish.md) + - [tmux](./misc/tmux.md) + - [git](./misc/git.md) + - [awk](./misc/awk.md) + - [emacs](./misc/emacs.md) + - [gdb](./misc/gdb.md) + - [radare2](./misc/radare2.md) + +- [Resource analysis & monitor](./monitor/README.md) + - [lsof](./monitor/lsof.md) + - [pidstat](./monitor/pidstat.md) + - [pgrep](./monitor/pgrep.md) + - [pmap](./monitor/pmap.md) + - [pstack](./monitor/pstack.md) + +- [Trace and Profile](./trace_profile/README.md) + - [strace](./trace_profile/strace.md) + - [ltrace](./trace_profile/ltrace.md) + - [perf](./trace_profile/perf.md) + - [OProfile](./trace_profile/oprofile.md) + - [time](./trace_profile/time.md) + +- [Binary](./binary/README.md) + - [od](./binary/od.md) + - [xxd](./binary/xxd.md) + - [readelf](./binary/readelf.md) + - [objdump](./binary/objdump.md) + - [nm](./binary/nm.md) + +- [Development](./development/README.md) + - [c++filt](./development/c++filt.md) + - [c++](./development/c++.md) + - [glibc](./development/glibc.md) + - [gcc](./development/gcc.md) + - [ld.so](./development/ld.so.md) diff --git a/src/awk.md b/src/awk.md deleted file mode 100644 index 38b0cb1..0000000 --- a/src/awk.md +++ /dev/null @@ -1,126 +0,0 @@ -# awk(1) - -```markdown -awk [opt] program [input] - -F field separator string (can be regex) - program awk program - input file or stdin if not file given -``` - -## Input processing - -Input is processed in two stages: -1. Splitting input into a sequence of `records`. - By default split at `newline` character, but can be changed via the - builtin `RS` variable. -2. Splitting a `record` into `fields`. By default strings without `whitespace`, - but can be changed via the builtin variable `FS` or command line option - `-F`. - -Fields are accessed as follows: -- `$0` whole `record` -- `$1` field one -- `$2` field two -- ... - -## Program - -An `awk` program is composed of pairs of the form: -```markdown -pattern { action } -``` -The program is run against each `record` in the input stream. If a `pattern` -matches a `record` the corresponding `action` is executed and can access the -`fields`. - -```markdown -INPUT - | - v -record ----> ∀ pattern matched - | | - v v -fields ----> run associated action -``` - -Any valid awk `expr` can be a `pattern`. - -### Special pattern - -awk provides two special patterns, `BEGIN` and `END`, which can be used -multiple times. Actions with those patterns are **executed exactly once**. -- `BEGIN` actions are run before processing the first record -- `END` actions are run after processing the last record - -### Special variables - -- `RS` _record separator_: first char is the record separator, by default - -- `FS` _field separator_: regex to split records into fields, by default - -- `NR` _number record_: number of current record - -### Special statements & functions - -- `printf "fmt", args...` - - Print format string, args are comma separated. - - `%s` string - - `%d` decimal - - `%x` hex - - `%f` float - - Width can be specified as `%Ns`, this reserves `N` chars for a string. - For floats one can use `%N.Mf`, `N` is the total number including `.` and - `M`. - -- `strftime("fmt")` - - Print time stamp formatted by `fmt`. - - `%Y` full year (eg 2020) - - `%m` month (01-12) - - `%d` day (01-31) - - `%F` alias for `%Y-%m-%d` - - `%H` hour (00-23) - - `%M` minute (00-59) - - `%S` second (00-59) - - `%T` alias for `%H:%M:%S` - - -## Examples - -### Filter records -```bash -awk 'NR%2 == 0 { print $0 }' -``` -The pattern `NR%2 == 0` matches every second record and the action `{ print $0 }` -prints the whole record. - -### Capture in variables -```bash -# /proc//status -# Name: cat -# ... -# VmRSS: 516 kB -# ... - -for f in /proc/*/status; do - cat $f | awk ' - /^VmRSS/ { rss = $2/1024 } - /^Name/ { name = $2 } - END { printf "%16s %6d MB\n", name, rss }'; -done | sort -k2 -n -``` -We capture values from `VmRSS` and `Name` into variables and print them at the -`END` once processing all records is done. - -### Run shell command and capture output -```bash -cat /proc/1/status | awk ' - /^Pid/ { - "ps --no-header -o user " $2 | getline user; - print user - }' -``` -We build a `ps` command line and capture the first line of the processes output -in the `user` variable and then print it. diff --git a/src/bash.md b/src/bash.md deleted file mode 100644 index a4df7da..0000000 --- a/src/bash.md +++ /dev/null @@ -1,169 +0,0 @@ -# bash(1) - -## Expansion - -### Generator - -```bash -# generate sequence from n to m -{n..m} -# generate sequence from n to m step by s -{n..m..s} - -# expand cartesian product -{a,b}{c,d} -``` - -### Parameter -```bash -# default param -bar=${foo:-some_val} # if $foo set, then bar=$foo else bar=some_val - -# check param set -bar=${foo:?msg} # if $foo set, then bar=$foo else exit and print msg - -# indirect -FOO=foo -BAR=FOO -bar=${!BAR} # deref value of BAR -> bar=$FOO - -# prefix -${foo#prefix} # remove prefix when expanding $foo -# suffix -${foo%suffix} # remove suffix when expanding $foo - -# substitute -${foo/pattern/string} # replace pattern with string when expanding foo -# pattern starts with -# '/' replace all occurences of pattern -# '#' pattern match at beginning -# '%' pattern match at end -``` - -> Note: `prefix`/`suffix`/`pattern` are expanded as [pathnames](#pathname). - -### Pathname - -```bash -* match any string -? match any single char -\\ match backslash -[abc] match any char of 'a' 'b' 'c' -[a-z] match any char between 'a' - 'z' -[^ab] negate, match all not 'a' 'b' -[:class:] match any char in class, available: - alnum,alpha,ascii,blank,cntrl,digit,graph,lower, - print,punct,space,upper,word,xdigit -``` - -Wit `extglob` shell option enabled it is possible to have more powerful -patterns. In the following `pattern-list` is one ore more patterns separated -by `|` char. - -```bash -?(pattern-list) matches zero or one occurrence of the given patterns -*(pattern-list) matches zero or more occurrences of the given patterns -+(pattern-list) matches one or more occurrences of the given patterns -@(pattern-list) matches one of the given patterns -!(pattern-list) matches anything except one of the given patterns -``` -> Note: `shopt -s extglob`/`shopt -u extglob` to enable/disable `extglob` -> option. - -## I/O redirection - -> Note: The trick with bash I/O redirection is to interpret from left-to-right. - -```bash -# stdout & stderr to file -command >file 2>&1 -# equivalent -command &>file - -# stderr to stdout & stdout to file -command 2>&1 >file -``` - -### Explanation - -```bash -j>&i -``` -Duplicate `fd i` to `fd j`, making `j` a copy of `i`. See [dup2(2)][dup2]. - -Example: -```bash -command 2>&1 >file -``` -1. duplicate `fd 1` to `fd 2`, effectively redirecting `stderr` to `stdout` -2. redirect `stdout` to `file` - -## Completion - -The `complete` builtin is used to interact with the completion system. -```bash -complete # print currently installed completion handler -complete -F # install as completion handler for -complete -r # uninstall completion handler for -``` - -Variables available in completion functions: -```bash -# in -$1 # -$2 # current word -$3 # privous word - -COMP_WORDS # array with current command line words -COMP_CWORD # index into COMP_WORDS with current cursor position - -# out -COMPREPLY # array with possible completions -``` - -The `compgen` builtin is used to generate possible matches by comparing `word` -against words generated by `option`. -```bash -compgen [option] [word] - -# usefule options: -# -W specify list of possible completions -# -d generate list with dirs -# -f generate list with files -# -u generate list with users -# -e generate list with exported variables - -# compare "f" against words "foo" "foobar" "bar" and generate matches -compgen -W "foo foobar bar" "f" - -# compare "hom" against file/dir names and generate matches -compgen -d -f "hom" -``` - -### Example -Skeleton to copy/paste for writing simple completions. - -Assume a program `foo` with the following interface: -```bash -foo -c green|red|blue -s low|high -f -h -``` - -The completion handler could be implemented as follows: -```bash -function _foo() { - local curr=$2 - local prev=$3 - - local opts="-c -s -f -h" - case $prev in - -c) COMPREPLY=( $(compgen -W "green red blue" -- $curr) );; - -s) COMPREPLY=( $(compgen -W "low high" -- $curr) );; - -f) COMPREPLY=( $(compgen -f -- $curr) );; - *) COMPREPLY=( $(compgen -W "$opts" -- $curr) );; - esac -} - -complete -F _foo foo -``` - -[dup2]: http://man7.org/linux/man-pages/man2/dup.2.html diff --git a/src/binary/README.md b/src/binary/README.md new file mode 100644 index 0000000..b75e0e2 --- /dev/null +++ b/src/binary/README.md @@ -0,0 +1 @@ +# Binary diff --git a/src/binary/nm.md b/src/binary/nm.md new file mode 100644 index 0000000..6e6fd1a --- /dev/null +++ b/src/binary/nm.md @@ -0,0 +1,7 @@ +# nm(1) + +```markdown + nm [opts] + -C demangle + -u undefined only +``` diff --git a/src/binary/objdump.md b/src/binary/objdump.md new file mode 100644 index 0000000..636db3f --- /dev/null +++ b/src/binary/objdump.md @@ -0,0 +1,18 @@ +# objdump(1) + +```markdown + objdump [opts] + -M intel use intil syntax + -d disassemble text section + -D disassemble all sections + -S mix disassembly with source code + -C demangle + -j
display info for section + --[no-]show-raw-insn [dont] show object code next to disassembly +``` + +## Disassemble section +For example `.plt` section: +```markdown + objdump -j .plt -d +``` diff --git a/src/binary/od.md b/src/binary/od.md new file mode 100644 index 0000000..47f567a --- /dev/null +++ b/src/binary/od.md @@ -0,0 +1,49 @@ +# od(1) + +```markdown + od [opts] + -An don't print addr info + -tx4 print hex in 4 byte chunks + -ta print as named character + -tc printable chars or backslash escape + -w4 print 4 bytes per line + -j skip bytes from (hex if start with 0x) + -N dump bytes (hex of start with 0x) +``` + +## ASCII to hex string +```markdown + echo -n AAAABBBB | od -An -w4 -tx4 + >> 41414141 + >> 42424242 + + echo -n '\x7fELF\n' | od -tx1 -ta -tc + >> 0000000 7f 45 4c 46 0a # tx1 + >> del E L F nl # ta + >> 177 E L F \n # tc +``` + +## Extract parts of file +For example `.rodata` section from an elf file. We can use `readelf` to get the +offset into the file where the `.rodata` section starts. +```markdown + readelf -W -S foo + >> Section Headers: + >> [Nr] Name Type Address Off Size ES Flg Lk Inf Al + >> ... + >> [15] .rodata PROGBITS 00000000004009c0 0009c0 000030 00 A 0 0 16 +``` + +With the offset of `-j 0x0009c0` we can dump `-N 0x30` bytes from the beginning of +the `.rodata` section as follows: +```markdown + od -j 0x0009c0 -N 0x30 -tx4 -w4 foo + >> 0004700 00020001 + >> 0004704 00000000 + >> * + >> 0004740 00000001 + >> 0004744 00000002 + >> 0004750 00000003 + >> 0004754 00000004 +``` +**Note**: Numbers starting with `0x` will be interpreted as hex by `od`. diff --git a/src/binary/readelf.md b/src/binary/readelf.md new file mode 100644 index 0000000..d359a84 --- /dev/null +++ b/src/binary/readelf.md @@ -0,0 +1,13 @@ +# readelf(1) + +```markdown + readelf [opts] + -W|--wide wide output, dont break output at 80 chars + -h print ELF header + -S print section headers + -l print program headers + segment mapping + -d print .dynamic section (dynamic link information) + --syms print symbol tables (.symtab .dynsym) + --dyn-syms print dynamic symbol table (exported symbols for dynamic linker) + -r print relocation sections (.rel.*, .rela.*) +``` diff --git a/src/binary/xxd.md b/src/binary/xxd.md new file mode 100644 index 0000000..cd76f14 --- /dev/null +++ b/src/binary/xxd.md @@ -0,0 +1,36 @@ +# xxd(1) + +```markdown + xxd [opts] + -p dump continuous hexdump + -r convert hexdump into binary ('revert') + -e dump as little endian mode + -i output as C array +``` + +## ASCII to hex stream +```markdown + echo -n 'aabb' | xxd -p + >> 61616262 +``` + +## Hex to binary stream +```markdown + echo -n '61616262' | xxd -p -r + >> aabb +``` + +## ASCII to binary +```markdown + echo -n '\x7fELF' | xxd -p | xxd -p -r | file -p - + >> ELF +``` + +## ASCII to `C` array (hex encoded) +```markdown + xxd -i <(echo -n '\x7fELF') + >> unsigned char _proc_self_fd_11[] = { + >> 0x7f, 0x45, 0x4c, 0x46 + >> }; + >> unsigned int _proc_self_fd_11_len = 4; +``` diff --git a/src/c++.md b/src/c++.md deleted file mode 100644 index d9fbbda..0000000 --- a/src/c++.md +++ /dev/null @@ -1,12 +0,0 @@ -# c++ - -## Type deduction - -Force compile error to see what `auto` is deduced to. -```cpp -auto foo = bar(); - -// force compile error -typename decltype(foo)::_; -``` - diff --git a/src/c++filt.md b/src/c++filt.md deleted file mode 100644 index 2592ba9..0000000 --- a/src/c++filt.md +++ /dev/null @@ -1,12 +0,0 @@ -# c++filt(1) - -## Demangle symbol -```markdown - c++-filt -``` - -## Demangle stream -For example dynamic symbol table: -```markdown - readelf -W --dyn-syms | c++filt -``` diff --git a/src/development/README.md b/src/development/README.md new file mode 100644 index 0000000..459110d --- /dev/null +++ b/src/development/README.md @@ -0,0 +1 @@ +# Development diff --git a/src/development/c++.md b/src/development/c++.md new file mode 100644 index 0000000..d9fbbda --- /dev/null +++ b/src/development/c++.md @@ -0,0 +1,12 @@ +# c++ + +## Type deduction + +Force compile error to see what `auto` is deduced to. +```cpp +auto foo = bar(); + +// force compile error +typename decltype(foo)::_; +``` + diff --git a/src/development/c++filt.md b/src/development/c++filt.md new file mode 100644 index 0000000..2592ba9 --- /dev/null +++ b/src/development/c++filt.md @@ -0,0 +1,12 @@ +# c++filt(1) + +## Demangle symbol +```markdown + c++-filt +``` + +## Demangle stream +For example dynamic symbol table: +```markdown + readelf -W --dyn-syms | c++filt +``` diff --git a/src/development/gcc.md b/src/development/gcc.md new file mode 100644 index 0000000..1381242 --- /dev/null +++ b/src/development/gcc.md @@ -0,0 +1,58 @@ +# gcc(1) + +## CLI + +### Preprocessing +While debugging can be helpful to just pre-process files. + +```bash +gcc -E [-dM] ... +``` +- `-E` run only preprocessor +- `-dM` list only `#define` statements + +## [Builtins][builtins] + +### `__builtin_expect(expr, cond)` +Give the compiler a hint which branch is hot, so it can lay out the code +accordingly to reduce number of jump instructions. +See on [compiler explorer](https://godbolt.org/z/MbTHAP). + +```bash +echo " +extern void foo(); +extern void bar(); +void run0(int x) { + if (__builtin_expect(x,0)) { foo(); } + else { bar(); } +} +void run1(int x) { + if (__builtin_expect(x,1)) { foo(); } + else { bar(); } +} +" | gcc -O2 -S -masm=intel -o /dev/stdout -xc - +``` + +Will generate something similar to the following. +- `run0`: `bar` is on the path without branch +- `run1`: `foo` is on the path without branch +```c +run0: + test edi, edi + jne .L4 + xor eax, eax + jmp bar +.L4: + xor eax, eax + jmp foo +run1: + test edi, edi + je .L6 + xor eax, eax + jmp foo +.L6: + xor eax, eax + jmp bar +``` + +[builtins]: https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html diff --git a/src/development/glibc.md b/src/development/glibc.md new file mode 100644 index 0000000..2b2ab34 --- /dev/null +++ b/src/development/glibc.md @@ -0,0 +1,47 @@ +# glibc + +## malloc tracer [`mtrace(3)`][mtrace] +Trace memory allocation and de-allocation to detect memory leaks. +Need to call `mtrace(3)` to install the tracing hooks. + +If we can't modify the binary to call `mtrace` we can create a small shared +library and pre-load it. +```c +// libmtrace.c +#include +__attribute__((constructor)) static void init_mtrace() { mtrace(); } +``` + +Compile as: +```bash +gcc -shared -fPIC -o libmtrace.so libmtrace.c +``` + +To generate the trace file run: +```bash +export MALLOC_TRACE= +LD_PRELOAD=./libmtrace.so +``` +**Note**: If `MALLOC_TRACE` is not set `mtrace` won't install tracing hooks. + +To get the results of the trace file: +```bash +mtrace $MALLOC_TRACE +``` + +## malloc check [`mallopt(3)`][mallopt] +Configure action when glibc detects memory error. + +```bash +export MALLOC_CHECK_= +``` + +Useful values: +```markdown +1 print detailed error & continue +3 print detailed error + stack trace + memory mappings & abort +7 print simple error message + stack trace + memory mappings & abort +``` + +[mtrace]: http://man7.org/linux/man-pages/man3/mtrace.3.html +[mallopt]: http://man7.org/linux/man-pages/man3/mallopt.3.html diff --git a/src/development/ld.so.md b/src/development/ld.so.md new file mode 100644 index 0000000..311d1be --- /dev/null +++ b/src/development/ld.so.md @@ -0,0 +1,130 @@ +# ld.so(8) + +## Environment Variables +```console + LD_PRELOAD= colon separated list of libso's to be pre loaded + LD_DEBUG= comma separated list of debug options + =help list available options + =libs show library search path + =files processing of input files + =symbols show search path for symbol lookup + =bindings show against which definition a symbol is bound +``` + +## LD_PRELOAD: Initialization Order and Link Map +Libraries specified in `LD_PRELOAD` are loaded from `left-to-right` but +initialized from `right-to-left`. + +```markdown + > ldd ./main + >> libc.so.6 => /usr/lib/libc.so.6 + + > LD_PRELOAD=liba.so:libb.so ./main + --> + preloaded in this order + <-- + initialized in this order +``` + +The preload order determines: +- the order libraries are inserted into the `link map` +- the initialization order for libraries + +For the example listed above the resulting `link map` will look like the +following: + +```makrdown + +------+ +------+ +------+ +------+ + | main | -> | liba | -> | libb | -> | libc | + +------+ +------+ +------+ +------+ +``` + +This can be seen when running with `LD_DEBUG=files`: + +```makrdown + > LD_DEBUG=files LD_PRELOAD=liba.so:libb.so ./main + # load order (-> determines link map) + >> file=liba.so [0]; generating link map + >> file=libb.so [0]; generating link map + >> file=libc.so.6 [0]; generating link map + + # init order + >> calling init: /usr/lib/libc.so.6 + >> calling init: /libb.so + >> calling init: /liba.so + >> initialize program: ./main +``` + +To verify the `link map` order we let `ld.so` resolve the `memcpy(3)` libc +symbol (used in _main_) dynamically, while enabling `LD_DEBUG=symbols,bindings` +to see the resolving in action. + +```makrdown + > LD_DEBUG=symbols,bindings LD_PRELOAD=liba.so:libb.so ./main + >> symbol=memcpy; lookup in file=./main [0] + >> symbol=memcpy; lookup in file=/liba.so [0] + >> symbol=memcpy; lookup in file=/libb.so [0] + >> symbol=memcpy; lookup in file=/usr/lib/libc.so.6 [0] + >> binding file ./main [0] to /usr/lib/libc.so.6 [0]: normal symbol `memcpy' [GLIBC_2.14] +``` + +## Dynamic Linking (x86_64) +Dynamic linking basically works via one indirect jump. It uses a combination of +function trampolines (`.plt` section) and a function pointer table (`.got.plt` +section). +On the first call the trampoline sets up some metadata and then jumps to the +`ld.so` runtime resolve function, which in turn patches the table with the +correct function pointer. +```makrdown + .plt ....... procedure linkage table, contains function trampolines, usually + located in code segment (rx permission) + .got.plt ... global offset table for .plt, holds the function pointer table +``` + +Using `radare2` we can analyze this in more detail: + +```makrdown + [0x00401040]> pd 4 @ section..got.plt + ;-- section..got.plt: + ;-- .got.plt: ; [22] -rw- section size 32 named .got.plt + ;-- _GLOBAL_OFFSET_TABLE_: + [0] 0x00404000 .qword 0x0000000000403e10 ; section..dynamic + [1] 0x00404008 .qword 0x0000000000000000 + ; CODE XREF from section..plt @ +0x6 + [2] 0x00404010 .qword 0x0000000000000000 + ;-- reloc.puts: + ; CODE XREF from sym.imp.puts @ 0x401030 + [3] 0x00404018 .qword 0x0000000000401036 ; RELOC 64 puts + + [0x00401040]> pd 6 @ section..plt + ;-- section..plt: + ;-- .plt: ; [12] -r-x section size 32 named .plt + ┌─> 0x00401020 ff35e22f0000 push qword [0x00404008] + ╎ 0x00401026 ff25e42f0000 jmp qword [0x00404010] + ╎ 0x0040102c 0f1f4000 nop dword [rax] + ┌ 6: int sym.imp.puts (const char *s); + └ ╎ 0x00401030 ff25e22f0000 jmp qword [reloc.puts] + ╎ 0x00401036 6800000000 push 0 + └─< 0x0040103b e9e0ffffff jmp sym..plt +``` + +- At address `0x00401030` in the `.plt` section we see the indirect jump for + `puts` using the function pointer in `_GLOBAL_OFFSET_TABLE_[3] (GOT)`. +- `GOT[3]` initially points to instruction after the `puts` trampoline + `0x00401036`. +- This pushes the relocation index `0` and then jumps to the first trampoline + `0x00401020`. +- The first trampoline jumps to `GOT[2]` which will be filled at program + startup by the `ld.so` with its resolve function. +- The `ld.so` resolve function fixes the relocation referenced by the + relocation index pushed by the `puts` trampoline. +- The relocation entry at index `0` tells the resolve function which symbol to + search for and where to put the function pointer: + ```makrdown + > readelf -r
+ >> Relocation section '.rela.plt' at offset 0x4b8 contains 1 entry: + >> Offset Info Type Sym. Value Sym. Name + Addend + >> 000000404018 000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0 + ``` + As we can see the offset from relocation at index `0` points to `GOT[3]`. + diff --git a/src/emacs.md b/src/emacs.md deleted file mode 100644 index b288fb1..0000000 --- a/src/emacs.md +++ /dev/null @@ -1,86 +0,0 @@ -# emacs(1) - -## help -```markdown - C-h ? list available help modes - C-h f describe function - C-h v describe variable - C-h c print command bound to - C-h k describe command bound to - C-h b list buffer local key-bindings - C-h list possible key-bindings with - eg C-x C-h -> list key-bindings beginning with C-x -``` - -## package manager -```markdown - package-refresh-contents refresh package list - package-list-packages list available/installed packages -``` - -## window -```markdown - C-x 0 kill focused window - C-x 1 kill all other windows - C-x 2 split horizontal - C-x 3 split vertical -``` - -## yank/paste -```markdown - C- set start mark to select text - M-w copy selected text - C-w kill selected text - C-y paste selected text - M-y cycle through kill-ring -``` - -## block/rect -```markdown - C-x activate rectangle-mark-mode - M-x string-rectangle insert text in marked rect -``` - -## mass edit -```makrdown - C-x h mark whole buffer (mark-whole-buffer) - M-x delete-matching-line delete lines matching regex - M-x % search & replace region (query-replace) - C-M-x % search & replace regex (query-replace-regexp) -``` - -## grep -```markdown - M-x find-grep run find-grep result in *grep* buffer - n/p navigate next/previous match in *grep* buffer -``` - -## lisp mode -```markdown - M-x lisp-interaction-mode activate lisp mode - C-M-x evaluate top expr under cursor - C-x C-e eval-last-sexp - C-u C-x C-e eval-last-sexp and prints result in current buffer -``` - -## narrow -```markdown - C-x n n show only focused region (narrow) - C-x n w show whole buffer (wide) -``` - -## org -```markdown - M-up/M-down re-arrange items in same hierarchy - M-left/M-right change item hierarchy - C-RET create new item below current - C-S-RET create new TODO item below current - S-left/S-right cycle TODO states -``` - -### org source -```markdown - &1 | less;' to current cmdline -``` - -## debug -```markdown - status print-stack-trace .. prints function stacktrace (can be used in scripts) - breakpoint ................ halt script execution and gives shell (C-d | exit - to continue) -``` diff --git a/src/gcc.md b/src/gcc.md deleted file mode 100644 index 1381242..0000000 --- a/src/gcc.md +++ /dev/null @@ -1,58 +0,0 @@ -# gcc(1) - -## CLI - -### Preprocessing -While debugging can be helpful to just pre-process files. - -```bash -gcc -E [-dM] ... -``` -- `-E` run only preprocessor -- `-dM` list only `#define` statements - -## [Builtins][builtins] - -### `__builtin_expect(expr, cond)` -Give the compiler a hint which branch is hot, so it can lay out the code -accordingly to reduce number of jump instructions. -See on [compiler explorer](https://godbolt.org/z/MbTHAP). - -```bash -echo " -extern void foo(); -extern void bar(); -void run0(int x) { - if (__builtin_expect(x,0)) { foo(); } - else { bar(); } -} -void run1(int x) { - if (__builtin_expect(x,1)) { foo(); } - else { bar(); } -} -" | gcc -O2 -S -masm=intel -o /dev/stdout -xc - -``` - -Will generate something similar to the following. -- `run0`: `bar` is on the path without branch -- `run1`: `foo` is on the path without branch -```c -run0: - test edi, edi - jne .L4 - xor eax, eax - jmp bar -.L4: - xor eax, eax - jmp foo -run1: - test edi, edi - je .L6 - xor eax, eax - jmp foo -.L6: - xor eax, eax - jmp bar -``` - -[builtins]: https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html diff --git a/src/gdb.md b/src/gdb.md deleted file mode 100644 index 7a43ca1..0000000 --- a/src/gdb.md +++ /dev/null @@ -1,162 +0,0 @@ -# gdb(1) - -# CLI - -```markdown - gdb [opts] [prg [-c coredump | -p pid]] - gdb [opts] --args prg - opts: - -p attach to pid - -c use - -x execute script before prompt - -ex execute command before prompt - --tty set I/O tty for debugee -``` - -# Interactive usage - -```markdown - tty - Set as tty for debugee. - Make sure nobody reads from target tty, easiest is to spawn a shell - and run following in target tty: - > while true; do sleep 1024; done - - set follow-fork-mode - Specify which process to follow when debuggee makes a fork(2) - syscall. - - sharedlibrary [] - Load symbols of shared libs loaded by debugee. Optionally use - to filter libs for symbol loading. - - break [-qualified] thread - Set a breakpoint only for a specific thread. - -qualified: Tred as fully qualified symbol (quiet handy to set - breakpoints on C symbols in C++ contexts) - - rbreak - Set breakpoints matching , where matching internally is done - on: .*.* - - command [] - Define commands to run after breakpoint hit. If is not - specified attach command to last created breakpoint. Command block - terminated with 'end' token. - - : Space separates list, eg 'command 2 5-8' to run command - for breakpoints: 2,5,6,7,8. - - info functions [] - List functions matching . List all functions if no - provided. - - info variables [] - List variables matching . List all variables if no - provided. - - info handle [] - Print how to handle . If no specified print for all - signals. - - handle - Configure how gdb handles sent to debugee. - : - stop/nostop Catch signal in gdb and break. - print/noprint Print message when gdb catches signal. - pass/nopass Pass signal down to debugee. - - catch signal - Create a catchpoint for . -``` - -# User commands (macros) - -Gdb allows to create & document user commands as follows: -```markdown - define - # cmds - end - - document - # docu - end -``` - -To get all user commands or documentations one can use: -```markdown - help user-defined - help -``` - -# Hooks - -Gdb allows to create two types of command `hooks` -- `hook-` will be run before `` -- `hookpost-` will be run after `` -```markdown - define hook- - # cmds - end - - define hookpost- - # cmds - end -``` - -# Examples - -## Catch SIGSEGV and execute commands -This creates a `catchpoint` for the `SIGSEGV` signal and attached the `command` -to it. -```markdown - catch signal SIGSEGV - command - bt - c - end -``` - -## Run `backtrace` on thread 1 (batch mode) -```markdown - gdb --batch -ex 'thread 1' -ex 'bt' -p -``` - -## Script gdb for automating debugging sessions -To script gdb add commands into a file and pass it to gdb via `-x`. -For example create `run.gdb`: -```markdown - set pagination off - - break mmap - command - info reg rdi rsi rdx - bt - c - end - - #initial drop - c -``` -This script can be used as: -```markdown - gdb --batch -x ./run.gdb -p -``` - -# Know Bugs - -## Workaround `command + finish` bug -When using `finish` inside a `command` block, commands after `finish` are not -executed. To workaround that bug one can create a wrapper function which calls -`finish`. -```markdown - define handler - bt - finish - info reg rax - end - - command - handler - end -``` diff --git a/src/git.md b/src/git.md deleted file mode 100644 index d76ae77..0000000 --- a/src/git.md +++ /dev/null @@ -1,129 +0,0 @@ -# git(1) - -## staging -```markdown - git add -p [] ............ partial staging (interactive) -``` - -## Remote -```markdown - git remote -v .................. list remotes verbose (with URLs) - git remote show [-n] .. list info for (like remote HEAD, - remote branches, tracking mapping) -``` - -## Branching -```markdown - git branch [-a] ................ list available branches; -a to include - remote branches - git branch -vv ................. list branch & annotate with head sha1 & - remote tracking branch - git branch ............. create branch with name - git checkout ........... switch to branch with name - git push -u origin .... push branch to origin (or other remote), and - setup as tracking branch -``` - -## Resetting -```markdown - git reset [opt] - opt: - --mixed .................... resets index, but not working tree - --hard ..................... matches the working tree and index to that - of the tree being switched to any changes to - tracked files in the working tree since - are lost - git reset HEAD .......... remove file from staging - git reset --soft HEAD~1 ........ delete most recent commit but keep work - git reset --hard HEAD~1 ........ delete most recent commit and delete work -``` - -## Tags -```markdown - git tag -a -m "descr" ........ creates an annotated tag (full object - containing tagger, date, ...) - git tag -l ........................... list available tags - git checkout tag/ ............. checkout specific tag - git checkout tag/ -b .. checkout specific tag in a new branch -``` - -## Diff -```markdown - git diff HEAD: origin/HEAD: ... diff files for different refs - git diff -U$(wc -l ) ......... shows complete file with diffs - instead of usual diff snippets -``` - -## Log -```markdown - git log --oneline .... shows log in single line per commit -> alias for - '--pretty=oneline --abbrev-commit' - git log --graph ...... text based graph of commit history - git log --decorate ... decorate log with REFs -``` - -## File history -```markdown - git log -p ......... show commit history + diffs for - git log --oneline .. show commit history for in compact format -``` - -## Patching -```markdown - git format-patch / - opt: - -N ................... use [PATCH] instead [PATCH n/m] in subject when - generating patch description (for patches spanning - multiple commits) - --start-number ... start output file generation with as start - number instead '1' - since spcifier: - -3 .................. e.g: create a patch from last three commits - ....... create patch with commits starting after - - git am ......... apply patch and create a commit for it - - git apply --stat ... see which files the patch would change - git apply --check .. see if the patch can be applied cleanly - git apply .......... apply the patch locally without creating a commit - - # eg: generate patches for each commit from initial commit on - git format-patch -N $(git rev-list --max-parents=0 HEAD) - - # generate single patch file from a certain commit/ref - git format-patch --stdout > my-patch.patch -``` - -## Submodules -```markdown - git submodule add [] .......... add new submodule to current project - git clone --recursive ............... clone project and recursively all - submodules (same as using - 'git submodule update --init - --recursive' after clone) - git submodule update --init --recursive ... checkout submodules recursively - using the commit listed in the - super-project (in detached HEAD) - git submodule update --remote .... fetch & merge remote changes for - , this will pull - origin/HEAD or a branch specified - for the submodule - git diff --submodule ...................... show commits that are part of the - submodule diff -``` - -## Inspection -```markdown - git ls-tree [-r] .... show git tree for , -r to recursively ls sub-trees - git show ............ show - git cat-file -p ..... print content of -``` - -## Revision Specifier -```markdown - HEAD ........ last commit - HEAD~1 ...... last commit-1 - HEAD~N ...... last commit-N (linear backwards when in tree structure, check - difference between HEAD^ and HEAD~) - git rev-list --max-parents=0 HEAD ........... first commit -``` diff --git a/src/glibc.md b/src/glibc.md deleted file mode 100644 index 2b2ab34..0000000 --- a/src/glibc.md +++ /dev/null @@ -1,47 +0,0 @@ -# glibc - -## malloc tracer [`mtrace(3)`][mtrace] -Trace memory allocation and de-allocation to detect memory leaks. -Need to call `mtrace(3)` to install the tracing hooks. - -If we can't modify the binary to call `mtrace` we can create a small shared -library and pre-load it. -```c -// libmtrace.c -#include -__attribute__((constructor)) static void init_mtrace() { mtrace(); } -``` - -Compile as: -```bash -gcc -shared -fPIC -o libmtrace.so libmtrace.c -``` - -To generate the trace file run: -```bash -export MALLOC_TRACE= -LD_PRELOAD=./libmtrace.so -``` -**Note**: If `MALLOC_TRACE` is not set `mtrace` won't install tracing hooks. - -To get the results of the trace file: -```bash -mtrace $MALLOC_TRACE -``` - -## malloc check [`mallopt(3)`][mallopt] -Configure action when glibc detects memory error. - -```bash -export MALLOC_CHECK_= -``` - -Useful values: -```markdown -1 print detailed error & continue -3 print detailed error + stack trace + memory mappings & abort -7 print simple error message + stack trace + memory mappings & abort -``` - -[mtrace]: http://man7.org/linux/man-pages/man3/mtrace.3.html -[mallopt]: http://man7.org/linux/man-pages/man3/mallopt.3.html diff --git a/src/ld.so.md b/src/ld.so.md deleted file mode 100644 index 311d1be..0000000 --- a/src/ld.so.md +++ /dev/null @@ -1,130 +0,0 @@ -# ld.so(8) - -## Environment Variables -```console - LD_PRELOAD= colon separated list of libso's to be pre loaded - LD_DEBUG= comma separated list of debug options - =help list available options - =libs show library search path - =files processing of input files - =symbols show search path for symbol lookup - =bindings show against which definition a symbol is bound -``` - -## LD_PRELOAD: Initialization Order and Link Map -Libraries specified in `LD_PRELOAD` are loaded from `left-to-right` but -initialized from `right-to-left`. - -```markdown - > ldd ./main - >> libc.so.6 => /usr/lib/libc.so.6 - - > LD_PRELOAD=liba.so:libb.so ./main - --> - preloaded in this order - <-- - initialized in this order -``` - -The preload order determines: -- the order libraries are inserted into the `link map` -- the initialization order for libraries - -For the example listed above the resulting `link map` will look like the -following: - -```makrdown - +------+ +------+ +------+ +------+ - | main | -> | liba | -> | libb | -> | libc | - +------+ +------+ +------+ +------+ -``` - -This can be seen when running with `LD_DEBUG=files`: - -```makrdown - > LD_DEBUG=files LD_PRELOAD=liba.so:libb.so ./main - # load order (-> determines link map) - >> file=liba.so [0]; generating link map - >> file=libb.so [0]; generating link map - >> file=libc.so.6 [0]; generating link map - - # init order - >> calling init: /usr/lib/libc.so.6 - >> calling init: /libb.so - >> calling init: /liba.so - >> initialize program: ./main -``` - -To verify the `link map` order we let `ld.so` resolve the `memcpy(3)` libc -symbol (used in _main_) dynamically, while enabling `LD_DEBUG=symbols,bindings` -to see the resolving in action. - -```makrdown - > LD_DEBUG=symbols,bindings LD_PRELOAD=liba.so:libb.so ./main - >> symbol=memcpy; lookup in file=./main [0] - >> symbol=memcpy; lookup in file=/liba.so [0] - >> symbol=memcpy; lookup in file=/libb.so [0] - >> symbol=memcpy; lookup in file=/usr/lib/libc.so.6 [0] - >> binding file ./main [0] to /usr/lib/libc.so.6 [0]: normal symbol `memcpy' [GLIBC_2.14] -``` - -## Dynamic Linking (x86_64) -Dynamic linking basically works via one indirect jump. It uses a combination of -function trampolines (`.plt` section) and a function pointer table (`.got.plt` -section). -On the first call the trampoline sets up some metadata and then jumps to the -`ld.so` runtime resolve function, which in turn patches the table with the -correct function pointer. -```makrdown - .plt ....... procedure linkage table, contains function trampolines, usually - located in code segment (rx permission) - .got.plt ... global offset table for .plt, holds the function pointer table -``` - -Using `radare2` we can analyze this in more detail: - -```makrdown - [0x00401040]> pd 4 @ section..got.plt - ;-- section..got.plt: - ;-- .got.plt: ; [22] -rw- section size 32 named .got.plt - ;-- _GLOBAL_OFFSET_TABLE_: - [0] 0x00404000 .qword 0x0000000000403e10 ; section..dynamic - [1] 0x00404008 .qword 0x0000000000000000 - ; CODE XREF from section..plt @ +0x6 - [2] 0x00404010 .qword 0x0000000000000000 - ;-- reloc.puts: - ; CODE XREF from sym.imp.puts @ 0x401030 - [3] 0x00404018 .qword 0x0000000000401036 ; RELOC 64 puts - - [0x00401040]> pd 6 @ section..plt - ;-- section..plt: - ;-- .plt: ; [12] -r-x section size 32 named .plt - ┌─> 0x00401020 ff35e22f0000 push qword [0x00404008] - ╎ 0x00401026 ff25e42f0000 jmp qword [0x00404010] - ╎ 0x0040102c 0f1f4000 nop dword [rax] - ┌ 6: int sym.imp.puts (const char *s); - └ ╎ 0x00401030 ff25e22f0000 jmp qword [reloc.puts] - ╎ 0x00401036 6800000000 push 0 - └─< 0x0040103b e9e0ffffff jmp sym..plt -``` - -- At address `0x00401030` in the `.plt` section we see the indirect jump for - `puts` using the function pointer in `_GLOBAL_OFFSET_TABLE_[3] (GOT)`. -- `GOT[3]` initially points to instruction after the `puts` trampoline - `0x00401036`. -- This pushes the relocation index `0` and then jumps to the first trampoline - `0x00401020`. -- The first trampoline jumps to `GOT[2]` which will be filled at program - startup by the `ld.so` with its resolve function. -- The `ld.so` resolve function fixes the relocation referenced by the - relocation index pushed by the `puts` trampoline. -- The relocation entry at index `0` tells the resolve function which symbol to - search for and where to put the function pointer: - ```makrdown - > readelf -r
- >> Relocation section '.rela.plt' at offset 0x4b8 contains 1 entry: - >> Offset Info Type Sym. Value Sym. Name + Addend - >> 000000404018 000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0 - ``` - As we can see the offset from relocation at index `0` points to `GOT[3]`. - diff --git a/src/lsof.md b/src/lsof.md deleted file mode 100644 index 8253003..0000000 --- a/src/lsof.md +++ /dev/null @@ -1,40 +0,0 @@ -# lsof(8) - -```markdown -lsof - -a ......... AND slection filters instead ORing (OR: default) - -p ... filter by - +fg ........ show file flags for file descripros - -n ......... don't convert network addr to hostnames - -P ......... don't convert network port to service names - -i <@h[:p]>. show connections to h (hostname|ip addr) with optional port p -``` - -```markdown -file flags: - R/W/RW ..... read/write/read-write - CR ......... create - AP ......... append - TR ......... truncate -``` - -# Examples - -## File flags -Show open files with file flags for process: -```markdown -lsof +fg -p -``` -## Open TCP connections -Show open tcp connections for `$USER`: -```markdown -lsof -a -u $USER -i tcp -``` -**Note**: `-a` _ands_ the results. If `-a` is not given all open files matching -`$USER` and all tcp connections are listed (_ored_). - -## Open connection to specific host -Show open connections to `localhost` for `$USER`: -```markdown -lsof -a -u $USER -i @localhost -``` diff --git a/src/misc/README.md b/src/misc/README.md new file mode 100644 index 0000000..e69de29 diff --git a/src/misc/awk.md b/src/misc/awk.md new file mode 100644 index 0000000..38b0cb1 --- /dev/null +++ b/src/misc/awk.md @@ -0,0 +1,126 @@ +# awk(1) + +```markdown +awk [opt] program [input] + -F field separator string (can be regex) + program awk program + input file or stdin if not file given +``` + +## Input processing + +Input is processed in two stages: +1. Splitting input into a sequence of `records`. + By default split at `newline` character, but can be changed via the + builtin `RS` variable. +2. Splitting a `record` into `fields`. By default strings without `whitespace`, + but can be changed via the builtin variable `FS` or command line option + `-F`. + +Fields are accessed as follows: +- `$0` whole `record` +- `$1` field one +- `$2` field two +- ... + +## Program + +An `awk` program is composed of pairs of the form: +```markdown +pattern { action } +``` +The program is run against each `record` in the input stream. If a `pattern` +matches a `record` the corresponding `action` is executed and can access the +`fields`. + +```markdown +INPUT + | + v +record ----> ∀ pattern matched + | | + v v +fields ----> run associated action +``` + +Any valid awk `expr` can be a `pattern`. + +### Special pattern + +awk provides two special patterns, `BEGIN` and `END`, which can be used +multiple times. Actions with those patterns are **executed exactly once**. +- `BEGIN` actions are run before processing the first record +- `END` actions are run after processing the last record + +### Special variables + +- `RS` _record separator_: first char is the record separator, by default + +- `FS` _field separator_: regex to split records into fields, by default + +- `NR` _number record_: number of current record + +### Special statements & functions + +- `printf "fmt", args...` + + Print format string, args are comma separated. + - `%s` string + - `%d` decimal + - `%x` hex + - `%f` float + + Width can be specified as `%Ns`, this reserves `N` chars for a string. + For floats one can use `%N.Mf`, `N` is the total number including `.` and + `M`. + +- `strftime("fmt")` + + Print time stamp formatted by `fmt`. + - `%Y` full year (eg 2020) + - `%m` month (01-12) + - `%d` day (01-31) + - `%F` alias for `%Y-%m-%d` + - `%H` hour (00-23) + - `%M` minute (00-59) + - `%S` second (00-59) + - `%T` alias for `%H:%M:%S` + + +## Examples + +### Filter records +```bash +awk 'NR%2 == 0 { print $0 }' +``` +The pattern `NR%2 == 0` matches every second record and the action `{ print $0 }` +prints the whole record. + +### Capture in variables +```bash +# /proc//status +# Name: cat +# ... +# VmRSS: 516 kB +# ... + +for f in /proc/*/status; do + cat $f | awk ' + /^VmRSS/ { rss = $2/1024 } + /^Name/ { name = $2 } + END { printf "%16s %6d MB\n", name, rss }'; +done | sort -k2 -n +``` +We capture values from `VmRSS` and `Name` into variables and print them at the +`END` once processing all records is done. + +### Run shell command and capture output +```bash +cat /proc/1/status | awk ' + /^Pid/ { + "ps --no-header -o user " $2 | getline user; + print user + }' +``` +We build a `ps` command line and capture the first line of the processes output +in the `user` variable and then print it. diff --git a/src/misc/bash.md b/src/misc/bash.md new file mode 100644 index 0000000..a4df7da --- /dev/null +++ b/src/misc/bash.md @@ -0,0 +1,169 @@ +# bash(1) + +## Expansion + +### Generator + +```bash +# generate sequence from n to m +{n..m} +# generate sequence from n to m step by s +{n..m..s} + +# expand cartesian product +{a,b}{c,d} +``` + +### Parameter +```bash +# default param +bar=${foo:-some_val} # if $foo set, then bar=$foo else bar=some_val + +# check param set +bar=${foo:?msg} # if $foo set, then bar=$foo else exit and print msg + +# indirect +FOO=foo +BAR=FOO +bar=${!BAR} # deref value of BAR -> bar=$FOO + +# prefix +${foo#prefix} # remove prefix when expanding $foo +# suffix +${foo%suffix} # remove suffix when expanding $foo + +# substitute +${foo/pattern/string} # replace pattern with string when expanding foo +# pattern starts with +# '/' replace all occurences of pattern +# '#' pattern match at beginning +# '%' pattern match at end +``` + +> Note: `prefix`/`suffix`/`pattern` are expanded as [pathnames](#pathname). + +### Pathname + +```bash +* match any string +? match any single char +\\ match backslash +[abc] match any char of 'a' 'b' 'c' +[a-z] match any char between 'a' - 'z' +[^ab] negate, match all not 'a' 'b' +[:class:] match any char in class, available: + alnum,alpha,ascii,blank,cntrl,digit,graph,lower, + print,punct,space,upper,word,xdigit +``` + +Wit `extglob` shell option enabled it is possible to have more powerful +patterns. In the following `pattern-list` is one ore more patterns separated +by `|` char. + +```bash +?(pattern-list) matches zero or one occurrence of the given patterns +*(pattern-list) matches zero or more occurrences of the given patterns ++(pattern-list) matches one or more occurrences of the given patterns +@(pattern-list) matches one of the given patterns +!(pattern-list) matches anything except one of the given patterns +``` +> Note: `shopt -s extglob`/`shopt -u extglob` to enable/disable `extglob` +> option. + +## I/O redirection + +> Note: The trick with bash I/O redirection is to interpret from left-to-right. + +```bash +# stdout & stderr to file +command >file 2>&1 +# equivalent +command &>file + +# stderr to stdout & stdout to file +command 2>&1 >file +``` + +### Explanation + +```bash +j>&i +``` +Duplicate `fd i` to `fd j`, making `j` a copy of `i`. See [dup2(2)][dup2]. + +Example: +```bash +command 2>&1 >file +``` +1. duplicate `fd 1` to `fd 2`, effectively redirecting `stderr` to `stdout` +2. redirect `stdout` to `file` + +## Completion + +The `complete` builtin is used to interact with the completion system. +```bash +complete # print currently installed completion handler +complete -F # install as completion handler for +complete -r # uninstall completion handler for +``` + +Variables available in completion functions: +```bash +# in +$1 # +$2 # current word +$3 # privous word + +COMP_WORDS # array with current command line words +COMP_CWORD # index into COMP_WORDS with current cursor position + +# out +COMPREPLY # array with possible completions +``` + +The `compgen` builtin is used to generate possible matches by comparing `word` +against words generated by `option`. +```bash +compgen [option] [word] + +# usefule options: +# -W specify list of possible completions +# -d generate list with dirs +# -f generate list with files +# -u generate list with users +# -e generate list with exported variables + +# compare "f" against words "foo" "foobar" "bar" and generate matches +compgen -W "foo foobar bar" "f" + +# compare "hom" against file/dir names and generate matches +compgen -d -f "hom" +``` + +### Example +Skeleton to copy/paste for writing simple completions. + +Assume a program `foo` with the following interface: +```bash +foo -c green|red|blue -s low|high -f -h +``` + +The completion handler could be implemented as follows: +```bash +function _foo() { + local curr=$2 + local prev=$3 + + local opts="-c -s -f -h" + case $prev in + -c) COMPREPLY=( $(compgen -W "green red blue" -- $curr) );; + -s) COMPREPLY=( $(compgen -W "low high" -- $curr) );; + -f) COMPREPLY=( $(compgen -f -- $curr) );; + *) COMPREPLY=( $(compgen -W "$opts" -- $curr) );; + esac +} + +complete -F _foo foo +``` + +[dup2]: http://man7.org/linux/man-pages/man2/dup.2.html diff --git a/src/misc/emacs.md b/src/misc/emacs.md new file mode 100644 index 0000000..b288fb1 --- /dev/null +++ b/src/misc/emacs.md @@ -0,0 +1,86 @@ +# emacs(1) + +## help +```markdown + C-h ? list available help modes + C-h f describe function + C-h v describe variable + C-h c print command bound to + C-h k describe command bound to + C-h b list buffer local key-bindings + C-h list possible key-bindings with + eg C-x C-h -> list key-bindings beginning with C-x +``` + +## package manager +```markdown + package-refresh-contents refresh package list + package-list-packages list available/installed packages +``` + +## window +```markdown + C-x 0 kill focused window + C-x 1 kill all other windows + C-x 2 split horizontal + C-x 3 split vertical +``` + +## yank/paste +```markdown + C- set start mark to select text + M-w copy selected text + C-w kill selected text + C-y paste selected text + M-y cycle through kill-ring +``` + +## block/rect +```markdown + C-x activate rectangle-mark-mode + M-x string-rectangle insert text in marked rect +``` + +## mass edit +```makrdown + C-x h mark whole buffer (mark-whole-buffer) + M-x delete-matching-line delete lines matching regex + M-x % search & replace region (query-replace) + C-M-x % search & replace regex (query-replace-regexp) +``` + +## grep +```markdown + M-x find-grep run find-grep result in *grep* buffer + n/p navigate next/previous match in *grep* buffer +``` + +## lisp mode +```markdown + M-x lisp-interaction-mode activate lisp mode + C-M-x evaluate top expr under cursor + C-x C-e eval-last-sexp + C-u C-x C-e eval-last-sexp and prints result in current buffer +``` + +## narrow +```markdown + C-x n n show only focused region (narrow) + C-x n w show whole buffer (wide) +``` + +## org +```markdown + M-up/M-down re-arrange items in same hierarchy + M-left/M-right change item hierarchy + C-RET create new item below current + C-S-RET create new TODO item below current + S-left/S-right cycle TODO states +``` + +### org source +```markdown + &1 | less;' to current cmdline +``` + +## debug +```markdown + status print-stack-trace .. prints function stacktrace (can be used in scripts) + breakpoint ................ halt script execution and gives shell (C-d | exit + to continue) +``` diff --git a/src/misc/gdb.md b/src/misc/gdb.md new file mode 100644 index 0000000..7a43ca1 --- /dev/null +++ b/src/misc/gdb.md @@ -0,0 +1,162 @@ +# gdb(1) + +# CLI + +```markdown + gdb [opts] [prg [-c coredump | -p pid]] + gdb [opts] --args prg + opts: + -p attach to pid + -c use + -x execute script before prompt + -ex execute command before prompt + --tty set I/O tty for debugee +``` + +# Interactive usage + +```markdown + tty + Set as tty for debugee. + Make sure nobody reads from target tty, easiest is to spawn a shell + and run following in target tty: + > while true; do sleep 1024; done + + set follow-fork-mode + Specify which process to follow when debuggee makes a fork(2) + syscall. + + sharedlibrary [] + Load symbols of shared libs loaded by debugee. Optionally use + to filter libs for symbol loading. + + break [-qualified] thread + Set a breakpoint only for a specific thread. + -qualified: Tred as fully qualified symbol (quiet handy to set + breakpoints on C symbols in C++ contexts) + + rbreak + Set breakpoints matching , where matching internally is done + on: .*.* + + command [] + Define commands to run after breakpoint hit. If is not + specified attach command to last created breakpoint. Command block + terminated with 'end' token. + + : Space separates list, eg 'command 2 5-8' to run command + for breakpoints: 2,5,6,7,8. + + info functions [] + List functions matching . List all functions if no + provided. + + info variables [] + List variables matching . List all variables if no + provided. + + info handle [] + Print how to handle . If no specified print for all + signals. + + handle + Configure how gdb handles sent to debugee. + : + stop/nostop Catch signal in gdb and break. + print/noprint Print message when gdb catches signal. + pass/nopass Pass signal down to debugee. + + catch signal + Create a catchpoint for . +``` + +# User commands (macros) + +Gdb allows to create & document user commands as follows: +```markdown + define + # cmds + end + + document + # docu + end +``` + +To get all user commands or documentations one can use: +```markdown + help user-defined + help +``` + +# Hooks + +Gdb allows to create two types of command `hooks` +- `hook-` will be run before `` +- `hookpost-` will be run after `` +```markdown + define hook- + # cmds + end + + define hookpost- + # cmds + end +``` + +# Examples + +## Catch SIGSEGV and execute commands +This creates a `catchpoint` for the `SIGSEGV` signal and attached the `command` +to it. +```markdown + catch signal SIGSEGV + command + bt + c + end +``` + +## Run `backtrace` on thread 1 (batch mode) +```markdown + gdb --batch -ex 'thread 1' -ex 'bt' -p +``` + +## Script gdb for automating debugging sessions +To script gdb add commands into a file and pass it to gdb via `-x`. +For example create `run.gdb`: +```markdown + set pagination off + + break mmap + command + info reg rdi rsi rdx + bt + c + end + + #initial drop + c +``` +This script can be used as: +```markdown + gdb --batch -x ./run.gdb -p +``` + +# Know Bugs + +## Workaround `command + finish` bug +When using `finish` inside a `command` block, commands after `finish` are not +executed. To workaround that bug one can create a wrapper function which calls +`finish`. +```markdown + define handler + bt + finish + info reg rax + end + + command + handler + end +``` diff --git a/src/misc/git.md b/src/misc/git.md new file mode 100644 index 0000000..d76ae77 --- /dev/null +++ b/src/misc/git.md @@ -0,0 +1,129 @@ +# git(1) + +## staging +```markdown + git add -p [] ............ partial staging (interactive) +``` + +## Remote +```markdown + git remote -v .................. list remotes verbose (with URLs) + git remote show [-n] .. list info for (like remote HEAD, + remote branches, tracking mapping) +``` + +## Branching +```markdown + git branch [-a] ................ list available branches; -a to include + remote branches + git branch -vv ................. list branch & annotate with head sha1 & + remote tracking branch + git branch ............. create branch with name + git checkout ........... switch to branch with name + git push -u origin .... push branch to origin (or other remote), and + setup as tracking branch +``` + +## Resetting +```markdown + git reset [opt] + opt: + --mixed .................... resets index, but not working tree + --hard ..................... matches the working tree and index to that + of the tree being switched to any changes to + tracked files in the working tree since + are lost + git reset HEAD .......... remove file from staging + git reset --soft HEAD~1 ........ delete most recent commit but keep work + git reset --hard HEAD~1 ........ delete most recent commit and delete work +``` + +## Tags +```markdown + git tag -a -m "descr" ........ creates an annotated tag (full object + containing tagger, date, ...) + git tag -l ........................... list available tags + git checkout tag/ ............. checkout specific tag + git checkout tag/ -b .. checkout specific tag in a new branch +``` + +## Diff +```markdown + git diff HEAD: origin/HEAD: ... diff files for different refs + git diff -U$(wc -l ) ......... shows complete file with diffs + instead of usual diff snippets +``` + +## Log +```markdown + git log --oneline .... shows log in single line per commit -> alias for + '--pretty=oneline --abbrev-commit' + git log --graph ...... text based graph of commit history + git log --decorate ... decorate log with REFs +``` + +## File history +```markdown + git log -p ......... show commit history + diffs for + git log --oneline .. show commit history for in compact format +``` + +## Patching +```markdown + git format-patch / + opt: + -N ................... use [PATCH] instead [PATCH n/m] in subject when + generating patch description (for patches spanning + multiple commits) + --start-number ... start output file generation with as start + number instead '1' + since spcifier: + -3 .................. e.g: create a patch from last three commits + ....... create patch with commits starting after + + git am ......... apply patch and create a commit for it + + git apply --stat ... see which files the patch would change + git apply --check .. see if the patch can be applied cleanly + git apply .......... apply the patch locally without creating a commit + + # eg: generate patches for each commit from initial commit on + git format-patch -N $(git rev-list --max-parents=0 HEAD) + + # generate single patch file from a certain commit/ref + git format-patch --stdout > my-patch.patch +``` + +## Submodules +```markdown + git submodule add [] .......... add new submodule to current project + git clone --recursive ............... clone project and recursively all + submodules (same as using + 'git submodule update --init + --recursive' after clone) + git submodule update --init --recursive ... checkout submodules recursively + using the commit listed in the + super-project (in detached HEAD) + git submodule update --remote .... fetch & merge remote changes for + , this will pull + origin/HEAD or a branch specified + for the submodule + git diff --submodule ...................... show commits that are part of the + submodule diff +``` + +## Inspection +```markdown + git ls-tree [-r] .... show git tree for , -r to recursively ls sub-trees + git show ............ show + git cat-file -p ..... print content of +``` + +## Revision Specifier +```markdown + HEAD ........ last commit + HEAD~1 ...... last commit-1 + HEAD~N ...... last commit-N (linear backwards when in tree structure, check + difference between HEAD^ and HEAD~) + git rev-list --max-parents=0 HEAD ........... first commit +``` diff --git a/src/misc/radare2.md b/src/misc/radare2.md new file mode 100644 index 0000000..673c911 --- /dev/null +++ b/src/misc/radare2.md @@ -0,0 +1,27 @@ +# radare2(1) + +## print +```markdown + + pd [@ ] # print disassembly for instructions + # with optional temporary seek to +``` + +## flags +```markdown + fs # list flag-spaces + fs # select flag-space + f # print flags of selected flag-space +``` + +## help +```markdown + ?*~ # '?*' list all commands and '~' grep for + ?*~... # '..' less mode /'...' interactive search +``` + +## relocation +```markdown + > r2 -B # open mapped to addr + oob # reopen current file at +``` diff --git a/src/misc/tmux.md b/src/misc/tmux.md new file mode 100644 index 0000000..04b1111 --- /dev/null +++ b/src/misc/tmux.md @@ -0,0 +1,110 @@ +# tmux(1) + +Terminology: +- `session` is a collection of pseudo terminals which can have multiple + `windows` +- `window` uses the entire screen and can be split into rectangular `panes` +- `pane` is a single pseudo terminal instance + +# Tmux cli +```markdown +# Session +tmux creates new session +tmux ls list running sessions +tmux kill-session -t kill running session +tmux attach -t [-d] attach to session , detach other clients [-d] +tmux detach -s detach all clients from session + +# Environment +tmux showenv -g show global tmux environment variables +tmux setenv -g set variable in global tmux env + +# Misc +tmux source-file source config +tmux lscm list available tmux commnds +tmux show -g show global tmux options +tmux display display message in tmux status line +``` +## Scripting +```markdown +# Session +tmux list-sessions -F '#S' list running sessions, only IDs + +# Window +tmux list-windows -F '#I' -t list window IDs for session +tmux selectw -t : select window in session + +# Pane +tmux list-panes -F '#P' -t : list pane IDs for window in session +tmux selectp -t :.

select pane

in window in session + +# Run commands +tmux send -t :.

"ls" C-m send cmds/keys to pane +tmux run -t

run shell command in background and report output on pane -t

+``` + +For example cycle through all panes in all windows in all sessions: +```bash +# bash +for s in $(tmux list-sessions -F '#S'); do + for w in $(tmux list-windows -F '#I' -t $s); do + for p in $(tmux list-panes -F '#P' -t $s:$w); do + echo $s:$w.$p + done + done +done +``` + +# Bindings + +```markdown +prefix d detach from current session +prefix c create new window +prefix w open window list +prefix $ rename session +prefix , rename window +prefix . move current window +``` + +Following bindings are specific to my [`tmux.conf`](https://github.com/johannst/dotfiles/blob/master/tmux.conf): +```markdown +C-s prefix + +# Panes +prefix s horizontal split +prefix v vertical split +prefix f toggle maximize/minimize current pane + +# Movement +prefix Tab toggle between window + +prefix h move to pane left +prefix j move to pane down +prefix k move to pane up +prefix l move to pane right + +# Resize +prefix C-h resize pane left +prefix C-j resize pane down +prefix C-k resize pane up +prefix C-l resize pane right + +# Copy/Paste +prefix C-v enter copy mode +prefix C-p paste yanked text +prefix C-b open copy-buffer list + +# In Copy Mode +v enable visual mode +y yank selected text +``` + +# Command mode + +To enter command mode `prefix :`. + +Some useful commands are: +```markdown +setw synchronize-panes on/off enables/disables synchronized input to all panes +list-keys -t vi-copy list keymaps for vi-copy mode +``` diff --git a/src/misc/zsh.md b/src/misc/zsh.md new file mode 100644 index 0000000..ae2a4bc --- /dev/null +++ b/src/misc/zsh.md @@ -0,0 +1,125 @@ +# zsh(1) + +## Keybindings + +Change input mode: +```zsh +bindkey -v change to vi keymap +bindkey -e change to emacs keymap +``` + +Define key-mappings: +```zsh +bindkey list mappings in current keymap +bindkey in-str cmd create mapping for `in-str` to `cmd` +bindkey -r in-str remove binding for `in-str` + +# C-v dump code, which can be used in `in-str` +# zle -l list all functions for keybindings +# man zshzle(1) STANDARD WIDGETS: get description of functions +``` + +## Completion + +### Installation + +Completion functions are provided via files and need to be placed in a location +covered by `$fpath`. By convention the completion files are names as `_`. + +A completion skeleton for the command `foo`, stored in `_foo` +```zsh +#compdef _foo foo + +function _foo() { + ... +} +``` + +Alternatively one can install a completion function explicitly by calling `compdef `. + +### Completion Variables + +Following variables are available in Completion functions: +```zsh +$words # array with command line in words +$#words # number words +$CURRENT # index into $words for cursor position +$words[CURRENT-1] # previous word (relative to cursor position) +``` + +### Completion Functions +- `_describe` simple completion, just words + description +- `_arguments` sophisticated completion, allow to specify actions + +#### Completion with [`_describe`][zsh-comp-utils] +```zsh +_describe MSG COMP +``` +- `MSG` simple string with header message +- `COMP` array of completions where each entry is `"opt:description"` + +```zsh +function _foo() { + local -a opts + opts=('bla:desc for bla' 'blu:desc for blu') + _describe 'foo-msg' opts +} +compdef _foo foo + +foo + -- foo-msg -- +bla -- desc for bla +blu -- desc for blu +``` + +#### Completion with [`_arguments`][zsh-comp-utils] +```zsh +_arguments SPEC [SPEC...] +``` +where `SPEC` can have one of the following forms: +- `OPT[DESC]:MSG:ACTION` +- `N:MSG:ACTION` + +Available actions +```zsh +(op1 op2) list possible matches +->VAL set $state=VAL and continue, `$state` can be checked later in switch case +FUNC call func to generate matches +{STR} evaluate `STR` to generate matches +``` + +### Example +Skeleton to copy/paste for writing simple completions. + +Assume a program `foo` with the following interface: +```zsh +foo -c green|red|blue -s low|high -f -d

-h +``` + +The completion handler could be implemented as follows in a file called `_foo`: +```zsh +#compdef _foo foo + +function _foo_color() { + local colors=() + colors+=('green:green color') + colors+=('red:red color') + colors+=('blue:blue color') + _describe "color" colors +} + +function _foo() { + _arguments \ + "-c[define color]:color:->s_color" \ + "-s[select sound]:color:(low high)" \ + "-f[select file]:file:_files" \ + "-d[select dir]:fir:_files -/" \ + "-h[help]" + + case $state in + s_color) _foo_color;; + esac +} +``` + +[zsh-comp-utils]: http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Completion-Functions diff --git a/src/monitor/README.md b/src/monitor/README.md new file mode 100644 index 0000000..545e774 --- /dev/null +++ b/src/monitor/README.md @@ -0,0 +1 @@ +# Resource analysis & monitor diff --git a/src/monitor/lsof.md b/src/monitor/lsof.md new file mode 100644 index 0000000..8253003 --- /dev/null +++ b/src/monitor/lsof.md @@ -0,0 +1,40 @@ +# lsof(8) + +```markdown +lsof + -a ......... AND slection filters instead ORing (OR: default) + -p ... filter by + +fg ........ show file flags for file descripros + -n ......... don't convert network addr to hostnames + -P ......... don't convert network port to service names + -i <@h[:p]>. show connections to h (hostname|ip addr) with optional port p +``` + +```markdown +file flags: + R/W/RW ..... read/write/read-write + CR ......... create + AP ......... append + TR ......... truncate +``` + +# Examples + +## File flags +Show open files with file flags for process: +```markdown +lsof +fg -p +``` +## Open TCP connections +Show open tcp connections for `$USER`: +```markdown +lsof -a -u $USER -i tcp +``` +**Note**: `-a` _ands_ the results. If `-a` is not given all open files matching +`$USER` and all tcp connections are listed (_ored_). + +## Open connection to specific host +Show open connections to `localhost` for `$USER`: +```markdown +lsof -a -u $USER -i @localhost +``` diff --git a/src/monitor/pgrep.md b/src/monitor/pgrep.md new file mode 100644 index 0000000..2b52a73 --- /dev/null +++ b/src/monitor/pgrep.md @@ -0,0 +1,15 @@ +# pgrep(1) + +```markdown +pgrep [opts] + -n only list newest matching process + -u only show matching for user + -l additionally list command + -a additionally list command + arguments +``` + +## Debug newest process +For example attach gdb to newest zsh process from `$USER`. +```markdown +gdb -p $(pgrep -n -u $USER zsh) +``` diff --git a/src/monitor/pidstat.md b/src/monitor/pidstat.md new file mode 100644 index 0000000..b57f231 --- /dev/null +++ b/src/monitor/pidstat.md @@ -0,0 +1,31 @@ +# pidstat(1) + +```markdown +pidstat [opt] [interval] [cont] + -U [user] show username instead UID, optionally only show for user + -r memory statistics + -d I/O statistics + -h single line per process and no lines with average +``` + +# Page fault and memory utilization +```markdown +pidstat -r -p [interval] [count] +``` + +```markdown +minor_pagefault: Happens when the page needed is already in memory but not + allocated to the faulting process, in that case the kernel + only has to create a new page-table entry pointing to the + shared physical page (not required to load a memory page from + disk). + +major_pagefault: Happens when the page needed is NOT in memory, the kernel + has to create a new page-table entry and populate the + physical page (required to load a memory page from disk). +``` + +# I/O statistics +```markdown +pidstat -d -p [interval] [count] +``` diff --git a/src/monitor/pmap.md b/src/monitor/pmap.md new file mode 100644 index 0000000..7c905ae --- /dev/null +++ b/src/monitor/pmap.md @@ -0,0 +1,7 @@ +# pmap(1) + +```markdown +pmap + Dump virtual memory map of process. + Compared to /proc//maps it shows the size of the mappings. +``` diff --git a/src/monitor/pstack.md b/src/monitor/pstack.md new file mode 100644 index 0000000..c135844 --- /dev/null +++ b/src/monitor/pstack.md @@ -0,0 +1,6 @@ +# pstack(1) + +```markdown +pstack + Dump stack for all threads of process. +``` diff --git a/src/nm.md b/src/nm.md deleted file mode 100644 index 6e6fd1a..0000000 --- a/src/nm.md +++ /dev/null @@ -1,7 +0,0 @@ -# nm(1) - -```markdown - nm [opts] - -C demangle - -u undefined only -``` diff --git a/src/objdump.md b/src/objdump.md deleted file mode 100644 index 636db3f..0000000 --- a/src/objdump.md +++ /dev/null @@ -1,18 +0,0 @@ -# objdump(1) - -```markdown - objdump [opts] - -M intel use intil syntax - -d disassemble text section - -D disassemble all sections - -S mix disassembly with source code - -C demangle - -j
display info for section - --[no-]show-raw-insn [dont] show object code next to disassembly -``` - -## Disassemble section -For example `.plt` section: -```markdown - objdump -j .plt -d -``` diff --git a/src/od.md b/src/od.md deleted file mode 100644 index 47f567a..0000000 --- a/src/od.md +++ /dev/null @@ -1,49 +0,0 @@ -# od(1) - -```markdown - od [opts] - -An don't print addr info - -tx4 print hex in 4 byte chunks - -ta print as named character - -tc printable chars or backslash escape - -w4 print 4 bytes per line - -j skip bytes from (hex if start with 0x) - -N dump bytes (hex of start with 0x) -``` - -## ASCII to hex string -```markdown - echo -n AAAABBBB | od -An -w4 -tx4 - >> 41414141 - >> 42424242 - - echo -n '\x7fELF\n' | od -tx1 -ta -tc - >> 0000000 7f 45 4c 46 0a # tx1 - >> del E L F nl # ta - >> 177 E L F \n # tc -``` - -## Extract parts of file -For example `.rodata` section from an elf file. We can use `readelf` to get the -offset into the file where the `.rodata` section starts. -```markdown - readelf -W -S foo - >> Section Headers: - >> [Nr] Name Type Address Off Size ES Flg Lk Inf Al - >> ... - >> [15] .rodata PROGBITS 00000000004009c0 0009c0 000030 00 A 0 0 16 -``` - -With the offset of `-j 0x0009c0` we can dump `-N 0x30` bytes from the beginning of -the `.rodata` section as follows: -```markdown - od -j 0x0009c0 -N 0x30 -tx4 -w4 foo - >> 0004700 00020001 - >> 0004704 00000000 - >> * - >> 0004740 00000001 - >> 0004744 00000002 - >> 0004750 00000003 - >> 0004754 00000004 -``` -**Note**: Numbers starting with `0x` will be interpreted as hex by `od`. diff --git a/src/oprofile.md b/src/oprofile.md deleted file mode 100644 index 7d35283..0000000 --- a/src/oprofile.md +++ /dev/null @@ -1,14 +0,0 @@ -# [OProfile](https://oprofile.sourceforge.io/) - -```markdown -operf -g -p - -g ...... caputre call-graph information - -opreport [opt] FILE - show time spent per binary image - -l ...... show time spent per symbol - -c ...... show callgraph information (see below) - -a ...... add column with time spent accumulated over child nodes - -ophelp show supported hw/sw events -``` diff --git a/src/perf.md b/src/perf.md deleted file mode 100644 index 57118ed..0000000 --- a/src/perf.md +++ /dev/null @@ -1,56 +0,0 @@ -# perf(1) - -```markdown -perf list show supported hw/sw events - -perf stat - -p .. show stats for running process - -I ... show stats periodically over interval - -e ... filter for events - -perf top - -p .. show stats for running process - -F ... sampling frequency - -K ........ hide kernel threads - -perf record - -p ............... record stats for running process - -F ................ sampling frequency - --call-graph .. [fp, dwarf, lbr] method how to caputre backtrace - fp : use frame-pointer, need to compile with - -fno-omit-frame-pointer - dwarf: use .cfi debug information - lbr : use hardware last branch record facility - -g ..................... short-hand for --call-graph fp - -e ................ filter for events - -perf report - -n .................... annotate symbols with nr of samples - --stdio ............... report to stdio, if not presen tui mode - -g graph,0.5,caller ... show caller based call chains with value >0.5 -``` - -```markdown -Useful : - page-faults - minor-faults - major-faults - cpu-cycles` - task-clock -``` - -## [`Flamegraph`](https://github.com/brendangregg/FlameGraph) - -### Flamegraph with single event trace -```markdown -perf record -g -e cpu-cycles -p -perf script | FlameGraph/stackcollapse-perf.pl | FlameGraph/flamegraph.pl > cycles-flamegraph.svg -``` - -### Flamegraph with multiple event traces -```markdown -perf record -g -e cpu-cycles,page-faults -p -perf script --per-event-dump -# fold & generate as above -``` - diff --git a/src/pgrep.md b/src/pgrep.md deleted file mode 100644 index 2b52a73..0000000 --- a/src/pgrep.md +++ /dev/null @@ -1,15 +0,0 @@ -# pgrep(1) - -```markdown -pgrep [opts] - -n only list newest matching process - -u only show matching for user - -l additionally list command - -a additionally list command + arguments -``` - -## Debug newest process -For example attach gdb to newest zsh process from `$USER`. -```markdown -gdb -p $(pgrep -n -u $USER zsh) -``` diff --git a/src/pidstat.md b/src/pidstat.md deleted file mode 100644 index b57f231..0000000 --- a/src/pidstat.md +++ /dev/null @@ -1,31 +0,0 @@ -# pidstat(1) - -```markdown -pidstat [opt] [interval] [cont] - -U [user] show username instead UID, optionally only show for user - -r memory statistics - -d I/O statistics - -h single line per process and no lines with average -``` - -# Page fault and memory utilization -```markdown -pidstat -r -p [interval] [count] -``` - -```markdown -minor_pagefault: Happens when the page needed is already in memory but not - allocated to the faulting process, in that case the kernel - only has to create a new page-table entry pointing to the - shared physical page (not required to load a memory page from - disk). - -major_pagefault: Happens when the page needed is NOT in memory, the kernel - has to create a new page-table entry and populate the - physical page (required to load a memory page from disk). -``` - -# I/O statistics -```markdown -pidstat -d -p [interval] [count] -``` diff --git a/src/pmap.md b/src/pmap.md deleted file mode 100644 index 7c905ae..0000000 --- a/src/pmap.md +++ /dev/null @@ -1,7 +0,0 @@ -# pmap(1) - -```markdown -pmap - Dump virtual memory map of process. - Compared to /proc//maps it shows the size of the mappings. -``` diff --git a/src/pstack.md b/src/pstack.md deleted file mode 100644 index c135844..0000000 --- a/src/pstack.md +++ /dev/null @@ -1,6 +0,0 @@ -# pstack(1) - -```markdown -pstack - Dump stack for all threads of process. -``` diff --git a/src/radare2.md b/src/radare2.md deleted file mode 100644 index 673c911..0000000 --- a/src/radare2.md +++ /dev/null @@ -1,27 +0,0 @@ -# radare2(1) - -## print -```markdown - - pd [@ ] # print disassembly for instructions - # with optional temporary seek to -``` - -## flags -```markdown - fs # list flag-spaces - fs # select flag-space - f # print flags of selected flag-space -``` - -## help -```markdown - ?*~ # '?*' list all commands and '~' grep for - ?*~... # '..' less mode /'...' interactive search -``` - -## relocation -```markdown - > r2 -B # open mapped to addr - oob # reopen current file at -``` diff --git a/src/readelf.md b/src/readelf.md deleted file mode 100644 index d359a84..0000000 --- a/src/readelf.md +++ /dev/null @@ -1,13 +0,0 @@ -# readelf(1) - -```markdown - readelf [opts] - -W|--wide wide output, dont break output at 80 chars - -h print ELF header - -S print section headers - -l print program headers + segment mapping - -d print .dynamic section (dynamic link information) - --syms print symbol tables (.symtab .dynsym) - --dyn-syms print dynamic symbol table (exported symbols for dynamic linker) - -r print relocation sections (.rel.*, .rela.*) -``` diff --git a/src/strace.md b/src/strace.md deleted file mode 100644 index 34abf3b..0000000 --- a/src/strace.md +++ /dev/null @@ -1,32 +0,0 @@ -# strace(1) - -```markdown -strace [opts] [prg] - -f .......... follow child processes on fork(2) - -p .... attach to running process - -s ... max string size, truncate of longer (default: 32) - -e ... expression for trace filtering - -o ... log output into - -c .......... dump syscall statitics at the end -``` - -```markdown -: - trace=syscall[,syscall] .... trace only syscall listed - trace=file ................. trace all syscall that take a filename as arg - trace=process .............. trace process management related syscalls - trace=signal ............... trace signal related syscalls - signal ..................... trace signals delivered to the process -``` - -# Examples - -Trace `open(2)` & `socket(2)` syscalls for a running process + child processes: -```markdown -strace -f -e trace=open,socket -p -``` - -Trace signals delivered to a running process: -```markdown -strace -f -e signal -p -``` diff --git a/src/time.md b/src/time.md deleted file mode 100644 index be404fb..0000000 --- a/src/time.md +++ /dev/null @@ -1,6 +0,0 @@ -# /usr/bin/time(1) - -```markdown -# statistics of process run -/usr/bin/time -v -``` diff --git a/src/tmux.md b/src/tmux.md deleted file mode 100644 index 04b1111..0000000 --- a/src/tmux.md +++ /dev/null @@ -1,110 +0,0 @@ -# tmux(1) - -Terminology: -- `session` is a collection of pseudo terminals which can have multiple - `windows` -- `window` uses the entire screen and can be split into rectangular `panes` -- `pane` is a single pseudo terminal instance - -# Tmux cli -```markdown -# Session -tmux creates new session -tmux ls list running sessions -tmux kill-session -t kill running session -tmux attach -t [-d] attach to session , detach other clients [-d] -tmux detach -s detach all clients from session - -# Environment -tmux showenv -g show global tmux environment variables -tmux setenv -g set variable in global tmux env - -# Misc -tmux source-file source config -tmux lscm list available tmux commnds -tmux show -g show global tmux options -tmux display display message in tmux status line -``` -## Scripting -```markdown -# Session -tmux list-sessions -F '#S' list running sessions, only IDs - -# Window -tmux list-windows -F '#I' -t list window IDs for session -tmux selectw -t : select window in session - -# Pane -tmux list-panes -F '#P' -t : list pane IDs for window in session -tmux selectp -t :.

select pane

in window in session - -# Run commands -tmux send -t :.

"ls" C-m send cmds/keys to pane -tmux run -t

run shell command in background and report output on pane -t

-``` - -For example cycle through all panes in all windows in all sessions: -```bash -# bash -for s in $(tmux list-sessions -F '#S'); do - for w in $(tmux list-windows -F '#I' -t $s); do - for p in $(tmux list-panes -F '#P' -t $s:$w); do - echo $s:$w.$p - done - done -done -``` - -# Bindings - -```markdown -prefix d detach from current session -prefix c create new window -prefix w open window list -prefix $ rename session -prefix , rename window -prefix . move current window -``` - -Following bindings are specific to my [`tmux.conf`](https://github.com/johannst/dotfiles/blob/master/tmux.conf): -```markdown -C-s prefix - -# Panes -prefix s horizontal split -prefix v vertical split -prefix f toggle maximize/minimize current pane - -# Movement -prefix Tab toggle between window - -prefix h move to pane left -prefix j move to pane down -prefix k move to pane up -prefix l move to pane right - -# Resize -prefix C-h resize pane left -prefix C-j resize pane down -prefix C-k resize pane up -prefix C-l resize pane right - -# Copy/Paste -prefix C-v enter copy mode -prefix C-p paste yanked text -prefix C-b open copy-buffer list - -# In Copy Mode -v enable visual mode -y yank selected text -``` - -# Command mode - -To enter command mode `prefix :`. - -Some useful commands are: -```markdown -setw synchronize-panes on/off enables/disables synchronized input to all panes -list-keys -t vi-copy list keymaps for vi-copy mode -``` diff --git a/src/trace_profile/README.md b/src/trace_profile/README.md new file mode 100644 index 0000000..69d120b --- /dev/null +++ b/src/trace_profile/README.md @@ -0,0 +1 @@ +# Trace and Profile diff --git a/src/trace_profile/ltrace.md b/src/trace_profile/ltrace.md new file mode 100644 index 0000000..cfa3fae --- /dev/null +++ b/src/trace_profile/ltrace.md @@ -0,0 +1,17 @@ +# ltrace(1) + +```markdown +ltrace [opts] [prg] + -f .......... follow child processes on fork(2) + -p .... attach to running process + -o ... log output into + -l . show who calls into lib matched by + -C .......... demangle +``` + +# Example + +List which program/libs call into `libstdc++`: +```bash +ltrace -l '*libstdc++*' -C -o ltrace.log ./main +``` diff --git a/src/trace_profile/oprofile.md b/src/trace_profile/oprofile.md new file mode 100644 index 0000000..7d35283 --- /dev/null +++ b/src/trace_profile/oprofile.md @@ -0,0 +1,14 @@ +# [OProfile](https://oprofile.sourceforge.io/) + +```markdown +operf -g -p + -g ...... caputre call-graph information + +opreport [opt] FILE + show time spent per binary image + -l ...... show time spent per symbol + -c ...... show callgraph information (see below) + -a ...... add column with time spent accumulated over child nodes + +ophelp show supported hw/sw events +``` diff --git a/src/trace_profile/perf.md b/src/trace_profile/perf.md new file mode 100644 index 0000000..57118ed --- /dev/null +++ b/src/trace_profile/perf.md @@ -0,0 +1,56 @@ +# perf(1) + +```markdown +perf list show supported hw/sw events + +perf stat + -p .. show stats for running process + -I ... show stats periodically over interval + -e ... filter for events + +perf top + -p .. show stats for running process + -F ... sampling frequency + -K ........ hide kernel threads + +perf record + -p ............... record stats for running process + -F ................ sampling frequency + --call-graph .. [fp, dwarf, lbr] method how to caputre backtrace + fp : use frame-pointer, need to compile with + -fno-omit-frame-pointer + dwarf: use .cfi debug information + lbr : use hardware last branch record facility + -g ..................... short-hand for --call-graph fp + -e ................ filter for events + +perf report + -n .................... annotate symbols with nr of samples + --stdio ............... report to stdio, if not presen tui mode + -g graph,0.5,caller ... show caller based call chains with value >0.5 +``` + +```markdown +Useful : + page-faults + minor-faults + major-faults + cpu-cycles` + task-clock +``` + +## [`Flamegraph`](https://github.com/brendangregg/FlameGraph) + +### Flamegraph with single event trace +```markdown +perf record -g -e cpu-cycles -p +perf script | FlameGraph/stackcollapse-perf.pl | FlameGraph/flamegraph.pl > cycles-flamegraph.svg +``` + +### Flamegraph with multiple event traces +```markdown +perf record -g -e cpu-cycles,page-faults -p +perf script --per-event-dump +# fold & generate as above +``` + diff --git a/src/trace_profile/strace.md b/src/trace_profile/strace.md new file mode 100644 index 0000000..34abf3b --- /dev/null +++ b/src/trace_profile/strace.md @@ -0,0 +1,32 @@ +# strace(1) + +```markdown +strace [opts] [prg] + -f .......... follow child processes on fork(2) + -p .... attach to running process + -s ... max string size, truncate of longer (default: 32) + -e ... expression for trace filtering + -o ... log output into + -c .......... dump syscall statitics at the end +``` + +```markdown +: + trace=syscall[,syscall] .... trace only syscall listed + trace=file ................. trace all syscall that take a filename as arg + trace=process .............. trace process management related syscalls + trace=signal ............... trace signal related syscalls + signal ..................... trace signals delivered to the process +``` + +# Examples + +Trace `open(2)` & `socket(2)` syscalls for a running process + child processes: +```markdown +strace -f -e trace=open,socket -p +``` + +Trace signals delivered to a running process: +```markdown +strace -f -e signal -p +``` diff --git a/src/trace_profile/time.md b/src/trace_profile/time.md new file mode 100644 index 0000000..be404fb --- /dev/null +++ b/src/trace_profile/time.md @@ -0,0 +1,6 @@ +# /usr/bin/time(1) + +```markdown +# statistics of process run +/usr/bin/time -v +``` diff --git a/src/xxd.md b/src/xxd.md deleted file mode 100644 index cd76f14..0000000 --- a/src/xxd.md +++ /dev/null @@ -1,36 +0,0 @@ -# xxd(1) - -```markdown - xxd [opts] - -p dump continuous hexdump - -r convert hexdump into binary ('revert') - -e dump as little endian mode - -i output as C array -``` - -## ASCII to hex stream -```markdown - echo -n 'aabb' | xxd -p - >> 61616262 -``` - -## Hex to binary stream -```markdown - echo -n '61616262' | xxd -p -r - >> aabb -``` - -## ASCII to binary -```markdown - echo -n '\x7fELF' | xxd -p | xxd -p -r | file -p - - >> ELF -``` - -## ASCII to `C` array (hex encoded) -```markdown - xxd -i <(echo -n '\x7fELF') - >> unsigned char _proc_self_fd_11[] = { - >> 0x7f, 0x45, 0x4c, 0x46 - >> }; - >> unsigned int _proc_self_fd_11_len = 4; -``` diff --git a/src/zsh.md b/src/zsh.md deleted file mode 100644 index ae2a4bc..0000000 --- a/src/zsh.md +++ /dev/null @@ -1,125 +0,0 @@ -# zsh(1) - -## Keybindings - -Change input mode: -```zsh -bindkey -v change to vi keymap -bindkey -e change to emacs keymap -``` - -Define key-mappings: -```zsh -bindkey list mappings in current keymap -bindkey in-str cmd create mapping for `in-str` to `cmd` -bindkey -r in-str remove binding for `in-str` - -# C-v dump code, which can be used in `in-str` -# zle -l list all functions for keybindings -# man zshzle(1) STANDARD WIDGETS: get description of functions -``` - -## Completion - -### Installation - -Completion functions are provided via files and need to be placed in a location -covered by `$fpath`. By convention the completion files are names as `_`. - -A completion skeleton for the command `foo`, stored in `_foo` -```zsh -#compdef _foo foo - -function _foo() { - ... -} -``` - -Alternatively one can install a completion function explicitly by calling `compdef `. - -### Completion Variables - -Following variables are available in Completion functions: -```zsh -$words # array with command line in words -$#words # number words -$CURRENT # index into $words for cursor position -$words[CURRENT-1] # previous word (relative to cursor position) -``` - -### Completion Functions -- `_describe` simple completion, just words + description -- `_arguments` sophisticated completion, allow to specify actions - -#### Completion with [`_describe`][zsh-comp-utils] -```zsh -_describe MSG COMP -``` -- `MSG` simple string with header message -- `COMP` array of completions where each entry is `"opt:description"` - -```zsh -function _foo() { - local -a opts - opts=('bla:desc for bla' 'blu:desc for blu') - _describe 'foo-msg' opts -} -compdef _foo foo - -foo - -- foo-msg -- -bla -- desc for bla -blu -- desc for blu -``` - -#### Completion with [`_arguments`][zsh-comp-utils] -```zsh -_arguments SPEC [SPEC...] -``` -where `SPEC` can have one of the following forms: -- `OPT[DESC]:MSG:ACTION` -- `N:MSG:ACTION` - -Available actions -```zsh -(op1 op2) list possible matches -->VAL set $state=VAL and continue, `$state` can be checked later in switch case -FUNC call func to generate matches -{STR} evaluate `STR` to generate matches -``` - -### Example -Skeleton to copy/paste for writing simple completions. - -Assume a program `foo` with the following interface: -```zsh -foo -c green|red|blue -s low|high -f -d

-h -``` - -The completion handler could be implemented as follows in a file called `_foo`: -```zsh -#compdef _foo foo - -function _foo_color() { - local colors=() - colors+=('green:green color') - colors+=('red:red color') - colors+=('blue:blue color') - _describe "color" colors -} - -function _foo() { - _arguments \ - "-c[define color]:color:->s_color" \ - "-s[select sound]:color:(low high)" \ - "-f[select file]:file:_files" \ - "-d[select dir]:fir:_files -/" \ - "-h[help]" - - case $state in - s_color) _foo_color;; - esac -} -``` - -[zsh-comp-utils]: http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Completion-Functions -- cgit v1.2.3