From 21e8db012f8c46f75e43a40da3f3e2676363c291 Mon Sep 17 00:00:00 2001 From: johannst Date: Sat, 14 Mar 2020 18:01:23 +0000 Subject: deploy: 951ccb67565f34a0aa1b23ad6eef647aed5e0b4b --- print.html | 512 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 510 insertions(+), 2 deletions(-) (limited to 'print.html') diff --git a/print.html b/print.html index 0f03c0b..461fa81 100644 --- a/print.html +++ b/print.html @@ -83,7 +83,7 @@ @@ -150,7 +150,206 @@
-

gdb(1)

+

ld.so(8)

+

Environment variables

+
  LD_PRELOAD=<l_so>       colon separated list of libso's to be pre loaded
+  LD_DEBUG=<opts>         comman separated list of debug options
+          =help           list available options
+          =libs           show library search path
+          =files          processing of input files
+          =symbols        show search path for symbol lookup
+          =bindings       show against which definition a symbol is bound
+
+

LD_PRELOAD load & init order

+
  > ldd ./main
+    >> libc.so.6 => /usr/lib/libc.so.6
+
+  > LD_PRELOAD=liba.so:libb.so ./main
+             -->
+      preloaded in this order
+             <--
+      initialized in this order
+
+  - preload order determines the order libs are inserted into the link map
+
+  - resulting link map:
+      +------+    +------+    +------+    +------+
+      | main | -> | liba | -> | libb | -> | libc |
+      +------+    +------+    +------+    +------+
+
+  - see preload and init order in action
+    > LD_DEBUG=files LD_PRELOAD=liba.so:libb.so ./main
+      # load order (-> determines link map)
+      >> file=liba.so [0];  generating link map
+      >> file=libb.so [0];  generating link map
+      >> file=libc.so.6 [0];  generating link map
+
+      # init order
+      >> calling init: /usr/lib/libc.so.6
+      >> calling init: <path>/libb.so
+      >> calling init: <path>/liba.so
+      >> initialize program: ./main
+
+  - see the symbol lookup in action and therefore the link map order
+    > LD_DEBUG=symbols,bindings LD_PRELOAD=liba.so:libb.so ./main
+      >> symbol=memcpy;  lookup in file=./main [0]
+      >> symbol=memcpy;  lookup in file=<path>/liba.so [0]
+      >> symbol=memcpy;  lookup in file=<path>/libb.so [0]
+      >> symbol=memcpy;  lookup in file=/usr/lib/libc.so.6 [0]
+      >> binding file ./main [0] to /usr/lib/libc.so.6 [0]: normal symbol
+         `memcpy' [GLIBC_2.14]
+
+

dynamic linking (x86_64)

+
  - dynamic linking basically works via one indirect jump. It uses a
+    combination of function trampolines (.plt) and a function pointer table
+    (.got.plt). On the first call the trampoline sets up some metadata and
+    then jumps to the ld.so runtime resolve function, which in turn patches
+    the table with the correct function pointer.
+      .plt ....... contains function trampolines, usually located in code
+                   segment (rx permission)
+      .got.plt ... hold the function pointer table
+
+  - following r2 dump shows this
+      - [0x00401030] indirect jump for 'puts' using function pointer in
+        _GLOBAL_OFFSET_TABLE_[3]
+      - initially points to instruction behind 'puts' trampoline [0x00401036]
+      - this pushes relocation index and then jumps to the first trampoline
+        [0x00401020]
+      - the first trampoline jumps to _GLOBAL_OFFSET_TABLE_[2] which will be
+        filled at program startup by the ld.so with its resolve function
+      - the resolve function fixes the relocation referenced by the
+        relocation index pushed by the 'puts' trampoline
+      - the relocation entry tells the resolve function which symbol to
+        search for and where to put the function pointer
+          > readelf -r <main>
+            >> Relocation section '.rela.plt' at offset 0x4b8 contains 1 entry:
+            >>   Offset          Info           Type           Sym. Value    Sym. Name + Addend
+            >> 000000404018  000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0
+          - offset points to _GLOBAL_OFFSET_TABLE_[3]
+
+      [0x00401040]> pd 4 @ section..got.plt
+                  ;-- section..got.plt:
+                  ;-- .got.plt:    ; [22] -rw- section size 32 named .got.plt
+                  ;-- _GLOBAL_OFFSET_TABLE_:
+                  0x00404000      .qword 0x0000000000403e10 ; section..dynamic ; obj._DYNAMIC
+                  0x00404008      .qword 0x0000000000000000
+                  ; CODE XREF from section..plt @ +0x6
+                  0x00404010      .qword 0x0000000000000000
+                  ;-- reloc.puts:
+                  ; CODE XREF from sym.imp.puts @ 0x401030
+                  0x00404018      .qword 0x0000000000401036                  ; RELOC 64 puts
+
+      [0x00401040]> pd 6 @ section..plt
+                  ;-- section..plt:
+                  ;-- .plt:       ; [12] -r-x section size 32 named .plt
+              ┌─> 0x00401020      ff35e22f0000   push qword [0x00404008]
+              ╎   0x00401026      ff25e42f0000   jmp qword [0x00404010]
+              ╎   0x0040102c      0f1f4000       nop dword [rax]
+      ┌ 6: int sym.imp.puts (const char *s);
+      └       ╎   0x00401030      ff25e22f0000   jmp qword [reloc.puts]
+              ╎   0x00401036      6800000000     push 0
+              └─< 0x0040103b      e9e0ffffff     jmp sym..plt
+
+

git(1)

+

Misc

+
  git add -p [<file>] ............ partial staging (interactive)
+
+

remote

+
  git remote -v .................. list remotes verbose (with URLs)
+  git remote show [-n] <remote> .. list info for <remote> (like remote HEAD,
+                                   remote branches, tracking mapping)
+
+

branching

+
  git branch [-a] ................ list available branches; -a to include
+                                   remote branches
+  git branch -vv ................. list branch & annotate with head sha1 &
+                                   remote tracking branch
+  git branch <bname> ............. create branch with name <bname>
+  git checkout <bname> ........... switch to branch with name <bname>
+  git push -u origin <rbname> .... push branch to origin (or other remote), and
+                                   setup <rbname> as tracking branch
+
+

resetting

+
  git reset [opt] <ref|commit>
+    opt:
+      --mixed .................... resets index, but not working tree
+      --hard ..................... matches the working tree and index to that
+                                   of the tree being switched to any changes to
+                                   tracked files in the working tree since
+                                   <commit> are lost
+  git reset HEAD <file> .......... remove file from staging
+  git reset --soft HEAD~1 ........ delete most recent commit but keep work
+  git reset --hard HEAD~1 ........ delete most recent commit and delete work
+
+

tags

+
  git tag -a <tname> -m "descr" ........ creates an annotated tag (full object
+                                         containing tagger, date, ...)
+  git tag -l ........................... list available tags
+  git checkout tag/<tname> ............. checkout specific tag
+  git checkout tag/<tname> -b <bname> .. checkout specific tag in a new branch
+
+

diff

+
  git diff HEAD:<fname> origin/HEAD:<fname> ... diff files for different refs
+  git diff -U$(wc -l <fname>) <fname> ......... shows complete file with diffs
+                                                instead of usual diff snippets
+
+

log

+
  git log --oneline .... shows log in single line per commit -> alias for
+                         '--pretty=oneline --abbrev-commit'
+  git log --graph ...... text based graph of commit history
+  git log --decorate ... decorate log with REFs
+
+

patching

+
  git format-patch <opt> <since>/<revision range>
+    opt:
+      -N ................... use [PATCH] instead [PATCH n/m] in subject when
+                             generating patch description (for patches spanning
+                             multiple commits)
+      --start-number <n> ... start output file generation with <n> as start
+                             number instead '1'
+    since spcifier:
+      -3 .................. e.g: create a patch from last three commits
+      <comit hash> ........ create patch with commits starting after <comit hash>
+
+  git am <patch> ......... apply patch and create a commit for it
+
+  git apply --stat <PATCH> ... see which files the patch would change
+  git apply --check <PATCH> .. see if the patch can be applied cleanly
+  git apply <PATCH> .......... apply the patch locally without creating a commit
+
+  # eg: generate patches for each commit from initial commit on
+  git format-patch -N $(git rev-list --max-parents=0 HEAD)
+
+  # generate single patch file from a certain commit/ref
+  git format-patch <COMMIT/REF> --stdout > my-patch.patch
+
+

submodules

+
  git submodule add <url> [<path>] .......... add new submodule to current project
+  git clone --recursive <url> ............... clone project and recursively all
+                                              submodules (same as using
+                                              'git submodule update --init
+                                              --recursive' after clone)
+  git submodule update --init --recursive ... checkout submodules recursively
+                                              using the commit listed in the
+                                              super-project (in detached HEAD)
+  git submodule update --remote <submod> .... fetch & merge remote changes for
+                                              <submod>, this will pull
+                                              origin/HEAD or a branch specified
+                                              for the submodule
+
+

inspection

+
  git ls-tree [-r] <ref> .... show git tree for <ref>, -r to recursively ls sub-trees
+  git show <obj> ............ show <obj>
+  git cat-file -p <obj> ..... print content of <obj>
+
+

revision_range

+
  HEAD ........ last commit
+  HEAD~1 ...... last commit-1
+  HEAD~N ...... last commit-N (linear backwards when in tree structure, check
+                difference between HEAD^ and HEAD~)
+  git rev-list --max-parents=0 HEAD ........... first commit
+
+

gdb(1)

CLI

  gdb [opts] [prg [-c coredump | -p pid]]
   gdb [opts] --args prg <prg-args>
@@ -279,6 +478,315 @@ which calls finish.

   command
   handler
   end
+
+

radare2(1)

+

print

+

+  pd <n> [@ <addr>]     # print disassembly for <n> instructions
+                        # with optional temporary seek to <addr>
+
+

flags

+
  fs            # list flag-spaces
+  fs <fs>       # select flag-space <fs>
+  f             # print flags of selected flag-space
+
+

help

+
  ?*~<kw>       # '?*' list all commands and '~' grep for <kw>
+  ?*~...        # '..' less mode /'...' interactive search
+
+

relocation

+
  > r2 -B <baddr> <exe>         # open <exe> mapped to addr <baddr>
+  oob <addr>                    # reopen current file at <baddr>
+
+

emacs(1)

+

help

+
  C-h f                 describe function
+  C-h b                 list buffer available keymaps
+  <kseq> C-h            list possible keymaps with <kseq>
+                        eg C-x C-h -> list keymaps beginning with C-x
+
+

window

+
  C-x 0         kill focused window
+  C-x 1         kill all other windows
+  C-x 2         split horizontal
+  C-x 3         split vertical
+
+

block/rect

+
  C-x <SPC>                     activate rectangle-mark-mode
+  M-x string-rectangle <RET>    insert text in marked rect
+
+

mass edit

+
  C-x h                                 mark whole buffer (mark-whole-buffer)
+  M-x delete-matching-line <RET>        delete lines matching regex
+  M-x %                                 search & replace region (query-replace)
+  C-M-x %                               search & replace regex (query-replace-regexp)
+
+

grep

+
  M-x find-grep <RET>           run find-grep result in *grep* buffer
+  n/p                           navigate next/previous match in *grep* buffer
+
+

lisp mode

+
  M-x lisp-interaction-mode     activate lisp mode
+  C-M-x                         evaluate top expr under cursor
+  C-x C-e                       eval-last-sexp
+  C-u C-x C-e                   eval-last-sexp and prints result in current buffer
+
+

narrow

+
  C-x n n               show only focused region (narrow)
+  C-x n w               show whole buffer (wide)
+
+

org

+
  M-up/M-down           re-arrange items in same hierarchy
+  M-left/M-right        change item hierarchy
+  C-RET                 create new item below current
+  C-S-RET               create new TODO item below current
+  S-left/S-right        cycle TODO states
+
+

org source

+
  <s TAB                generate a source block
+  C-c '                 edit source block (in lang specific buffer)
+  C-c C-c               eval source block
+
+

fish(1)

+

keymaps

+
  Shift-Tab ........... tab-completion with search
+  Alt-Up / Alt-Down ... search history with token under the cursor
+  Alt-l ............... list content of dir under cursor
+  Alt-p ............... append '2>&1 | less;' to current cmdline
+
+

debug

+
  status print-stack-trace .. prints function stacktrace (can be used in scripts)
+  breakpoint ................ halt script execution and gives shell (C-d | exit
+                              to continue)
+
+

strace(1)

+
strace [opts] [prg]
+  -f .......... follow child processes on fork(2)
+  -p <pid> .... attach to running process
+  -s <size> ... max string size (default: 32)
+  -e <expr> ... expression for trace filtering
+  -o <file> ... log output into <file>
+  -c .......... dump syscall statitics at the end
+
+
<expr>:
+  trace=syscall[,syscall] .... trace only syscall listed
+  trace=file ................. trace all syscall that take a filename as arg
+  trace=process .............. trace process management related syscalls
+  trace=signal ............... trace signal related syscalls
+  signal ..................... trace signals delivered to the process
+
+

Examples

+

Trace 'open & socket syscalls for a running process + childs.

+
strace -f -p <pid> -e trace=open,socket
+
+

Trace signals delivered to a running process.

+
strace -f -p <pid> -e signal
+
+

lsof(8)

+
lsof
+  -a ......... AND slection filters instead ORing (OR: default)
+  -p <pid> ... list open file descriptors for process
+  +fg ........ show file flags for file descripros
+  -n ......... don't convert network addr to hostnames
+  -P ......... don't convert network port to know service names
+  -i <@h[:p]>. show connections to h (hostname|ip addr) with optional port p
+
+
file flags:
+  R/W/RW ..... read/write/read-write
+  CR ......... create
+  AP ......... append
+  TR ......... truncate
+
+

Examples

+

Show open files with file flags:

+
lsof +fg -p <pid>
+
+

Show open tcp connections from user:

+
lsof -a -u $USER -i tcp
+
+

Show open connections to 'localhost' for user:

+
lsof -a -u $USER -i @localhost
+
+

pidstat(1)

+

Trace minor/major page faults.

+
pidstat -r -p <pid> [interval]
+  minor_pagefault: happens when the page needed is already in memory but not
+                   allocated to the faulting process, in that case the kernel
+                   only has to create a new page-table entry pointing to the
+                   shared physical page
+  major_pagefault: happends when the page needed is NOT in memory, the kernel
+                   has to create a new page-table entry and populate the
+                   physical page
+
+

/usr/bin/time(1)

+
# statistics of process run
+/usr/bin/time -v <cmd>
+
+

pmap(1)

+
pmap <pid>
+  ............. dump virtual memory map of process.
+                compared to /proc/<pid>/maps it shows the size of the mappings
+
+

pstack(1)

+
pstack <pid>
+  ............. dump current stack of process + threads
+
+

perf(1)

+
perf list
+  ......... show supported hw/sw events
+
+perf stat
+  -p <pid> .. show stats for running process
+  -I <ms> ... show stats periodically over interval <ms>
+  -e <ev> ... filter for events
+
+perf top
+  -p <pid> .. show stats for running process
+  -F <hz> ... sampling frequency
+  -K ........ hide kernel threads
+
+perf record
+  -p <pid> ............... record stats for running process
+  -F <hz> ................ sampling frequency
+  --call-graph <method> .. [fp, dwarf, lbr] method how to caputre backtrace
+                           fp   : use frame-pointer, need -fno-omit-frame-pointer
+                           dwarf: use .cfi debug information
+                           lbr  : use hardware last branch record facility
+  -g ..................... short-hand for --call-graph fp
+  -e <ev> ................ filter for events
+
+perf report
+  -n .................... annotate symbols with nr of samples
+  --stdio ............... report to stdio, if not presen tui mode
+  -g graph,0.5,caller ... show caller based call chains with value >0.5
+
+

Useful perf events

+
useful <ev>:
+  page-faults
+  minor-faults
+  major-faults
+  cpu-cycles`
+  task-clock
+
+

Flamegraph

+
# flamegraph for single event trace
+perf record -g -p <pid> -e cpu-cycles
+perf script | FlameGraph/stackcollapse-perf.pl | FlameGraph/flamegraph.pl > cycles-flamegraph.svg
+
+# flamegraphs for multiple events trace
+perf record -g -p <pid> -e cpu-cycles,page-faults
+perf script --per-event-dump
+# fold & generate as above
+
+

OProfile

+
operf -g -p <pid>
+  -g ...... caputre call-graph information
+
+opreport [opt] FILE
+     ...... show time spent per binary image
+  -l ...... show time spent per symbol
+  -c ...... show callgraph information (see below)
+  -a ...... add column with time spent accumulated over child nodes
+
+ophelp
+     ...... show supported hw/sw events
+
+

od(1)

+
  od [opts] <file>
+    -An         don't print addr info
+    -tx4        print hex in 4 byte chunks
+    -ta         print as named character
+    -tc         printable chars or backslash escape
+    -w4         print 4 bytes per line
+    -j <n>      skip <n> bytes from <file> (hex if start with 0x)
+    -N <n>      dump <n> bytes (hex of start with 0x)
+
+

ascii chars to hex string

+
  echo -n AAAABBBB | od -An -w4 -tx4
+    >> 41414141
+    >> 42424242
+
+  echo -n '\x7fELF\n' | od -tx1 -ta -tc
+    >> 0000000  7f  45  4c  46  0a      # tx1
+    >>         del   E   L   F  nl      # ta
+    >>         177   E   L   F  \n      # tc
+
+

extract part of file (eg .rodata section form ELF)

+
  readelf -W -S foo
+    >> Section Headers:
+    >> [Nr] Name              Type            Address          Off    Size   ES Flg Lk Inf Al
+    >> ...
+    >> [15] .rodata           PROGBITS        00000000004009c0 0009c0 000030 00   A  0   0 16
+  od -j 0x0009c0 -N 0x30 -tx4 -w4 foo
+    >> 0004700 00020001
+    >> 0004704 00000000
+    >> *
+    >> 0004740 00000001
+    >> 0004744 00000002
+    >> 0004750 00000003
+    >> 0004754 00000004
+
+

xxd(1)

+
  xxd [opts]
+    -p          dump continuous hexdump
+    -r          convert hexdump into binary ('revert')
+    -e          dump as little endian mode
+    -i          output as C array
+
+

from ascii to hex stream

+
  echo -n 'aabb' | xxd -p
+    >> 61616262
+
+

from hex stream to binary stream

+
  echo -n '61616262' | xxd -p -r
+    >> aabb
+
+

ascii to binary

+
  echo -n '\x7fELF' | xxd -p | xxd -p -r | file -p -
+    >> ELF
+
+

ascii to C array (hex encoded)

+
  xxd -i <(echo -n '\x7fELF')
+    >> unsigned char _proc_self_fd_11[] = {
+    >>   0x7f, 0x45, 0x4c, 0x46
+    >> };
+    >> unsigned int _proc_self_fd_11_len = 4;
+
+

readelf(1)

+
  readelf [opts] <elf>
+    -W|--wide     wide output, dont break output at 80 chars
+    -h            print ELF header
+    -S            print section headers
+    -l            print program headers + segment mapping
+    -d            print .dynamic section (dynamic link information)
+    --syms        print symbol tables (.symtab .dynsym)
+    --dyn-syms    print dynamic symbol table (exported symbols for dynamic linker)
+    -r            print relocation sections (.rel.*, .rela.*)
+
+

objdump(1)

+
  objdump [opts] <elf>
+    -M intel                use intil syntax
+    -d                      disassemble text section
+    -D                      disassemble all sections
+    -S                      mix disassembly with source code
+    -C                      demangle
+    -j <section>            display info for section
+    --[no-]show-raw-insn    [dont] show object code next to disassembly
+
+

Disassemble .plt section

+
  objdump -j .plt -d <elf>
+
+

nm(1)

+
  nm [opts] <elf>
+    -C          demangle
+    -u          undefined only
+
+

c++filt(1)

+

demangle symbol

+
  c++-filt <symbol_str>
+
+

demangle stream (eg dynamic symbol table)

+
  readelf -W --dyn-syms <elf> | c++filt
-- cgit v1.2.3