如何去code从strace的输出信息 [英] How to decode this information from strace output
问题描述
我写了一个小走脚本,并使用strace的追查
虽然这个剧本,我试图获取使用netlink的协议,就像喜欢auditd调用从内核审核的消息。
I wrote a small go script and traced it using strace though this script, I am trying to fetch audit messages from kernel using netlink protocol, just like like auditd.
以下是我的旅途中strace的输出
Following is the strace output on my go script- http://paste.ubuntu.com/8272760/
我试图找到auditd调用提供给sendto函数的自变量。
当我在auditd调用运行strace的我得到以下输出
I am trying to find the argument that auditd provide to the sendto function. When I run strace on auditd I get following output
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
当我与strace我去的文件I得到以下输出。
我期待去code这句话的第二个参数
And when I strace my go file I get the following output. I am looking to decode the second argument of this statement
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
要具体
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
现在我想将其转换为字符串或字节数组,有没有办法将其转换为字符串或字节数组?
Now I want to convert this to string or bytes array, is there any way to convert this to string or byte array?
在我的实际去code这种说法是一个字节数组。
In my actual go code this argument is a byte array.
https://github.com/mozilla/Audit-进入/ BLOB /测试/ netlink_old.go#L58
推荐答案
我对你的问题的理解是你尝试比较发送到你的程序比较strace的输出发送什么什么auditd调用,你有问题,所提供的字符串转换与strace成细末[]字节的数据类型。
My understanding of your problem is you try to compare what auditd sends to what your program sends by comparing strace output, and you have issues to convert the string provided by strace into a Go []byte datatype.
在strace的输出如下字符串的GNU C再presentation文字,其字符可以被转义为如下:
The strace output follows the GNU C representation of string literal, whose characters can be escaped as follows:
\\ Backslash character.
\? Question mark character.
\' Single quotation mark.
\" Double quotation mark.
\a Audible alert.
\b Backspace character.
\e <ESC> character. (This is a GNU extension.)
\f Form feed.
\n Newline character.
\r Carriage return.
\t Horizontal tab.
\v Vertical tab.
\o, \oo, \ooo Octal number.
\xh, \xhh, \xhhh, ... Hexadecimal number.
注意,八进制或十六进制数字的数目是可变的。在围棋,人物也能躲过,但规则是不同的 - 见 http://golang.org/ref/ SPEC#Rune_literals
在具体地,八进制值是系统上3位,以避免任何不确定性。要使用的字符这样的序列声明[]字节,你将不得不这样写:
In particular, the octal values are systematically on 3 digits to avoid any ambiguity. To declare a []byte with such a sequence of characters, you will have to write something like this:
// In strace, it was "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
请注意,在strace的-x选项将使用非打印字符固定长度的十六进制编码,这使得这些字符串在围棋程序更易于直接使用。该-xx选项将输出六角连接codeD甚至是可打印字符字节,这使得它更容易IMO。
Note that the -x option in strace will use fixed-length hex encoding for non-printable characters, which makes the direct usage of these strings easier in a Go program. The -xx option will output hex encoded bytes even for printable characters, which makes it even easier IMO.
无论如何,这不一定是好作风(或者甚至是一个好主意),用文字字符串初始化[]字节。字符串是UTF-8字符,而不是二进制数据。
Anyway, it is not necessarily a good style (or even a good idea) to use literal strings to initialize []byte. Strings are for UTF-8 characters, not for binary data.
这篇关于如何去code从strace的输出信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
