cleanup files
This commit is contained in:
parent
3d9ecdca27
commit
29be1b5000
44
TODO.md
44
TODO.md
@ -1,44 +0,0 @@
|
|||||||
# TODO
|
|
||||||
|
|
||||||
From map proc(5):
|
|
||||||
|
|
||||||
```
|
|
||||||
/proc/[pid]/maps
|
|
||||||
A file containing the currently mapped memory regions and their access permissions. See mmap(2) for some further information about memory
|
|
||||||
mappings.
|
|
||||||
|
|
||||||
Permission to access this file is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2).
|
|
||||||
|
|
||||||
The format of the file is:
|
|
||||||
|
|
||||||
address perms offset dev inode pathname
|
|
||||||
00400000-00452000 r-xp 00000000 08:02 173521 /usr/bin/dbus-daemon
|
|
||||||
00651000-00652000 r--p 00051000 08:02 173521 /usr/bin/dbus-daemon
|
|
||||||
00652000-00655000 rw-p 00052000 08:02 173521 /usr/bin/dbus-daemon
|
|
||||||
00e03000-00e24000 rw-p 00000000 00:00 0 [heap]
|
|
||||||
00e24000-011f7000 rw-p 00000000 00:00 0 [heap]
|
|
||||||
...
|
|
||||||
35b1800000-35b1820000 r-xp 00000000 08:02 135522 /usr/lib64/ld-2.15.so
|
|
||||||
35b1a1f000-35b1a20000 r--p 0001f000 08:02 135522 /usr/lib64/ld-2.15.so
|
|
||||||
35b1a20000-35b1a21000 rw-p 00020000 08:02 135522 /usr/lib64/ld-2.15.so
|
|
||||||
35b1a21000-35b1a22000 rw-p 00000000 00:00 0
|
|
||||||
35b1c00000-35b1dac000 r-xp 00000000 08:02 135870 /usr/lib64/libc-2.15.so
|
|
||||||
35b1dac000-35b1fac000 ---p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so
|
|
||||||
35b1fac000-35b1fb0000 r--p 001ac000 08:02 135870 /usr/lib64/libc-2.15.so
|
|
||||||
35b1fb0000-35b1fb2000 rw-p 001b0000 08:02 135870 /usr/lib64/libc-2.15.so
|
|
||||||
...
|
|
||||||
f2c6ff8c000-7f2c7078c000 rw-p 00000000 00:00 0 [stack:986]
|
|
||||||
...
|
|
||||||
7fffb2c0d000-7fffb2c2e000 rw-p 00000000 00:00 0 [stack]
|
|
||||||
7fffb2d48000-7fffb2d49000 r-xp 00000000 00:00 0 [vdso]
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
1. read file(s) as elf
|
|
||||||
2. extract offset(s) of symbol(s)
|
|
||||||
3. find procs with mappings of those files
|
|
||||||
4. check if symbol-offset falls into any (address-range, offset) of such a mapping
|
|
||||||
5. if so, populate the ebpf map
|
|
||||||
|
|
||||||
Optional:
|
|
||||||
6. trigger, if file is read/mapped?
|
|
@ -1,69 +0,0 @@
|
|||||||
gdb sagt: 0x8de5c0
|
|
||||||
|
|
||||||
DYNAMIC 0x0000000000437dc0
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1464: 00000000008de5c0 1520 OBJECT GLOBAL DEFAULT 24 _PyRuntime
|
|
||||||
|
|
||||||
|
|
||||||
no. 1464 -> 1464*24 = 35136 = 0x 8940
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Programm-Header:
|
|
||||||
Typ Offset VirtAdr PhysAdr
|
|
||||||
DateiGr SpeiGr Flags Ausr.
|
|
||||||
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
|
|
||||||
0x0000000000000268 0x0000000000000268 R 0x8
|
|
||||||
INTERP 0x00000000000002a8 0x00000000004002a8 0x00000000004002a8
|
|
||||||
0x000000000000001c 0x000000000000001c R 0x1
|
|
||||||
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
|
|
||||||
0x0000000000020ad0 0x0000000000020ad0 R 0x1000
|
|
||||||
LOAD 0x0000000000021000 0x0000000000421000 0x0000000000421000
|
|
||||||
0x0000000000258515 0x0000000000258515 R E 0x1000
|
|
||||||
LOAD 0x000000000027a000 0x000000000067a000 0x000000000067a000
|
|
||||||
0x00000000001bd120 0x00000000001bd120 R 0x1000
|
|
||||||
LOAD 0x0000000000437db0 0x0000000000838db0 0x0000000000838db0
|
|
||||||
0x00000000000a56a0 0x00000000000c8c70 RW 0x1000
|
|
||||||
DYNAMIC 0x0000000000437dc0 0x0000000000838dc0 0x0000000000838dc0
|
|
||||||
0x0000000000000230 0x0000000000000230 RW 0x8
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1464: 00000000008de5c0 1520 OBJECT GLOBAL DEFAULT 24 _PyRuntime
|
|
||||||
|
|
||||||
|
|
||||||
00000000008de5c0 - 0x0000000000838dc0 = A5800
|
|
||||||
|
|
||||||
4DE5C0
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
018880
|
|
||||||
|
|
||||||
|
|
||||||
00000000004c9b20
|
|
||||||
|
|
||||||
|
|
||||||
8De5C0
|
|
||||||
|
|
||||||
838DC0
|
|
||||||
|
|
||||||
A4800
|
|
||||||
|
|
||||||
|
|
||||||
gdb sagt 0x8de5c0 zu python3.7
|
|
||||||
|
|
||||||
gdb sagt 7FDD8FF73B20 zu /usr/lib/x86_64-linux-gnu/libpython3.7m.so.1.0
|
|
||||||
|
|
||||||
7FDD8FAAA000-7FDD8FB16000 r--p 00000000 /usr/lib/x86_64-linux-gnu/libpython3.7m.so.1.0
|
|
||||||
7FDD8FB16000-7FDD8FD2B000 r-xp 0006c000 /usr/lib/x86_64-linux-gnu/libpython3.7m.so.1.0
|
|
||||||
7FDD8FD2B000-7FDD8FEC9000 r--p 00281000 /usr/lib/x86_64-linux-gnu/libpython3.7m.so.1.0
|
|
||||||
7FDD8FEC9000-7FDD8FECA000 ---p 0041f000 /usr/lib/x86_64-linux-gnu/libpython3.7m.so.1.0
|
|
||||||
7FDD8FECA000-7FDD8FECE000 r--p 0041f000 /usr/lib/x86_64-linux-gnu/libpython3.7m.so.1.0
|
|
||||||
7FDD8FECE000-7FDD8FF74000 rw-p 00423000 /usr/lib/x86_64-linux-gnu/libpython3.7m.so.1.0
|
|
Loading…
Reference in New Issue
Block a user