This is due to kernel hardening in Linux; you can disable this behavior by echo 0 > /proc/sys/kernel/yama/ptrace_scope or by modifying it in /etc/sysctl.d/10-ptrace.conf.
By default, when a program forks, gdb will continue to debug the parent process and the child process will run unimpeded.
If you want to follow the child process instead of the parent process, use the command set follow-fork-mode.
set follow-fork-mode mode Set the debugger response to a program call of fork or vfork. A call to fork or vfork creates a new process. The mode argument can be: parent The original process is debugged after a fork. The child process runs unimpeded. This is the default. child The new process is debugged after a fork. The parent process runs unimpeded. ask gdb 会提示让你选择 parent 还是 child 。
show follow-fork-mode Display the current debugger response to a fork or vfork call. On Linux, if you want to debug both the parent and child processes, use the command set detach-on-fork.
set detach-on-fork mode Tells gdb whether to detach one of the processes after a fork, or retain debugger control over them both. on The child process (or parent process, depending on the value of follow-fork-mode) will be detached and allowed to run independently. This is the default. off Both processes will be held under the control of gdb. One process (child or parent, depending on the value of follow-fork-mode) is debugged as usual, while the other is held suspended.
show detach-on-fork Show whether detach-on-fork mode is on/off.
If you issue a run command to gdb after an exec call executes, the new target restarts. To restart the parent process, use the file command with the parent executable name as its argument. By default, after an exec call executes, gdb discards the symbols of the previous executable image. You can change this behaviour with the set follow-exec-mode command.
set follow-exec-mode mode Set debugger response to a program call of exec. An exec call replaces the program image of a process. follow-exec-mode can be:
new gdb creates a new inferior and rebinds the process to this new inferior. The program the process was running before the exec call can be restarted afterwards by restarting the original inferior. For example:
1 2 3 4 5 6 7 8 9 10 11
(gdb) info inferiors (gdb) info inferior Id Description Executable * 1 <null> prog1 (gdb) run process 12020 is executing new program: prog2 Program exited normally. (gdb) info inferiors Id Description Executable * 2 <null> prog2 1 <null> prog1
same gdb keeps the process bound to the same inferior. The new executable image replaces the previous executable loaded in the inferior. Restarting the inferior after the exec call, with e.g., the run command, restarts the executable the process was running after the exec call. This is the default mode. For example:
1 2 3 4 5 6 7 8 9
(gdb) info inferiors Id Description Executable * 1 <null> prog1 (gdb) run process 12020 is executing new program: prog2 Program exited normally. (gdb) info inferiors Id Description Executable * 1 <null> prog2
%c - Core file size soft resource limit of crashing process (since Linux 2.6.24). %p - insert pid into filename 添加pid %u - insert current uid into filename 添加当前uid %g - insert current gid into filename 添加当前gid %s - insert signal that caused the coredump into the filename 添加导致产生core的信号 %t - insert UNIX time that the coredump occurred into filename 添加core文件生成时的unix时间 %h - insert hostname where the coredump happened into filename 添加主机名 %e - insert coredumping executable name into filename 添加命令名
If the first character of the pattern is a '|', the kernel will treat the rest of the pattern as a command to run. The core dump will be written to the standard input of that program instead of to a file.
Apport的拦截组件默认是关闭的:
Apport itself is running at all times because it collects crash data for whoopsie (see ErrorTracker). However, the crash interception component is still disabled. To enable it permanently, do:
1
sudo nano /etc/apport/crashdb.conf
… and add a hash symbol # in the beginning of the following line:
'problem_types': ['Bug', 'Package'],
To disable crash reporting just remove the hash symbol.
/lib/ld.so
Run-time linker/loader.
/etc/ld.so.conf
File containing a list of directories, one per line, in which to search for libraries.
/etc/ld.so.cache
File containing an ordered list of libraries found in the directories specified in /etc/ld.so.conf, as well as those found in the trusted directories.
The trusted directories:
/lib
/lib64
/usr/lib
/usr/lib64
lddtree (from pax-utils) or readelf -d /bin/ls | grep 'NEEDED'
lsof -p PID | grep mem
1 2 3 4
$ pidof nginx 6920 6919
$ lsof -p 6919 | grep mem
strace -e trace=open myprogram
ldd and lsof show the libraries loaded either directly or at a given moment. They do not account for libraries loaded via dlopen (or discarded by dlclose). You can get a better picture of this using strace.
// 之后就可以使用 std::condition_variable::wait(std::unique_lock<std::mutex>&) 就是 GLIBCXX_3.4.11 的 #include<condition_variable> #include<iostream> #include<mutex> #include<string> #include<thread> std::mutex m; std::condition_variable cv; std::string data; bool ready = false; bool processed = false; voidworker_thread() { // wait until main() sends data std::unique_lock lk(m); cv.wait(lk, []{ return ready; }); // after the wait, we own the lock std::cout << "Worker thread is processing data\n"; data += " after processing"; // send data back to main() processed = true; std::cout << "Worker thread signals data processing completed\n"; // manual unlocking is done before notifying, to avoid waking up // the waiting thread only to block again (see notify_one for details) lk.unlock(); cv.notify_one(); } intmain() { std::thread worker(worker_thread); data = "Example data"; // send data to the worker thread { std::lock_guard lk(m); ready = true; std::cout << "main() signals data ready for processing\n"; } cv.notify_one(); // wait for the worker { std::unique_lock lk(m); cv.wait(lk, []{ return processed; }); } std::cout << "Back in main(), data = " << data << '\n'; worker.join(); }
intmain(){ fun(0); // Run-time error: basic_string::_M_construct null not valid }
其中,fun(0)的0会被视为const char*类型,也就是nullptr,所以在编译期可以通过。 但是运行期会触发string对象的构造错误“basic_string::_M_construct null not valid”。
隐蔽一点的代码:
1 2 3 4 5 6 7 8 9 10 11
char * get_a_string(){ returnnullptr; }
intmain(){ // Attention: Alaways take care that a parameter to a string should not be NULL! fun(get_a_string()); // Run-time error: basic_string::_M_construct null not valid // Better code char * str = get_a_string(); fun(str != NULL? str : ""); }
挂载点:A mount point is a location in the partition used as a root filesystem.
驱动
相关命令一览表
lsblk
lsblk [options] [device...]
list all avaivable or specified block devices.
Reads the sysfs filesystem to gather information.
df
df [OPTION]... [FILE]...
report file system disk space usage on which each FILE resides.
df -T 打印文件系统的类型。
du
du [OPTION]... [FILE]...
estimate file space usage.
quota
quota -s -u user...
display users' disk usage and limits.
quota reports the quotas of all the filesystems listed in /etc/mtab.
For filesystems that are NFS-mounted a call to the rpc.rquotad on the server machine is performed to get the information.
-s, --human-readable
repquota
prints a summary of disc usage and quotas for the specified file system.