gpt4 book ai didi

linux - 跟踪和监控包或执行的文件事件?

转载 作者:太空宇宙 更新时间:2023-11-04 11:05:10 24 4
gpt4 key购买 nike

如何在运行 aptana studio 或 php storm 等执行文件时跟踪所有事件?

更多解释

例如很多软件将用户注册信息隐藏到特殊文件中,当执行该软件时,首先软件会读取该文件并检查许可证。我想知道那个文件在哪里?
我使用 ./excutedfile.sh 从命令行执行文件。以及现在如何为此跟踪所有事件。

最佳答案

你能尝试像这样启用过滤的 strace 吗?

$ strace -e trace=open -f gvim
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0", O_RDONLY|O_CLOEXEC) = 3
(... snip ...)
open("/usr/lib/x86_64-linux-gnu/libXdmcp.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/proc/filesystems", O_RDONLY) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
Process 465 attached
[pid 464] open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 5
[pid 464] open("/usr/share/vim/vim74/lang/ja/LC_MESSAGES/vim.mo", O_RDONLY) = 5
[pid 464] open("/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", O_RDONLY) = 5
[pid 464] open("/lib/terminfo/x/xterm-256color", O_RDONLY) = 5
[pid 464] open(".", O_RDONLY) = 5
[pid 464] open("/usr/share/vim/vimrc", O_RDONLY) = 5
[pid 464] open(".", O_RDONLY) = 6
[pid 464] open("/usr/share/vim/vim74/debian.vim", O_RDONLY) = 6
[pid 464] open("/etc/papersize", O_RDONLY|O_NONBLOCK) = 7
[pid 464] open("/etc/papersize", O_RDONLY) = 7
[pid 464] open(".", O_RDONLY) = 6
[pid 464] open("/usr/share/vim/vim74/syntax/syntax.vim", O_RDONLY) = 6
[pid 464] open(".", O_RDONLY) = 7
[pid 464] open("/usr/share/vim/vim74/syntax/synload.vim", O_RDONLY) = 7
[pid 464] open(".", O_RDONLY) = 8
[pid 464] open("/usr/share/vim/vim74/syntax/syncolor.vim", O_RDONLY) = 8
(... tons of output ...)

-e trace=open 是只选择 open(2) 系统调用。我还添加了 -f 来跟踪子进程。

另见:

关于linux - 跟踪和监控包或执行的文件事件?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25542092/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com