device
character(forward)/block(buffered)/network
kernel
resource manger(cpu, memory,)
socklist
uname -r
ls -l /dev|grep ^b
ls -l /dev|grep --color=auto ^c
alias grep= grep --color=auto
netstat -i
netstat -t
kernel
32 bit : 0xC0000000
Monolithic
quich switch beween: threads , processed, spaces
more /proc/$$/maps
$$ current shell
uname -m
cat /proc/kallsyms = nm
kthreadd will create kernel threads
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Oct30 ? 00:00:07 /opt/upstart/sbin/init
root 2 0 0 Oct30 ? 00:00:00 [kthreadd]
root 3 2 0 Oct30 ? 00:00:03 [migration/0]
root 4 2 0 Oct30 ? 00:00:02 [ksoftirqd/0]
root 5 2 0 Oct30 ? 00:00:02 [migration/1]
root 6 2 0 Oct30 ? 00:00:03 [ksoftirqd/1]
root 7 2 0 Oct30 ? 00:00:22 [events/0]
root 8 2 0 Oct30 ? 00:00:33 [events/1]
lsmod | grep ip
modprobe vfat
file vfat.ko
modinfo vfat
modinfo !$ (same arguments)
sharelib in kernal mode is relocatable
module is used
alias rm=mv /trash
/et/modules
chown root .
du -s
make menuconfig
make gconfig
make xconfig
ARCHI=arm make config
alias c=clear
journal file system = diary records transactions, roll back bad transactions
/sys/block/sda/queue> cat scheduler
/sys/block/sda/queue> echo deadline>!$
cat iosched/write_expire
cat iosched/read_expire
strace on 1 pid, ftrace needs to be rebuilt into kernel
/proc> cat cmdline // boot parametres
cat /proc/kallsyms |grep sys_read
gdb -c /proc/kcore
(gdb) x/20i 0xffff81144e70
$$ : current pid
create_proc_entry:
fuse module: file system in user mode
/sbin/syslog-ng is monitoring /proc/kmsg
/var/log/kern.log
syntax-off
dmesg -c //display and clean
!inm
!rm
dmesg -s 100 //size
load average: w, uptime
cat /proc/loadavg
lsmod , cat /proc/modules
echo b > /proc/sysrq-trigger : cause reboot , never touch it
dmesg |grep -v fff
sysrq keyboard to generate core dump
To be able to use the SysRq feature, you need to do
echo "1" > /proc/sys/kernel/sysrq
or add an entry to /etc/sysctl.conf:
kernel.sysrq = 1
# 立即重新启动计算机
echo "b" > /proc/sysrq-trigger
# 立即关闭计算机
echo "o" > /proc/sysrq-trigger
# 导出内存分配的信息 (可以用/var/log/message 查看)
echo "m" > /proc/sysrq-trigger
# 导出当前CPU寄存器信息和标志位的信息
echo "p" > /proc/sysrq-trigger
# 导出线程状态信息
echo "t" > /proc/sysrq-trigger
# 故意让系统崩溃
echo "c" > /proc/sysrq-trigger
# 立即重新挂载所有的文件系统
echo "s" > /proc/sysrq-trigger
# 立即重新挂载所有的文件系统为只读
echo "u" > /proc/sysrq-trigger
dmesg|grep -v fffff|grep S --color=auto
sysctl = proc/sys
before debug : sysctl randomize_va_space=0 to reproduce
kill -l : all signals
unhandled exceptions will cause signal
ulimit -c 121413144
floating exception (core dump)
cat /proc/sys/kernel/coer_uses_piecho
echo 1>/proc/sys/kernel/coer_uses_pid
echo /tmp/coer.%p.%e.%h.%t > /proc/sys/kernel/coer_pattern
%p: pid; %e: executable; %h: host name; %t: tid
echo "|/bin/ls" > /proc/sys/kernel/coer_pattern
#### execute a command when a core dump is generated, using pipe
/proc/sys/kernel/core_pipe
cat /proc/xx/status | grep Trace
ulimit -a
ulimit -t SIGXCPU
normal user can reduce limit but can't increase the limit
mother must call wait4 or child will be zombie and only be killed after mother is killed.
z and defunt are already dead status
/proc/sys = sysctl
ls /proc/pid/cwd
ps aux |grep Ssl : multi thread
ps -L : show threads
Uid : realid effective id set id filesystem id
ls -l /proc/$$/fd
netstat -na|grep
cat /proc/445/fdinfo/3
pos: 30
flags:
:syntax off
gdb -p $$
MEM=`more /proc/xx/status | grep VmSize |cut -d':' -f2 |cut -dk f1`
threads share vm、 heap 、 fd
conditional debug:
if()
__asm("int $3") intel
bkpt ARM
break PPC
gdb ./f
(gdb) r /etc/passwd
Virtual memory = rss +
resident rss = uss + shared0
ls -i /proc/xx/map
cat /proc/partitions
nire /proc/$$/smaps
cat smaps |grep '^[6..7]'
rss
pss:(proportional)
shared_clean:
private_clean:(USS)
ulimit -m 400000
page cache : owner is file
buffer cache : io but not file , owner is device
kill buffer cache , page cache, swap
cat /proc/7/oom_score , high score thread will be killed by oom
dmesg|grep killed
echo f > proc/sysrq-trugger : set up low memory killer
dmesg|grep killed
buffer cache --> page cache
dd of= if=
ls /proc/sys/vm
echo !* : all last parametres
!!
Ctrl + L : clear the shell screen
nm : show symbols
objdump :
file
ldd = objdump -x /bin/ls |grep NEED --color=auto
void _init(void)
{
print("hello");
}
void _fini(void)
{
printf("123");
}
gcc l.c -o l -c -fPIC
ld -shared -soname l.so.1 -o l.so.1.0 -lc l.o
malloc debugging
MALLOC_TRACE=/tmp/xx LD_PRELOAD=$PWD/l.so.1.0 netstat
more /tmp/xx|grep "+ " | wc -l
more /tmp/xx|grep -- "- " | wc -l
vim /usr/inlcude/malloc.h malloc_hook
dlopen: dynamic linking loader
echo 0 > /proc/sys/kernel/raqndomize_va_space
debug without symbols:
gdb core
cat /proc/$$/map > grep xx
screen -x -D
strace -p $$ -vv -i -ttt -f
ltrace
fork unix
clone linux: create process or thread
grep -V
ftrace
ptrace
strace -o /tmp/xx strace -p 23290 -vv -c
tty
trace sshd will get the password
ltrace share parametres with strace
gdb
x/20x %rsp -0x10
x/s
file a
disass main
/etc/
man syslog
logger "123"
tail /var/log/messages