doufan9805 2014-09-06 22:07
浏览 695
已采纳

如何从strace输出中解码此信息

I wrote a small go script and traced it using strace though this script, I am trying to fetch audit messages from kernel using netlink protocol, just like like auditd.

Following is the strace output on my go script- http://paste.ubuntu.com/8272760/

I am trying to find the argument that auditd provide to the sendto function. When I run strace on auditd I get following output

sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16

And when I strace my go file I get the following output. I am looking to decode the second argument of this statement

sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17

To be specific

"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 

Now I want to convert this to string or bytes array, is there any way to convert this to string or byte array?

In my actual go code this argument is a byte array.

https://github.com/mozilla/Audit-Go/blob/testing/netlink_old.go#L58

  • 写回答

3条回答 默认 最新

  • duanao3204 2014-09-07 09:45
    关注

    My understanding of your problem is you try to compare what auditd sends to what your program sends by comparing strace output, and you have issues to convert the string provided by strace into a Go []byte datatype.

    The strace output follows the GNU C representation of string literal, whose characters can be escaped as follows:

    \\ Backslash character. 
    \? Question mark character.
    \' Single quotation mark. 
    \" Double quotation mark. 
    \a Audible alert. 
    \b Backspace character. 
    \e <ESC> character. (This is a GNU extension.) 
    \f Form feed. 
    
     Newline character. 
     Carriage return. 
    \t Horizontal tab. 
    \v Vertical tab.
    \o, \oo, \ooo Octal number.
    \xh, \xhh, \xhhh, ... Hexadecimal number.
    

    Note that the number of octal or hex digits can be variable. In Go, characters can also be escaped but the rules are different - see http://golang.org/ref/spec#Rune_literals

    In particular, the octal values are systematically on 3 digits to avoid any ambiguity. To declare a []byte with such a sequence of characters, you will have to write something like this:

    // In strace, it was "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
    wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
    

    Note that the -x option in strace will use fixed-length hex encoding for non-printable characters, which makes the direct usage of these strings easier in a Go program. The -xx option will output hex encoded bytes even for printable characters, which makes it even easier IMO.

    Anyway, it is not necessarily a good style (or even a good idea) to use literal strings to initialize []byte. Strings are for UTF-8 characters, not for binary data.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 (标签-STM32|关键词-智能小车)
  • ¥20 关于#stm32#的问题,请各位专家解答!
  • ¥15 (标签-python)
  • ¥20 搭建awx,试了很多版本都有错
  • ¥15 java corba的客户端该如何指定使用本地某个固定IP去连接服务端?
  • ¥15 activiti工作流问题,求解答
  • ¥15 有人写过RPA后台管理系统么?
  • ¥15 Bioage计算生物学年龄
  • ¥20 如何将FPGA Alveo U50恢复原来出厂设置哇?
  • ¥50 cocos2d-x lua 在mac上接入lua protobuf?