- 论坛徽章:
- 1
|
原帖由 wingger 于 2006-4-19 13:57 发表
再说一遍,如果你搞不清楚那个程序是如何使系统 reboot 的,只需要 ltrace 一下就知道了。
至于你的系统没装 ltrace,呵呵,那就装一个呀!用完了再删掉。
没这么容易的。至少我觉得是这样。
如果如你说的那样简单的话,你可以试一下。
程序可以这里下载到:
http://www.mikrotik.com/download.html
它的程序做得比较BT。很多时候它不是直接调用库函数。而是自己做一个库,先用自己的程序调用自己的库,再用库调用标准的libc库。
/bin/bash: ./stoper: not found
\h:\w\$ ./stopper
connect failed (errno=111)
\h:\w\$ strace ./stopper
execve("./stopper", ["./stopper"], [/* 17 vars */]) = 0
uname({sys="Linux", node="debian", ...}) = 0
brk(0) = 0x804a510
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1208, ...}) = 0
old_mmap(NULL, 1208, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40017000
close(3) = 0
open("/lib/libumsg.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\257"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=127780, ...}) = 0
old_mmap(NULL, 140204, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40018000
old_mmap(0x40037000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e000) = 0x40037000
old_mmap(0x40038000, 9132, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40038000
close(3) = 0
open("/lib/libuxml++.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\31\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=12952, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4003b000
old_mmap(NULL, 15712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4003c000
old_mmap(0x4003f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x4003f000
close(3) = 0
open("/lib/libuc++.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20V\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=49932, ...}) = 0
old_mmap(NULL, 52132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40040000
old_mmap(0x4004c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x4004c000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320T\1"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1144316, ...}) = 0
old_mmap(NULL, 1150036, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4004d000
old_mmap(0x40160000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x113000) = 0x40160000
old_mmap(0x40164000, 7252, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40164000
close(3) = 0
mprotect(0x40160000, 4096, PROT_READ) = 0
munmap(0x40017000, 120 = 0
brk(0) = 0x804a510
brk(0x806b510) = 0x806b510
brk(0x806c000) = 0x806c000
rt_sigaction(SIGSEGV, {0x4002ab76, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x40075660}, NULL, = 0
rt_sigaction(SIGILL, {0x4002ab76, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x40075660}, NULL, = 0
rt_sigaction(SIGBUS, {0x4002ab76, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x40075660}, NULL, = 0
rt_sigaction(SIGFPE, {0x4002ab76, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x40075660}, NULL, = 0
getsockname(3, 0xbffffabc, [110]) = -1 EBADF (Bad file descriptor)
socket(PF_FILE, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_FILE, path="/tmp/novasock"}, 110) = -1 ECONNREFUSED (Connection refused)
write(2, "connect failed (errno=111)\n", 27connect failed (errno=111)
) = 27
close(3) = 0
exit_group(1) = ? |
|