> By the way, how you can find
> mem(*(kw+25*4), "16X") // dumps entry for 'in'
> ?
I read khash and computed the hash for "in",
which was the string you found earlier using
strcmp. It is ('i'*1+'n'*2)%30 == 25.
Russ
Hello Russ,
Your prediction is right as shown below.
ar% acid 1236297
/proc/1236297/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: kw
0x00016120
acid: src(klook)
/sys/src/cmd/rc/var.c:47
42 kenter(SWITCH, "switch");
43 kenter(FN, "fn");
44 }
so strcmp is being called a lot but klook isn't.
that means that klook is looping inside, which
basically means the p->next pointer is pointing
at itself.
final script:
kw
mem(kw, "30X") // dumps hash table
*(kw+25*4)
mem(*(kw+25*4), "16X") // dumps entry for 'in'
*(**(kw+25*4)\s) // should pr
Thanks Russ,
ar% ps
...
none1236297 49979:50 0:00 172K Running validateaddress
...
ar% acid 1236297
/proc/1236297/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: bpset(strcmp)
Waiting...
1236297: exception 50 klook+0x7a MOVL0x8(DX),DX
acid: loop 1
acid pid
bpset(strcmp)
loop 1,20 do { cont(); print("strcmp '", *(*strcmp:s1\s), "' '",
*(*strcmp:s2\s), "'\n"); }
bpdel(strcmp)
also
bpset(klook)
cont();
# wait a while, see if you hit the breakpoint, probably not
DEL (to stop acid if it didn't hit the breakpoint)
bpdel(klook)
if you do hit th
Thanks Erik,
ar% ps -a
...
none1236297 48578:46 0:00 172K Running
validateaddress /mail/lib/validateaddress ar.aichi-u.ac.jp!hatbox
...
ar% ACID -l /sys/lib/acid/truss 1236297
/proc/1236297/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
/sys/lib/acid/truss
acid
On Mon Aug 10 23:59:56 EDT 2009, aris...@ar.aichi-u.ac.jp wrote:
> Thanks Erik.
>
> However I don't know how to truss running process.
>
> Kenji Arisawa
>
for example:
; cat > truss.c
#include
#include
void
main(void)
{
for(;;)
sleep(10*1000);
}
; 8c -FVTw truss.c &&
Thanks Erik.
However I don't know how to truss running process.
Kenji Arisawa
On 2009/08/11, at 2:13, erik quanstrom wrote:
would be interesting to see *(0x16548\s). have you tried truss(1)ing
that process?
- erik
would be interesting to see *(0x16548\s). have you tried truss(1)ing
that process?
- erik
