I have a large coredumps, say, 120+ Gigabytes.
I need to get program version from it, so I add global constant (pseudo code):
static const char* const = "MAGIC_KEYWORD_FOR_GREPPING_" + MY_PROGRAM_VERSION;
Is it possible to place it to beginning of coredump, so grepping will be faster?
Coredumps are created by the operating system, not by applications that cause them. There is no way for the OS to know the value of some variable in your program. You can adjust the names of your coredumps by setting core_pattern to have the executable name in the coredump's filename included. This man page has the specifiers' description.
It might be that your OS generates coredumps by piping through some application - if cat /proc/sys/kernel/core_pattern returns a string starting with | (for example mine is |/usr/share/apport/apport %p %s %c %P) then you have to adjust the parameters accordingly. See this link for more details
Related
I have a C++ application which uses CCommandLineInfo to parse command line arguments.
One of these arguments is a password which we encrypt in memory with CryptProtectMemory after the application starts.
At that point I want to get rid of the password which is still in plain text available in memory (when I create a memory dump it can be retrieved).
Is there a way to clear the command line arguments? I tried clearing (overwriting with empty strings) __argv but the arguments were still visible in the memory dump.
[edit]
I tried clearing the commandline arguments like this, but that didn't work.
The arguments are still in memory.
for (int i=0; i<__argc; i++)
__argv[i] = "----------------------";
TCHAR* cmdLine = GetCommandLine();
SecureZeroMemory(cmdLine, strlen(cmdLine));
There is a well-known trick/hack to clear the command line from the process memory (see this answer), but even if you apply it you can still easily fetch the command line from e.g. Process Explorer since it makes a copy of it when the process is started. Thus, there is no way to prevent a tool like this from showing the command line.
Having a password as a command line parameter is simply a no-no. The only solution I can think of is to store the password encrypted/hashed (or worst case; unencrypted) in a file and then load that file as a parameter.
I'm afraid cleaning up argv is not enough, as the source of argv is still available using GetCommandLine(). Ultimately this information is stored in RTL_USER_PROCESS_PARAMETERS in Process Environment Block. C runtime will cache this information to argv. Some other library may cache this information too.
You'd better pass your sensitive data with other IPC - shared memory or pipe. Then you need to clean only your memory.
If you still want to locate original command line, here's approximate direction: NtCurrentTeb() to get TEB, then there would be pointer to PEB, and there would be pointer to RTL_USER_PROCESS_PARAMETERS, which finally contains pointer to command-line.
On Linux, one can use command "hwinfo" (after installing it) in Terminal to print a lot of device information. While this is nice, I'd also like to utilize libhd (included in hwinfo) to get device information, device names to be exact. How can one get the name list of all available devices and then print the name list, in C/C++?
From your comment above... If you just wanna know the number of elements from a struct, let's say your struct is hd_data_t, you may use
int nSize = sizeof(hd_data_t)/sizeof(hd_data_t[0]);
I am using int res = system("uname -p"); in my c++ code.
It will give the the result in standard output by using
fprintf(stdout,"execution returned %d.\n",res);
I want to store this result string in a variable, I am unable to store it.
I google it but unable to find proper solution, Can any one tell me the correct way.
First, you don't need to run the uname command programmatically to get your processor. You can simply run the uname(2) syscall (which the uname command invokes). And you could also read and parse /proc/cpuinfo from your program.
If you wanted to read the output of some command, use popen(3) library function.
See also my answer to a related question.
I've got a series of cpp source file and I want to write another program to JUDGE if they can run correctly (give input and compare their output with standart output) . so how to:
call/spawn another program, and give a file to be its standard input
limit the time and memory of the child process (maybe setrlimit thing? is there any examples?)
donot let the process to read/write any file
use a file to be its standard output
compare the output with the standard output.
I think the 2nd and 3rd are the core part of this prob. Is there any way to do this?
ps. system is Linux
To do this right, you probably want to spawn the child program with fork, not system.
This allows you to do a few things. First of all, you can set up some pipes to the parent process so the parent can supply the input to the child, and capture the output from the child to compare to the expected result.
Second, it will let you call seteuid (or one of its close relatives like setreuid) to set the child process to run under a (very) limited user account, to prevent it from writing to files. When fork returns in the parent, you'll want to call setrlimit to limit the child's CPU usage.
Just to be clear: rather than directing the child's output to a file, then comparing that to the expected output, I'd capture the child's output directly via a pipe to the parent. From there the parent can write the data to a file if desired, but can also compare the output directly to what's expected, without going through a file.
std::string command = "/bin/local/app < my_input.txt > my_output_file.txt 2> my_error_file.txt";
int rv = std::system( command.c_str() );
1) The system function from the STL allows you to execute a program (basically as if invoked from a shell). Note that this approach is inherenly insecure, so only use it in a trusted environment.
2) You will need to use threads to be able to achieve this. There are a number of thread libraries available for C++, but I cannot give you recommendation.
[After edit in OP's post]
3) This one is harder. You either have to write a wrapper that monitors read/write access to files or do some Linux/Unix privilege magic to prevent it from accessing files.
4) You can redirect the output of a program (that it thinks goes to the standard output) by adding > outFile.txt after the way you would normally invoke the program (see 1)) -- e.g. otherapp > out.txt
5) You could run diff on the saved file (from 3)) to the "golden standard"/expected output captured in another file. Or use some other method that better fits your need (for example you don't care about certain formatting as long as the "content" is there). -- This part is really dependent on your needs. diff does a basic comparing job well.
How can I set the core file name using c++ code in linux ?
Linux dump core file on binary crash , is it possible to set core dump file name ?
On my system (Ubuntu 10.04 with kernel 2.6.32), man core gives no indication that the naming can be chosen on a process-by-process basis. In can, however, be changed system-wide by modifying /proc/sys/kernel/core_pattern:
By default, a core dump file is named core, but the
/proc/sys/kernel/core_pattern file (since Linux 2.6 and 2.4.21) can
be set to define a template that is used to name core dump files. The
template can contain % specifiers which are sub‐ stituted by the
following values when a core file is created:
%% a single % character
%p PID of dumped process
%u (numeric) real UID of dumped process
%g (numeric) real GID of dumped process
%s number of signal causing dump
%t time of dump, expressed as seconds since the Epoch (00:00h, 1 Jan 1970, UTC)
%h hostname (same as nodename returned by uname(2))
%e executable filename (without path prefix)
%c core file size soft resource limit of crashing process (since Linux 2.6.24)
A single % at the end of the template is dropped from the core
filename, as is the combination of a % followed by any character
other than those listed above. All other characters in the template
become a literal part of the core filename. The template
may include '/' characters, which are interpreted as delimiters for
directory names. The maximum size of the resulting core filename
is 128 bytes (64 bytes in kernels before 2.6.19). The default value
in this file is "core". For backward compatibility, if
/proc/sys/kernel/core_pattern does not include "%p" and
/proc/sys/kernel/core_uses_pid (see below) is non-zero, then .PID
will be appended to the core filename.
I believe this page describes what you're looking for, generally. What you can do is set the way core files are named by changing a magic entry in the proc filesystem:
echo "pattern" > /proc/sys/kernel/core_pattern
where pattern is a printf-like pattern string, documented on the linked page. Doing this from C++ would just entail opening and writing to that file using normal mechanisms. However, you must be root to be able to write to 'core_pattern'.