At 9:26 AM -0800 3/1/09, Bill Landry wrote:
>Tom Shaw wrote:
>>>>>
>>>> What does this output:
> >>> $ echo PING | strace socat - /var/tmp/clamd.socket
>>>> $ echo -ne "nPING\n" | strace socat - /var/tmp/clamd.socket
> >> Edwin,
>>>
>>> OSX doesn't come with strace. I'll download a
>>> copy from sourceforge and report back.
>>
>> strace reports no support of darwin :-( Any other suggestions?
>>
>> Tom
>
>Does darwin support "truss" (man truss)?
The equivalent is dtruss.
pike:~ tshaw$ echo PING | sudo dtruss socat - /var/tmp/clamd.socket
SYSCALL(args) = return
issetugid(0x0, 0x0, 0x0) = 0 0
__sysctl(0xBFFFE88C, 0x2, 0xBFFFE894) = 0 0
__sysctl(0xBFFFE894, 0x2, 0xBFFFE938) = 0 0
shared_region_check_np(0xBFFFE9D0, 0xBFFFE938, 0xBFFFE93C) = 0 0
getpid(0xBFFFE9D0, 0xBFFFE938, 0xBFFFE93C) = 17275 0
__sysctl(0xBFFFE9D8, 0x3, 0xBFFFE9AC) = 0 0
__sysctl(0xBFFFE9D8, 0x3, 0xBFFFE9B8) = 0 0
stat("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0xBFFFC9F0,
0xBFFFE4A8) = 0 0
open("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0x0, 0x0) = 3 0
pread(0x3, "\312\376\272\276\0", 0x1000, 0x0) = 4096 0
pread(0x3, "\376\355\372\316\0", 0x1000, 0x1000) = 4096 0
mmap(0x3E000, 0x1000, 0x5, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x3E000 0
mmap(0x3F000, 0x1000, 0x3, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x3F000 0
mmap(0x40000, 0x1A10, 0x1, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x40000 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFC038) = 0 0
close(0x3) = 0 0
stat("/usr/lib/libwrap.7.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
open("/usr/lib/libwrap.7.dylib\0", 0x0, 0x0) = 3 0
pread(0x3, "\312\376\272\276\0", 0x1000, 0x0) = 4096 0
pread(0x3, "\376\355\372\316\0", 0x1000, 0x1000) = 4096 0
mmap(0x42000, 0x5000, 0x5, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x42000 0
mmap(0x47000, 0x1000, 0x3, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x47000 0
mmap(0x48000, 0x2BC0, 0x1, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x48000 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFBDE8) = 0 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFBDE8) = 0 0
close(0x3) = 0 0
stat("/usr/lib/libutil.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
open("/usr/lib/libutil.dylib\0", 0x0, 0x0) = 3 0
pread(0x3, "\312\376\272\276\0", 0x1000, 0x0) = 4096 0
pread(0x3, "\376\355\372\316\0", 0x1000, 0x1000) = 4096 0
mmap(0x4B000, 0x3000, 0x5, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x4B000 0
mmap(0x4E000, 0x1000, 0x3, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x4E000 0
mmap(0x4F000, 0x2180, 0x1, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x4F000 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFBDA8) = 0 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFBDA8) = 0 0
close(0x3) = 0 0
stat("/usr/lib/libresolv.9.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
stat("/usr/lib/libssl.0.9.7.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
stat("/usr/lib/libcrypto.0.9.7.dylib\0", 0xBFFFC750, 0xBFFFE208)
= 0 0
stat("/usr/lib/libgcc_s.1.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
stat("/usr/lib/libSystem.B.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
stat("/usr/lib/system/libmathCommon.A.dylib\0", 0xBFFFC470,
0xBFFFDF28) = 0 0
__sysctl(0xBFFFE7E8, 0x3, 0xBFFFE7D8) = 0 0
open("/dev/dtracehelper\0", 0x2, 0xBFFFE7D8) = 3 0
ioctl(0x3, 0x80086804, 0xBFFFE7E0) = 0 0
close(0x3) = 0 0
__sysctl(0xBFFFE7E8, 0x3, 0xBFFFE7D8) = 0 0
__sysctl(0xBFFFE628, 0x2, 0xBFFFE620) = 0 0
bsdthread_register(0x9300FEE8, 0x9304B078, 0x1000) = 0 0
open_nocancel("/dev/urandom\0", 0x0, 0x1000) = 3 0
read_nocancel(0x3,
"#(Z<\304EU\326mw\035\207\023PL\024\365\b\244:'\247[\373\020\302/T\331\230\3172\0",
0x20) = 32 0
close_nocancel(0x3) = 0 0
mmap(0x0, 0x3000, 0x3, 0x1002, 0x1000000, 0xFEEDFACEDEAFBEAD)
= 0x52000 0
mmap(0x0, 0x200000, 0x3, 0x1002, 0x7000000, 0xFEEDFACEDEAFBEAD)
= 0x55000 0
munmap(0x55000, 0xAB000) = 0 0
munmap(0x200000, 0x55000) = 0 0
mmap(0x0, 0x3000, 0x3, 0x1002, 0x1000000, 0xFEEDFACEDEAFBEAD)
= 0x55000 0
getpid(0x0, 0x3000, 0x3) = 17275 0
mmap(0x0, 0x1000000, 0x3, 0x1002, 0x2000000, 0xFEEDFACEDEAFBEAD)
= 0x200000 0
munmap(0x200000, 0x600000) = 0 0
munmap(0x1000000, 0x200000) = 0 0
getuid(0x1000000, 0x200000, 0x3) = 0 0
mmap(0x0, 0x200000, 0x3, 0x1002, 0x7000000, 0xFEEDFACEDEAFBEAD)
= 0x200000 0
munmap(0x300000, 0x100000) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF5C6) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF6C6) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF7C6) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF8C6) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF9C6) = 0 0
sigaction(0x1, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0x2, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0x3, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0x4, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0xA, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0x8, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0xB, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0xF, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0xD, 0xBFFFF448, 0xBFFFF4B4) = 0 0
ioctl(0x0, 0x4004667A, 0xBFFFF318) = -1 Err#25
ioctl(0x0, 0x402C7413, 0xBFFFF31C) = -1 Err#25
ioctl(0x1, 0x4004667A, 0xBFFFF318) = 0 0
ioctl(0x1, 0x402C7413, 0x800CFC) = 0 0
stat64("/var/tmp/clamd.socket\0", 0xBFFFF1E8, 0x1004C0) = 0 0
socket(0x1, 0x1, 0x0) = 3 0
fcntl(0x3, 0x2, 0x1) = 0 0
connect(0x3, 0xBFFFF16C, 0x17) = 0 0
getsockname(0x3, 0xBFFFEE28, 0xBFFFEE94) = 0 0
getsockname(0x3, 0xBFFFF2C4, 0xBFFFF2C0) = 0 0
mmap(0x0, 0x5000, 0x3, 0x1002, 0x3000000, 0xFEEDFACEDEAFBEAD)
= 0x58000 0
select(0x4, 0xBFFFF2C8, 0xBFFFF348, 0xBFFFF3C8, 0x0) = 3 0
dtrace: error on enabled probe ID 1741 (ID 13125:
syscall::read:return): invalid address (0x58000) in action #12 at DIF
offset 52
write(0x3, "PING\n\0", 0x5) = 5 0
select(0x4, 0xBFFFF2C8, 0xBFFFF348, 0xBFFFF3C8, 0x0) = 2 0
dtrace: error on enabled probe ID 1741 (ID 13125:
syscall::read:return): invalid address (0x58000) in action #12 at DIF
offset 52
shutdown(0x3, 0x1, 0x3) = 0 0
select(0x4, 0xBFFFF2C8, 0xBFFFF348, 0xBFFFF3C8, 0xBFFFF4DC) = 1 0
dtrace: error on enabled probe ID 1741 (ID 13125:
syscall::read:return): invalid address (0x58000) in action #12 at DIF
offset 52
shutdown(0x3, 0x1, 0x3) = -1 Err#57
ioctl(0x1, 0x802C7414, 0x800CFC) = 0 0
shutdown(0x3, 0x2, 0x3) = -1 Err#57
pike:~ tshaw$ echo -ne "nPING\n" | sudo dtruss socat - /var/tmp/clamd.socket
SYSCALL(args) = return
issetugid(0x0, 0x0, 0x0) = 0 0
__sysctl(0xBFFFE88C, 0x2, 0xBFFFE894) = 0 0
__sysctl(0xBFFFE894, 0x2, 0xBFFFE938) = 0 0
shared_region_check_np(0xBFFFE9D0, 0xBFFFE938, 0xBFFFE93C) = 0 0
getpid(0xBFFFE9D0, 0xBFFFE938, 0xBFFFE93C) = 17299 0
__sysctl(0xBFFFE9D8, 0x3, 0xBFFFE9AC) = 0 0
__sysctl(0xBFFFE9D8, 0x3, 0xBFFFE9B8) = 0 0
stat("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0xBFFFC9F0,
0xBFFFE4A8) = 0 0
open("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0x0, 0x0) = 3 0
pread(0x3, "\312\376\272\276\0", 0x1000, 0x0) = 4096 0
pread(0x3, "\376\355\372\316\0", 0x1000, 0x1000) = 4096 0
mmap(0x3E000, 0x1000, 0x5, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x3E000 0
mmap(0x3F000, 0x1000, 0x3, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x3F000 0
mmap(0x40000, 0x1A10, 0x1, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x40000 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFC038) = 0 0
close(0x3) = 0 0
stat("/usr/lib/libwrap.7.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
open("/usr/lib/libwrap.7.dylib\0", 0x0, 0x0) = 3 0
pread(0x3, "\312\376\272\276\0", 0x1000, 0x0) = 4096 0
pread(0x3, "\376\355\372\316\0", 0x1000, 0x1000) = 4096 0
mmap(0x42000, 0x5000, 0x5, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x42000 0
mmap(0x47000, 0x1000, 0x3, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x47000 0
mmap(0x48000, 0x2BC0, 0x1, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x48000 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFBDE8) = 0 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFBDE8) = 0 0
close(0x3) = 0 0
stat("/usr/lib/libutil.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
open("/usr/lib/libutil.dylib\0", 0x0, 0x0) = 3 0
pread(0x3, "\312\376\272\276\0", 0x1000, 0x0) = 4096 0
pread(0x3, "\376\355\372\316\0", 0x1000, 0x1000) = 4096 0
mmap(0x4B000, 0x3000, 0x5, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x4B000 0
mmap(0x4E000, 0x1000, 0x3, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x4E000 0
mmap(0x4F000, 0x2180, 0x1, 0x12, 0x3, 0xFEEDFACEDEAFBEAD)
= 0x4F000 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFBDA8) = 0 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFBDA8) = 0 0
close(0x3) = 0 0
stat("/usr/lib/libresolv.9.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
stat("/usr/lib/libssl.0.9.7.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
stat("/usr/lib/libcrypto.0.9.7.dylib\0", 0xBFFFC750, 0xBFFFE208)
= 0 0
stat("/usr/lib/libgcc_s.1.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
stat("/usr/lib/libSystem.B.dylib\0", 0xBFFFC750, 0xBFFFE208) = 0 0
stat("/usr/lib/system/libmathCommon.A.dylib\0", 0xBFFFC470,
0xBFFFDF28) = 0 0
__sysctl(0xBFFFE7E8, 0x3, 0xBFFFE7D8) = 0 0
open("/dev/dtracehelper\0", 0x2, 0xBFFFE7D8) = 3 0
ioctl(0x3, 0x80086804, 0xBFFFE7E0) = 0 0
close(0x3) = 0 0
__sysctl(0xBFFFE7E8, 0x3, 0xBFFFE7D8) = 0 0
__sysctl(0xBFFFE628, 0x2, 0xBFFFE620) = 0 0
bsdthread_register(0x9300FEE8, 0x9304B078, 0x1000) = 0 0
open_nocancel("/dev/urandom\0", 0x0, 0x1000) = 3 0
read_nocancel(0x3,
"K\231\255\\\016s\215\322\366\2554c\201dOt\331\232\b\227\3128\253\244\217J=\006hT\336\261\0",
0x20) = 32 0
close_nocancel(0x3) = 0 0
mmap(0x0, 0x3000, 0x3, 0x1002, 0x1000000, 0xFEEDFACEDEAFBEAD)
= 0x52000 0
mmap(0x0, 0x200000, 0x3, 0x1002, 0x7000000, 0xFEEDFACEDEAFBEAD)
= 0x55000 0
munmap(0x55000, 0xAB000) = 0 0
munmap(0x200000, 0x55000) = 0 0
mmap(0x0, 0x3000, 0x3, 0x1002, 0x1000000, 0xFEEDFACEDEAFBEAD)
= 0x55000 0
getpid(0x0, 0x3000, 0x3) = 17299 0
mmap(0x0, 0x1000000, 0x3, 0x1002, 0x2000000, 0xFEEDFACEDEAFBEAD)
= 0x200000 0
munmap(0x200000, 0x600000) = 0 0
munmap(0x1000000, 0x200000) = 0 0
getuid(0x1000000, 0x200000, 0x3) = 0 0
mmap(0x0, 0x200000, 0x3, 0x1002, 0x7000000, 0xFEEDFACEDEAFBEAD)
= 0x200000 0
munmap(0x300000, 0x100000) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF5C6) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF6C6) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF7C6) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF8C6) = 0 0
__sysctl(0xBFFFF54C, 0x2, 0xBFFFF9C6) = 0 0
sigaction(0x1, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0x2, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0x3, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0x4, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0xA, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0x8, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0xB, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0xF, 0xBFFFF498, 0xBFFFF504) = 0 0
sigaction(0xD, 0xBFFFF448, 0xBFFFF4B4) = 0 0
ioctl(0x0, 0x4004667A, 0xBFFFF318) = -1 Err#25
ioctl(0x0, 0x402C7413, 0xBFFFF31C) = -1 Err#25
ioctl(0x1, 0x4004667A, 0xBFFFF318) = 0 0
ioctl(0x1, 0x402C7413, 0x800CFC) = 0 0
stat64("/var/tmp/clamd.socket\0", 0xBFFFF1E8, 0x1004C0) = 0 0
socket(0x1, 0x1, 0x0) = 3 0
fcntl(0x3, 0x2, 0x1) = 0 0
connect(0x3, 0xBFFFF16C, 0x17) = 0 0
getsockname(0x3, 0xBFFFEE28, 0xBFFFEE94) = 0 0
getsockname(0x3, 0xBFFFF2C4, 0xBFFFF2C0) = 0 0
mmap(0x0, 0x5000, 0x3, 0x1002, 0x3000000, 0xFEEDFACEDEAFBEAD)
= 0x58000 0
select(0x4, 0xBFFFF2C8, 0xBFFFF348, 0xBFFFF3C8, 0x0) = 3 0
dtrace: error on enabled probe ID 1741 (ID 13125:
syscall::read:return): invalid address (0x58000) in action #12 at DIF
offset 52
write(0x3, "nPING\n\0", 0x6) = 6 0
select(0x4, 0xBFFFF2C8, 0xBFFFF348, 0xBFFFF3C8, 0x0) = 2 0
dtrace: error on enabled probe ID 1741 (ID 13125:
syscall::read:return): invalid address (0x58000) in action #12 at DIF
offset 52
shutdown(0x3, 0x1, 0x3) = 0 0
select(0x4, 0xBFFFF2C8, 0xBFFFF348, 0xBFFFF3C8, 0xBFFFF4DC) = 1 0
dtrace: error on enabled probe ID 1741 (ID 13125:
syscall::read:return): invalid address (0x58000) in action #12 at DIF
offset 52
shutdown(0x3, 0x1, 0x3) = -1 Err#57
ioctl(0x1, 0x802C7414, 0x800CFC) = 0 0
shutdown(0x3, 0x2, 0x3) = -1 Err#57
pike:~ tshaw$
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
