fenris - program execution path analysis tool  
  Developed by Michal Zalewski <lcamtuf@coredump.cx>

Program: ./test
Date: Thu Feb 21 15:27:23 2002

Buffer / function interaction:
[
flow | calls | params | buffers | I/O | raw ]

symboldescription symboldescription
.buffer / fd :used buf / fd
rread / accessed Wwritten
Xread and written *discarded
Ssource Ddestination
+fd I/O Ofd opened
#fd cloned *fd discarded

 
line function buffers descriptors 
 .- main     
malloc r.... .. 
bzero W.... .. 
| .- innafunkcja     
17 | | strcpy D-S   
19 | `- innafunkcja r....   
19 | .- printf     
24 | | fstat64 :.... .. 
28 | | fstat :W... .+ 
30 | | mmap ::... .. 
32 | | ioctl ::... .+ 
36 | | write ::.r.+ 
37 | `- printf r:r:.   
41 free *:::. .. 
46 `- main .:::W   

 



Function invocations:
[
flow | calls | params | buffers | I/O | raw ]

0000000  main (...)
0000003  4103:00 L malloc (100) = 8049758
0000004  4103:00 \ new authoritative buffer candidate: 8049758:100 (_end)
0000005  4103:00 L bzero (8049758, 100) = 0
0000006  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000007  4103:00 \ buffer 8049758 modified.
0000008  4103:00 local innafunkcja (g/8049758)
0000008  4103:00 ==> Click here for trace of this function <==
0000018  4103:00 ...return from function = 
0000019  4103:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")
0000019  4103:00 ==> Click here for trace of this libcall <==
0000036  4103:00 ...return from libc = 38
0000037  4103:00 L free (8049758) = 
0000038  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000040  4103:00 \ discard: mem 8049758:100 (first seen in L main:malloc)
0000041  4103:-- ...return from main() = 
0000043  4103:-- * WRITE buffer bffffa14
0000043  4103:-- + bffffa14 = bffffa14:4  (first seen in main)
0000045  4103:--   last input: main

0000008  4103:00 local innafunkcja (g/8049758)
    [ Click here for calls summary ]
0000009  4103:00 + innafunkcja = 0x804852c
0000010  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000011  4103:00   last input: L main:bzero
0000012  4103:01  L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000013  4103:01  + 8049758 = 8049758:100  (first seen in L main:malloc)
0000015  4103:01  \ new buffer candidate: 8048614:20 (_IO_stdin_used)
0000016  4103:01  \ buffer 8049758 modified.
0000017  4103:01  \ data migration: 8048614 to 8049758
0000018  4103:00 ...return from function = 

0000019  4103:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")
    [ Click here for calls summary ]
0000020  4103:00 \ merge [SB]: 8048628:22 8048614:20 (first seen in L innafunkcja:strcpy) -> 8048614:42
0000021  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000022  4103:00   last input: L innafunkcja:strcpy
0000023  4103:01  [L] SYS197 fstat64 ??? (1, l/bffff1f0, l/bffff1f0) = -38
0000024  4103:01  [L] SYS fstat (1, bffff150 [301:17c38c #1 020620 0.5 0B]) = 0
0000025  4103:01  + fd 1: "/dev/tty6", origin unknown
0000026  4103:01  \ new buffer candidate: bffff150:64
0000027  4103:01  \ buffer bffff150 modified.
0000028  4103:01  [L] SYS mmap (0x0, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0) = 0x40018000
0000029  4103:01  \ new map: 40018000:4096 ()
0000030  4103:01  [L] SYS ioctl (1, TCGETS, 0xbffff120) = 0
0000031  4103:01  + fd 1: "/dev/tty6", origin unknown
0000032  4103:01  [L] SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000033  4103:01  + 40018000 = map 40018000:4096  (anon-mapped in S innafunkcja:mmap)
0000034  4103:01  + fd 1: "/dev/tty6", origin unknown
0000035  4103:01  \ new buffer candidate: 40018000:38
0000036  4103:00 ...return from libc = 38


 



Function call summary:
[
flow | calls | params | buffers | I/O | raw ]


Function innafunkcja:
0000008  4103:00 local innafunkcja (g/8049758)

Function printf:
0000019  4103:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")

 



Buffer history:
[
flow | calls | params | buffers | I/O | raw ]

Buffer 0:

0000004 L malloc (100) = 8049758
0000004 4103:00 \ new authoritative buffer candidate: 8049758:100 (_end)

0000006 L bzero (8049758, 100) = 0
0000006 4103:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000010 in innafunkcja:
0000010 4103:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000013 L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000013 4103:01 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000021 in printf:
0000021 4103:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000038 L free (8049758) =
0000038 4103:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

Buffer 1:

0000026 SYS fstat (1, bffff150 [301:17c38c #1 020620 0.5 0B]) = 0
0000026 4103:01 \ new buffer candidate: bffff150:64

Buffer 2:

0000015 L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000015 4103:01 \ new buffer candidate: 8048614:20 (_IO_stdin_used)

0000020 in printf:
0000020 4103:00 \ merge [SB]: 8048628:22 8048614:20 (first seen in L innafunkcja:strcpy) -> 8048614:42

Buffer 3:

0000035 SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000035 4103:01 \ new buffer candidate: 40018000:38

Buffer 4:

0000043 in main:
0000043 4103:-- * WRITE buffer bffffa14


 



File descriptor history:
[
flow | calls | params | buffers | I/O | raw ]

File descriptor 1:

0000025 SYS fstat (1, bffff150 [301:17c38c #1 020620 0.5 0B]) = 0
0000025 + fd 1: "/dev/tty6", origin unknown

0000031 SYS ioctl (1, TCGETS, 0xbffff120) = 0
0000031 + fd 1: "/dev/tty6", origin unknown

0000034 SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000034 + fd 1: "/dev/tty6", origin unknown


 



Trace output as-is:
[
flow | calls | params | buffers | I/O | raw ]

0000001  <<-- fenris [STD] 0.02b -->>
0000002  +++ Executing './test' (pid 4103, dynamic) +++
0000003  4103:00 L malloc (100) = 8049758
0000004  4103:00 \ new authoritative buffer candidate: 8049758:100 (_end)
0000005  4103:00 L bzero (8049758, 100) = 0
0000006  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000007  4103:00 \ buffer 8049758 modified.
0000008  4103:00 local innafunkcja (g/8049758)
0000009  4103:00 + innafunkcja = 0x804852c
0000010  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000011  4103:00   last input: L main:bzero
0000012  4103:01  L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000013  4103:01  + 8049758 = 8049758:100  (first seen in L main:malloc)
0000014  4103:01    last input: L main:bzero
0000015  4103:01  \ new buffer candidate: 8048614:20 (_IO_stdin_used)
0000016  4103:01  \ buffer 8049758 modified.
0000017  4103:01  \ data migration: 8048614 to 8049758
0000018  4103:00 ...return from function = 
0000019  4103:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")
0000020  4103:00 \ merge [SB]: 8048628:22 8048614:20 (first seen in L innafunkcja:strcpy) -> 8048614:42
0000021  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000022  4103:00   last input: L innafunkcja:strcpy
0000023  4103:01  [L] SYS197 fstat64 ??? (1, l/bffff1f0, l/bffff1f0) = -38
0000024  4103:01  [L] SYS fstat (1, bffff150 [301:17c38c #1 020620 0.5 0B]) = 0
0000025  4103:01  + fd 1: "/dev/tty6", origin unknown
0000026  4103:01  \ new buffer candidate: bffff150:64
0000027  4103:01  \ buffer bffff150 modified.
0000028  4103:01  [L] SYS mmap (0x0, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0) = 0x40018000
0000029  4103:01  \ new map: 40018000:4096 ()
0000030  4103:01  [L] SYS ioctl (1, TCGETS, 0xbffff120) = 0
0000031  4103:01  + fd 1: "/dev/tty6", origin unknown
0000032  4103:01  [L] SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000033  4103:01  + 40018000 = map 40018000:4096  (anon-mapped in S innafunkcja:mmap)
0000034  4103:01  + fd 1: "/dev/tty6", origin unknown
0000035  4103:01  \ new buffer candidate: 40018000:38
0000036  4103:00 ...return from libc = 38
0000037  4103:00 L free (8049758) = 
0000038  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000039  4103:00   last input: L innafunkcja:strcpy
0000040  4103:00 \ discard: mem 8049758:100 (first seen in L main:malloc)
0000041  4103:-- ...return from main() = 
0000042  4103:-- // function has accessed non-local memory:
0000043  4103:-- * WRITE buffer bffffa14
0000044  4103:-- + bffffa14 = bffffa14:4  (first seen in main)
0000045  4103:--   last input: main
0000046  +++ Process 4103 detached (outside traceable code) +++
0000047  +++ Parameter prediction 100.00% successful [0:4] +++
0000048  >> Exit condition: no more processes to trace

 


To get help, please visit Fenris project homepage and read the documentation.
Developed by Michal Zalewski.