Description: This video is part of the SecurityTube GNU Debugger Expert course and certification. You can begin watching this series by starting with Video 1 here: http://www.securitytube.net/video/5654
In this video, we look at a helper utility called Strace which allows us to trace which system calls are called by a program during execution. We will look at different options to output to file, get statistics on the syscalls used by the program and most importantly trace specific syscalls made by the program. This video is a must watch if you are curious about how to look under the hood when a program executes!
PDF AND CODE FILE DOWNLOADS HERE: http://www.securitytube.net/sgde?id=4
Please have a look at the SecurityTube Certifications: http://securitytube-training.com/
Tags: sgde , gnu debugger , gdb , strace , syscall tracing ,
System Call tracking elegantly explained
Code at the download link is broken. For one the download url doesn't share credentials with the rest of the site. Including login from the page itself. After logging in from the sgde?id=4 page the login is forgotten on return either by entering the URL directly or by traversing embedded links from the home page --> back to this page ---> to the download link ... and it's gone :-o
To add injury to that insult the tweet button is not displayed and there doesn't seem to be enough info in the page source to recreate the proper tweet and submit by hand.
Granted, the source files so far should easily be recreated by us users just viewing the snippets on screen.
MaskedPhrogg - time to remove your mask and see a bit better.
The tweet has nothing to do with logging into the site. Looks like you have not even seen the video ... the steps are so simple even a kid could do it. I've tweeted and gotten the code of all the 4 videos in my email.
Just search twitter for securitytube to see everyone tweet
Thanks for another fantastic video vivek!
MaskedPhrogg - It seems to work for me perfectly.
Others are doing it too - "https://twitter.com/i/#!/search/realtime/tracing%20with%20strace" paste this URL and check
Read better. There is NO TWEET BUTTON! If you'd like to discuss browser settings that allow the tweet button to appear I'm open to that discussion. But I fail to see how making my browser any more insecure than allowing javascript and java is a suitable topic for a security training site. It is my impression we are here to make our own online experiences more secure not less.
I get the pop up fine. The tweet button that is supposed to be inside the pop up is not present. There is code that is obviously supposed to fill in the tweet popup from hitting the tweet button. My best guess is that settings in my browser, purposely enabled to defeat preloading popups that might not be visible to the operator, is keeping the button from loading and tweeting. To be sure, I'm not that concerned with what others are doing. They could be jumping off the highest local cliff for all I know. My concern is focused more on fancy html that displays gimmicks that are typically indicators that a browser is open to attack vectors that aren't present to browsers that don't render gimmicky html.
MaskedPhrogg - Sandboxed Browser (Sandboxie + Firefox / Browser in VM / .. ) + Throwaway Twitter account - if you are really paranoid. If you are skilled you'd figure out stuff with the former - so you know there are no exploiting launching - or if they are to avoid the site -- this is what I do
Peace!
Thank you vivek. I bought the course and I hope you continue to release new courses because you are very skilled and a good teacher! :) Giovanni Marchetto from Italy.
@John-Nash
Please tell me why I should jump thru hoops to load a page that was coded badly? I'm not the one presenting content in a public area. Neither am I going to go thru this kind of gimcrackery for every page that doesn't load right. btw Sandboxie, though it does get rave reviews in so much pop media, is still proprietary. I'd sooner trust my own browser running in an environment I'm familiar with and just hack around the code as is if I have to put so much effort into this.
I have been running all these command line tools on Mac OS. Sadly, strace isnt available for Mac. In case anyone wants to know an alternative for strace for Mac, its "Dtruss"