fenris: ./test, Thu Feb 21 15:27:23 2002

fenris - program execution path analysis tool
Developed by Michal Zalewski <lcamtuf@coredump.cx>

Program: ./test

Date: Thu Feb 21 15:27:23 2002

symbol description symbol description
. buffer / fd : used buf / fd
r read / accessed W written
X read and written * discarded
S source D destination
+ fd I/O O fd opened
# fd cloned * fd discarded

0000000  main (...)
0000003  4103:00 L malloc (100) = 8049758
0000004  4103:00 \ new authoritative buffer candidate: 8049758:100 (_end)
0000005  4103:00 L bzero (8049758, 100) = 0
0000006  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000007  4103:00 \ buffer 8049758 modified.
0000008  4103:00 local innafunkcja (g/8049758)
0000008  4103:00 ==> Click here for trace of this function <==
0000018  4103:00 ...return from function = 
0000019  4103:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")
0000019  4103:00 ==> Click here for trace of this libcall <==
0000036  4103:00 ...return from libc = 38
0000037  4103:00 L free (8049758) = 
0000038  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000040  4103:00 \ discard: mem 8049758:100 (first seen in L main:malloc)
0000041  4103:-- ...return from main() = 
0000043  4103:-- * WRITE buffer bffffa14
0000043  4103:-- + bffffa14 = bffffa14:4  (first seen in main)
0000045  4103:--   last input: main

0000008  4103:00 local innafunkcja (g/8049758)
    [ Click here for calls summary ]
0000009  4103:00 + innafunkcja = 0x804852c
0000010  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000011  4103:00   last input: L main:bzero
0000012  4103:01  L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000013  4103:01  + 8049758 = 8049758:100  (first seen in L main:malloc)
0000015  4103:01  \ new buffer candidate: 8048614:20 (_IO_stdin_used)
0000016  4103:01  \ buffer 8049758 modified.
0000017  4103:01  \ data migration: 8048614 to 8049758
0000018  4103:00 ...return from function = 

0000019  4103:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")
    [ Click here for calls summary ]
0000020  4103:00 \ merge [SB]: 8048628:22 8048614:20 (first seen in L innafunkcja:strcpy) -> 8048614:42
0000021  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000022  4103:00   last input: L innafunkcja:strcpy
0000023  4103:01  [L] SYS197 fstat64 ??? (1, l/bffff1f0, l/bffff1f0) = -38
0000024  4103:01  [L] SYS fstat (1, bffff150 [301:17c38c #1 020620 0.5 0B]) = 0
0000025  4103:01  + fd 1: "/dev/tty6", origin unknown
0000026  4103:01  \ new buffer candidate: bffff150:64
0000027  4103:01  \ buffer bffff150 modified.
0000028  4103:01  [L] SYS mmap (0x0, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0) = 0x40018000
0000029  4103:01  \ new map: 40018000:4096 ()
0000030  4103:01  [L] SYS ioctl (1, TCGETS, 0xbffff120) = 0
0000031  4103:01  + fd 1: "/dev/tty6", origin unknown
0000032  4103:01  [L] SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000033  4103:01  + 40018000 = map 40018000:4096  (anon-mapped in S innafunkcja:mmap)
0000034  4103:01  + fd 1: "/dev/tty6", origin unknown
0000035  4103:01  \ new buffer candidate: 40018000:38
0000036  4103:00 ...return from libc = 38


Function innafunkcja:
0000008  4103:00 local innafunkcja (g/8049758)

Function printf:
0000019  4103:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")

Buffer 0:

0000004 L malloc (100) = 8049758
0000004 4103:00 \ new authoritative buffer candidate: 8049758:100 (_end)

0000006 L bzero (8049758, 100) = 0
0000006 4103:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000010 in innafunkcja:
0000010 4103:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000013 L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000013 4103:01 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000021 in printf:
0000021 4103:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000038 L free (8049758) =
0000038 4103:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

Buffer 1:

0000026 SYS fstat (1, bffff150 [301:17c38c #1 020620 0.5 0B]) = 0
0000026 4103:01 \ new buffer candidate: bffff150:64

Buffer 2:

0000015 L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000015 4103:01 \ new buffer candidate: 8048614:20 (_IO_stdin_used)

0000020 in printf:
0000020 4103:00 \ merge [SB]: 8048628:22 8048614:20 (first seen in L innafunkcja:strcpy) -> 8048614:42

Buffer 3:

0000035 SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000035 4103:01 \ new buffer candidate: 40018000:38

Buffer 4:

0000043 in main:
0000043 4103:-- * WRITE buffer bffffa14

File descriptor 1:

0000025 SYS fstat (1, bffff150 [301:17c38c #1 020620 0.5 0B]) = 0
0000025 + fd 1: "/dev/tty6", origin unknown

0000031 SYS ioctl (1, TCGETS, 0xbffff120) = 0
0000031 + fd 1: "/dev/tty6", origin unknown

0000034 SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000034 + fd 1: "/dev/tty6", origin unknown

0000001  <<-- fenris [STD] 0.02b -->>
0000002  +++ Executing './test' (pid 4103, dynamic) +++
0000003  4103:00 L malloc (100) = 8049758
0000004  4103:00 \ new authoritative buffer candidate: 8049758:100 (_end)
0000005  4103:00 L bzero (8049758, 100) = 0
0000006  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000007  4103:00 \ buffer 8049758 modified.
0000008  4103:00 local innafunkcja (g/8049758)
0000009  4103:00 + innafunkcja = 0x804852c
0000010  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000011  4103:00   last input: L main:bzero
0000012  4103:01  L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000013  4103:01  + 8049758 = 8049758:100  (first seen in L main:malloc)
0000014  4103:01    last input: L main:bzero
0000015  4103:01  \ new buffer candidate: 8048614:20 (_IO_stdin_used)
0000016  4103:01  \ buffer 8049758 modified.
0000017  4103:01  \ data migration: 8048614 to 8049758
0000018  4103:00 ...return from function = 
0000019  4103:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")
0000020  4103:00 \ merge [SB]: 8048628:22 8048614:20 (first seen in L innafunkcja:strcpy) -> 8048614:42
0000021  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000022  4103:00   last input: L innafunkcja:strcpy
0000023  4103:01  [L] SYS197 fstat64 ??? (1, l/bffff1f0, l/bffff1f0) = -38
0000024  4103:01  [L] SYS fstat (1, bffff150 [301:17c38c #1 020620 0.5 0B]) = 0
0000025  4103:01  + fd 1: "/dev/tty6", origin unknown
0000026  4103:01  \ new buffer candidate: bffff150:64
0000027  4103:01  \ buffer bffff150 modified.
0000028  4103:01  [L] SYS mmap (0x0, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0) = 0x40018000
0000029  4103:01  \ new map: 40018000:4096 ()
0000030  4103:01  [L] SYS ioctl (1, TCGETS, 0xbffff120) = 0
0000031  4103:01  + fd 1: "/dev/tty6", origin unknown
0000032  4103:01  [L] SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000033  4103:01  + 40018000 = map 40018000:4096  (anon-mapped in S innafunkcja:mmap)
0000034  4103:01  + fd 1: "/dev/tty6", origin unknown
0000035  4103:01  \ new buffer candidate: 40018000:38
0000036  4103:00 ...return from libc = 38
0000037  4103:00 L free (8049758) = 
0000038  4103:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000039  4103:00   last input: L innafunkcja:strcpy
0000040  4103:00 \ discard: mem 8049758:100 (first seen in L main:malloc)
0000041  4103:-- ...return from main() = 
0000042  4103:-- // function has accessed non-local memory:
0000043  4103:-- * WRITE buffer bffffa14
0000044  4103:-- + bffffa14 = bffffa14:4  (first seen in main)
0000045  4103:--   last input: main
0000046  +++ Process 4103 detached (outside traceable code) +++
0000047  +++ Parameter prediction 100.00% successful [0:4] +++
0000048  >> Exit condition: no more processes to trace

To get help, please visit Fenris project homepage and read the documentation.
Developed by Michal Zalewski.

symbol	description	symbol	description
.	buffer / fd	:	used buf / fd
r	read / accessed	W	written
X	read and written	*	discarded
S	source	D	destination
+	fd I/O	O	fd opened
#	fd cloned	*	fd discarded

line	function	buffers	descriptors
	.- main
5	\| malloc	r....	..
8	\| bzero	W....	..
8	\| .- innafunkcja
17	\| \| strcpy	D-S
19	\| `- innafunkcja	r....
19	\| .- printf
24	\| \| fstat64	:....	..
28	\| \| fstat	:W...	.+
30	\| \| mmap	::...	..
32	\| \| ioctl	::...	.+
36	\| \| write	::.r.	.+
37	\| `- printf	r:r:.
41	\| free	*:::.	..
46	`- main	.:::W