如何从strace输出中解码这些信息

huangapple go评论94阅读模式
英文:

How to decode this information from strace output

问题

我写了一个小的Go脚本,并使用strace进行了跟踪。通过这个脚本,我试图使用netlink协议从内核中获取审计消息,就像auditd一样。

以下是我Go脚本的strace输出- http://paste.ubuntu.com/8272760/

我试图找到auditd在sendto函数中提供的参数。
当我在auditd上运行strace时,我得到以下输出:

sendto(3, "
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
0
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16

而当我在我的Go文件上运行strace时,我得到以下输出。
我想解码这个语句的第二个参数:

sendto(3, "
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
0
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17

具体来说

"
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
0
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
\t"

现在我想将其转换为字符串或字节数组,有没有办法将其转换为字符串或字节数组?

在我的实际Go代码中,这个参数是一个字节数组。

https://github.com/mozilla/Audit-Go/blob/testing/netlink_old.go#L58

英文:

I wrote a small go script and traced it using strace
though this script, I am trying to fetch audit messages from kernel using netlink protocol, just like like auditd.

Following is the strace output on my go script- http://paste.ubuntu.com/8272760/

I am trying to find the argument that auditd provide to the sendto function.
When I run strace on auditd I get following output

sendto(3, "
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
0
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
sendto(3, "\20\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16

And when I strace my go file I get the following output.
I am looking to decode the second argument of this statement

sendto(3, "
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
0
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
sendto(3, "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17
\t", 17, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 17

To be specific

"
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
0
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t" 
\t"

Now I want to convert this to string or bytes array, is there any way to convert this to string or byte array?

In my actual go code this argument is a byte array.

https://github.com/mozilla/Audit-Go/blob/testing/netlink_old.go#L58

答案1

得分: 7

我理解你的问题是,你试图通过比较strace输出来比较auditd发送的内容和你的程序发送的内容,并且你在将strace提供的字符串转换为Go的[]byte数据类型时遇到了问题。

strace输出遵循GNU C对字符串字面值的表示,其中字符可以按以下方式转义:

\\ 反斜杠字符。
\? 问号字符。
\' 单引号。
\" 双引号。
\a 可听见的警报。
\b 退格字符。
\e <ESC>字符。(这是GNU的扩展。)
\f 换页符。
\n 换行符。
\r 回车符。
\t 水平制表符。
\v 垂直制表符。
\o,\oo,\ooo 八进制数。
\xh,\xhh,\xhhh,... 十六进制数。

请注意,八进制或十六进制数字的位数可以是可变的。在Go中,字符也可以转义,但规则不同-请参阅http://golang.org/ref/spec#Rune_literals

特别要注意的是,八进制值始终是3位数,以避免任何歧义。要声明一个包含这样一系列字符的[]byte,你需要编写类似这样的代码:

// 在strace中,它是"
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
\t" wb := []byte("1
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
00
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
3
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
5
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
1
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0
// 在strace中,它是"\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t"
wb := []byte("\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t")
0\t")

请注意,strace中的-x选项将对不可打印字符使用固定长度的十六进制编码,这使得在Go程序中直接使用这些字符串更容易。-xx选项将输出十六进制编码的字节,即使对于可打印字符也是如此,这在我看来更容易。

无论如何,使用字面字符串来初始化[]byte并不一定是一个好的风格(甚至不是一个好主意)。字符串用于UTF-8字符,而不是二进制数据。

英文:

My understanding of your problem is you try to compare what auditd sends to what your program sends by comparing strace output, and you have issues to convert the string provided by strace into a Go []byte datatype.

The strace output follows the GNU C representation of string literal, whose characters can be escaped as follows:

\\ Backslash character. 
\? Question mark character.
\&#39; Single quotation mark. 
\&quot; Double quotation mark. 
\a Audible alert. 
\b Backspace character. 
\e &lt;ESC&gt; character. (This is a GNU extension.) 
\f Form feed. 
\n Newline character. 
\r Carriage return. 
\t Horizontal tab. 
\v Vertical tab.
\o, \oo, \ooo Octal number.
\xh, \xhh, \xhhh, ... Hexadecimal number.

Note that the number of octal or hex digits can be variable. In Go, characters can also be escaped but the rules are different - see http://golang.org/ref/spec#Rune_literals

In particular, the octal values are systematically on 3 digits to avoid any ambiguity. To declare a []byte with such a sequence of characters, you will have to write something like this:

// In strace, it was &quot;
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
\t&quot; wb := []byte(&quot;1
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
00
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
3
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
5
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
1
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0
// In strace, it was &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
wb := []byte(&quot;\021\000\000\000\350\003\005\000\001\000\000\000\000\000\000\000\t&quot;)
0\t&quot;)

Note that the -x option in strace will use fixed-length hex encoding for non-printable characters, which makes the direct usage of these strings easier in a Go program. The -xx option will output hex encoded bytes even for printable characters, which makes it even easier IMO.

Anyway, it is not necessarily a good style (or even a good idea) to use literal strings to initialize []byte. Strings are for UTF-8 characters, not for binary data.

答案2

得分: 6

这些是在ANSI X3.159-1989(也称为ANSI C89,请查看此PDF文件)中定义的字符转义序列。您可以在port70.net上找到官方草案页面。

下面是在man printf中找到的简要说明:

  • \a 写入<bell>字符。
  • \b 写入<backspace>字符。
  • \c 忽略此字符串中的剩余字符。
  • \e 写入<escape>字符。
  • \f 写入<form-feed>字符。
  • \r 写入<carriage return>字符。
  • \n 写入<new-line>字符。
  • \t 写入<tab>字符。
  • \v 写入<vertical tab>字符。
  • \' 写入<single quote>字符。
  • \" 写入<double quote>字符。
  • \\ 写入反斜杠字符。
  • \num\0num 写入ASCII值为1、2或3位八进制数的8位字符。

要将这些字符解释为字符串,您可以使用printf,例如在shell中的命令:

printf "%b" "
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
0
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
printf "%b" "\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t";
\t";

有关更多解析示例,请参阅:https://stackoverflow.com/q/36557017/55075

英文:

> \21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t

These are character escape sequences as defined in the ANSI X3.159-1989 (aka ANSI C89, check this PDF file). You can find the official draft pages at port70.net.

Here is a short brief found in man printf:

  • \a Write a &lt;bell&gt; character.
  • \b Write a &lt;backspace&gt; character.
  • \c Ignore remaining characters in this string.
  • \e Write a &lt;escape&gt; character.
  • \f Write a &lt;form-feed&gt; character.
  • \r Write a &lt;carriage return&gt; character.
  • \n Write a &lt;new-line&gt; character.
  • \t Write a &lt;tab&gt; character.
  • \v Write a &lt;vertical tab&gt; character.
  • \&#39; Write a &lt;single quote&gt; character.
  • \&quot; Write a &lt;double quote&gt; character.
  • \\ Write a backslash character.
  • \num, \0num Write an 8-bit character whose ASCII value is the 1-, 2-, or 3-digit octal number.

To interpret these characters as string, you can use printf, e.g. command in shell:

printf &quot;%b&quot; &quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
0
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
printf &quot;%b&quot; &quot;\21\0\0\0\350\3\5\0\1\0\0\0\0\0\0\0\t&quot;
\t&quot;

For more parsing examples, check: <https://stackoverflow.com/q/36557017/55075>

答案3

得分: 5

如果你想让strace打印十六进制字符串而不是ASCII和转义序列,请使用-x-xx选项,详细信息请参考man手册。

英文:

If you want strace to print hexadecimal string instead ASCII and escaped sequence, use -x or -xx, consult man for more details.

huangapple
  • 本文由 发表于 2014年9月7日 06:07:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/25705216.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定