Strace Ltrace Retrace⚓︎
Hiya hiya, I'm Tinsel Upatree!
Say, do you know what's going on next door?
I'm a bit worried about the whole FrostFest event.
It feels a bit... ill-conceived, somehow. Nasty even.
Well, regardless – and more to the point, what do you know about tracing processes in Linux?
We rebuilt this here Cranberry Pi that runs the cotton candy machine, but we seem to be missing a file.
Do you think you can use
ltrace to help us rebuild the missing config?
We'd like to help some of our favorite children enjoy the sweet spun goodness again!
And, if you help me with this, I'll give you some hints about using Wireshark filters to look for unusual options that might help you achieve Objectives here at the North Pole.
================================================================================ Please, we need your help! The cotton candy machine is broken! We replaced the SD card in the Cranberry Pi that controls it and reinstalled the software. Now it's complaining that it can't find a registration file! Perhaps you could figure out what the cotton candy software is looking for... ================================================================================
Debugging tools like
ltrace allow us to trace a program's execution flow by intercepting all of the dynamic library and system calls the program makes. Its verbose output can help to determine where and why exactly things are going wrong. Start by running the program normally using
./make_the_candy to confirm we're indeed missing a configuration file.
ltrace ./make_the_candy to trace the program's execution and reveal the expected file name is
Create the registration file with
touch registration.json and run
ltrace again. This time we get a different message telling us that the program is trying to get or read a line from the file. Since
registration.json is still empty, this fails as well.
So, add some dummy data using
echo dummy > registration.json and keep repeating the process.
From this point on the program will try to read data from the configuration file and compare it to several expected values, starting with Registration. Use the
ltrace output to determine what the final string should look like and gradually update the configuration file's content using
echo statements like we did in the previous step.
After updating the contents of
registration.json with Registration:True the program runs as expected!
Great! Thanks so much for your help!
I'm sure I can put those skills I just learned from you to good use.
Are you familiar with RFC3514?
Wireshark uses a different name for the Evil Bit:
HTTP responses are often gzip compressed. Fortunately, Wireshark decompresses them for us automatically.
You can search for strings in Wireshark fields using display filters with the