fenris: ./test, Sat Dec 15 15:36:44 2001

fenris - program execution path analysis tool
(C) Copyright 2001 by Michal Zalewski <lcamtuf@coredump.cx>

Program: ./test

Date: Sat Dec 15 15:36:44 2001

symbol description symbol description
. buffer / fd : used buf / fd
r read / accessed W written
X read and written * discarded
S source D destination
+ fd I/O O fd opened
# fd cloned * fd discarded

0000000  main (...)
0000003  7782:00 L malloc (100) = 8049758
0000004  7782:00 \ new authoritative buffer candidate: 8049758:100 (_end)
0000005  7782:00 L bzero (8049758, 100) = 0
0000006  7782:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000007  7782:00 \ buffer 8049758 modified.
0000008  7782:00 local innafunkcja (g/8049758)
0000008  7782:00 ==> Click here for trace of this function <==
0000018  7782:00 ...return from function = 
0000019  7782:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")
0000019  7782:00 ==> Click here for trace of this libcall <==
0000036  7782:00 ...return from libc = 38
0000037  7782:00 L free (8049758) = 
0000038  7782:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000040  7782:00 \ discard: mem 8049758:100 (first seen in L main:malloc)
0000041  7782:-- ...return from main() = 
0000043  7782:-- * WRITE buffer bffffa14
0000043  7782:-- + bffffa14 = bffffa14:4  (first seen in main)
0000045  7782:--   last input: main

0000008  7782:00 local innafunkcja (g/8049758)
    [ Click here for calls summary ]
0000009  7782:00 + innafunkcja = 0x804852c
0000010  7782:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000011  7782:00   last input: L main:bzero
0000012  7782:01  L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000013  7782:01  + 8049758 = 8049758:100  (first seen in L main:malloc)
0000015  7782:01  \ new buffer candidate: 8048614:20 (_IO_stdin_used)
0000016  7782:01  \ buffer 8049758 modified.
0000017  7782:01  \ data migration: 8048614 to 8049758
0000018  7782:00 ...return from function = 

0000019  7782:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")
    [ Click here for calls summary ]
0000020  7782:00 \ merge [SB]: 8048628:22 8048614:20 (first seen in L innafunkcja:strcpy) -> 8048614:42
0000021  7782:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000022  7782:00   last input: L innafunkcja:strcpy
0000023  7782:01  [L] SYS197 fstat64 ??? (1, l/bffff1f0, l/bffff1f0) = -38
0000024  7782:01  [L] SYS fstat (1, bffff150 [301:17c381 #1 020620 0.5 0B]) = 0
0000025  7782:01  + fd 1: "/dev/tty5", origin unknown
0000026  7782:01  \ new buffer candidate: bffff150:64
0000027  7782:01  \ buffer bffff150 modified.
0000028  7782:01  [L] SYS mmap (0x0, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0) = 0x40018000
0000029  7782:01  \ new map: 40018000:4096 ()
0000030  7782:01  [L] SYS ioctl (1, TCGETS, 0xbffff120) = 0
0000031  7782:01  + fd 1: "/dev/tty5", origin unknown
0000032  7782:01  [L] SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000033  7782:01  + 40018000 = map 40018000:4096  (anon-mapped in S innafunkcja:mmap)
0000034  7782:01  + fd 1: "/dev/tty5", origin unknown
0000035  7782:01  \ new buffer candidate: 40018000:38
0000036  7782:00 ...return from libc = 38


Function innafunkcja:
0000008  7782:00 local innafunkcja (g/8049758)

Function printf:
0000019  7782:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")

Buffer 0:

0000004 L malloc (100) = 8049758
0000004 7782:00 \ new authoritative buffer candidate: 8049758:100 (_end)

0000006 L bzero (8049758, 100) = 0
0000006 7782:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000010 in innafunkcja:
0000010 7782:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000013 L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000013 7782:01 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000021 in printf:
0000021 7782:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

0000038 L free (8049758) =
0000038 7782:00 + 8049758 = 8049758:100 (first seen in L main:malloc)

Buffer 1:

0000026 SYS fstat (1, bffff150 [301:17c381 #1 020620 0.5 0B]) = 0
0000026 7782:01 \ new buffer candidate: bffff150:64

Buffer 2:

0000015 L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000015 7782:01 \ new buffer candidate: 8048614:20 (_IO_stdin_used)

0000020 in printf:
0000020 7782:00 \ merge [SB]: 8048628:22 8048614:20 (first seen in L innafunkcja:strcpy) -> 8048614:42

Buffer 3:

0000035 SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000035 7782:01 \ new buffer candidate: 40018000:38

Buffer 4:

0000043 in main:
0000043 7782:-- * WRITE buffer bffffa14

File descriptor 1:

0000025 SYS fstat (1, bffff150 [301:17c381 #1 020620 0.5 0B]) = 0
0000025 + fd 1: "/dev/tty5", origin unknown

0000031 SYS ioctl (1, TCGETS, 0xbffff120) = 0
0000031 + fd 1: "/dev/tty5", origin unknown

0000034 SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000034 + fd 1: "/dev/tty5", origin unknown

0000001  <<-- fenris [STD] 0.01b -->>
0000002  +++ Executing './test' (pid 7782, dynamic) +++
0000003  7782:00 L malloc (100) = 8049758
0000004  7782:00 \ new authoritative buffer candidate: 8049758:100 (_end)
0000005  7782:00 L bzero (8049758, 100) = 0
0000006  7782:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000007  7782:00 \ buffer 8049758 modified.
0000008  7782:00 local innafunkcja (g/8049758)
0000009  7782:00 + innafunkcja = 0x804852c
0000010  7782:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000011  7782:00   last input: L main:bzero
0000012  7782:01  L strcpy (8049758, 8048614 "this is just a test") = 8049758
0000013  7782:01  + 8049758 = 8049758:100  (first seen in L main:malloc)
0000014  7782:01    last input: L main:bzero
0000015  7782:01  \ new buffer candidate: 8048614:20 (_IO_stdin_used)
0000016  7782:01  \ buffer 8049758 modified.
0000017  7782:01  \ data migration: 8048614 to 8049758
0000018  7782:00 ...return from function = 
0000019  7782:00 U printf (g/8048628 "This is a result: %s?", g/8049758 "this is just a test")
0000020  7782:00 \ merge [SB]: 8048628:22 8048614:20 (first seen in L innafunkcja:strcpy) -> 8048614:42
0000021  7782:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000022  7782:00   last input: L innafunkcja:strcpy
0000023  7782:01  [L] SYS197 fstat64 ??? (1, l/bffff1f0, l/bffff1f0) = -38
0000024  7782:01  [L] SYS fstat (1, bffff150 [301:17c381 #1 020620 0.5 0B]) = 0
0000025  7782:01  + fd 1: "/dev/tty5", origin unknown
0000026  7782:01  \ new buffer candidate: bffff150:64
0000027  7782:01  \ buffer bffff150 modified.
0000028  7782:01  [L] SYS mmap (0x0, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0) = 0x40018000
0000029  7782:01  \ new map: 40018000:4096 ()
0000030  7782:01  [L] SYS ioctl (1, TCGETS, 0xbffff120) = 0
0000031  7782:01  + fd 1: "/dev/tty5", origin unknown
0000032  7782:01  [L] SYS write (1, 40018000 "This is a result: this is just "..., 38) = 38
0000033  7782:01  + 40018000 = map 40018000:4096  (anon-mapped in S innafunkcja:mmap)
0000034  7782:01  + fd 1: "/dev/tty5", origin unknown
0000035  7782:01  \ new buffer candidate: 40018000:38
0000036  7782:00 ...return from libc = 38
0000037  7782:00 L free (8049758) = 
0000038  7782:00 + 8049758 = 8049758:100  (first seen in L main:malloc)
0000039  7782:00   last input: L innafunkcja:strcpy
0000040  7782:00 \ discard: mem 8049758:100 (first seen in L main:malloc)
0000041  7782:-- ...return from main() = 
0000042  7782:-- // function has accessed non-local memory:
0000043  7782:-- * WRITE buffer bffffa14
0000044  7782:-- + bffffa14 = bffffa14:4  (first seen in main)
0000045  7782:--   last input: main
0000046  7782:-- \ discard: mem 40018000:38 (first seen in S innafunkcja:write)
0000047  7782:-- [L] SYS exit (1075047648) = ???
0000048  +++ Process 7782 exited with code 224 +++
0000049  +++ Parameter prediction 100.00% successful [0:4] +++
0000050  >> Exit condition: no more processes to trace

To get help, please visit Fenris project homepage and read the documentation.
(C) Copyright 2001 by Michal Zalewski.

symbol	description	symbol	description
.	buffer / fd	:	used buf / fd
r	read / accessed	W	written
X	read and written	*	discarded
S	source	D	destination
+	fd I/O	O	fd opened
#	fd cloned	*	fd discarded

line	function	buffers	descriptors
	.- main
5	\| malloc	r....	..
8	\| bzero	W....	..
8	\| .- innafunkcja
17	\| \| strcpy	D-S
19	\| `- innafunkcja	r....
19	\| .- printf
24	\| \| fstat64	:....	..
28	\| \| fstat	:W...	.+
30	\| \| mmap	::...	..
32	\| \| ioctl	::...	.+
36	\| \| write	::.r.	.+
37	\| `- printf	r:r:.
41	\| free	*:::.	..
46	`- main	.:::W