NWLUG demos

Plan for next LUG meeting:

Go over:
 strace, 
  http://www.wi.leidenuniv.nl/~wichert/strace/

  Intercept syscalls, demangles symbols, and shows return code.
  
  Advantages: Source code not needed to debug/no debugging 
              symbols need to be present. Very good bug 
              tracking tool.

  Can profile syscalls, find time spent in each call.

  Can trace by filtering: -e trace=callname, or 
                          trace=network,ipc,signal...
  
  Show a simple program.
 
 Ltrace, 
  No homepage.
  Author: Juan Cespedes <cespedes@debian.org>
  Similar to strace allows dynamic library calls to be traced as well.
  ltrace -S to disp syscalls, kernels syscalls, not lib ones.
  strace more readable, as it symbolically displays things,
   but -C option allows similar things.
 
 gdb,
  http://sourceware.cygnus.com/gdb/

  Debugger, allows tracing of processes.
  If debugging symbols present, allows user to view source
  as it runs, alter variables, change execution, examine
  variables, and dump assembler. Set breakpoints&watchpoints.
  One of the most powerful debugging tools if source is available.
  Lacks memory search capability :(

 objdump,
  http://sourceware.cygnus.com/binutils/

  Part of binutils.
  objdump -d, useful to disassemble.

 nm,
  http://sourceware.cygnus.com/binutils/

  Part of binutils.
  List symbols from object files, such as libraries.
  Can list functions, code snippets, etc as well.

 biew,
  http://biew.sourceforge.net/

  Allows view in: text,binary,hex,dissasm modes.
  Allows dissassembly mode, virtual/file addresses.
  ctrl-f1 fr instr sets

 khexedit,
  http://home.sol.no/~espensa/khexedit/

  Similar to biew, allows viewing in text, binary, hex, oct.
  Useful as a quick way to hex edit things.
  Character table, similar to dos/win.
  Hex/dec/octal convertor.
  No disasm :(
  
 ddd:
  http://www.gnu.org/software/ddd/

  Front end to gdb, very cool.
  Graphical display of data structures.
  Ability to graphically see execution of program.

Things in procfs, /proc/pid
  <man proc>
  cmdline: command line name used to call prog
  cwd: current working dir
  environ: current environment variables
  exe: symlink to binary executable
  fd: open file descriptors, and links to them
  maps: descriptions memory mapped regions, and perms.
  mem: memory used by process, not mmap()-able yet
  root: current root dir of proc, chroot() to change
  stat: info about process, reported by ps
  status: current status

ptrace:
  #include <sys/ptrace.h>
  Set of tools to trace processes.
  Used by debuggers and tracers, mostly.