Valgrind的包装说明
Valgrind是用于调试和分析Linux程序的系统。凭借其工具套件,可以自动检测许多内存管理和线程错误,避免令人沮丧的bug狩猎的时间,使你的程序更加稳定。您还可以进行详细的分析,以帮助加快您的程序和使用Valgrind的建设新的工具。该Valgrind的分布目前包括六个生产质量的工具:
- 内存错误检测器(的Memcheck)
- 2线程错误探测器(Helgrind和DRD)
- 高速缓存和分支预测分析器(Cachegrind)
- 一个调用图生成缓存和分支预测分析器(Callgrind)
- 堆分析器(高原) 它还包括三个实验工具:
- 堆栈/全局数组超限检测器(SGCheck)
- 第二堆剖析器,探讨如何堆块用于(DHAT)
- 一个SimPoint基本块矢量发生器(BBV)
- 作者:朱西华德
许可:GPL第二版
0x01 包含在Valgrind的包装工具
callgrind_annotate - 后处理工具,用于Callgrind
:~# callgrind_annotate -h usage: callgrind_annotate [options] [callgrind-out-file [source-files...]] options for the user, with defaults in [ ], are: -h --help show this message --version show version --show=A,B,C only show figures for events A,B,C [all] --sort=A,B,C sort columns by events A,B,C [event column order] --threshold=<0--100> percentage of counts (of primary sort event) we are interested in [99%] --auto=yes|no annotate all source files containing functions that helped reach the event count threshold [no] --context=N print N lines of context before and after annotated lines [8] --inclusive=yes|no add subroutine costs to functions calls [no] --tree=none|caller| print for each function their callers, calling|both the called functions or both [none] -I --include=<dir> add <dir> to list of directories to search for source files
0x02 callgrind_control - 观察和控制方案由Callgrind运行
:~# callgrind_control -h Observe the status and control currently active callgrind runs. (C) 2003-2011, Josef Weidendorfer ( ) Usage: callgrind_control [options] [pid|program-name...] If no pids/names are given, an action is applied to all currently active Callgrind runs. Default action is printing short information. Options: -h --help Show this help text --version Show version -s --stat Show statistics -b --back Show stack/back trace -e [<A>,...] Show event counters for <A>,... (default: all) --dump[=<s>] Request a dump optionally using <s> as description -z --zero Zero all event counters -k --kill Kill -i --instr=on|off Switch instrumentation state on/off
0x03 cg_annotate - 后处理工具Cachegrind
```bash
:~# cg_annotate -h usage: cg_annotate [options] cachegrind-out-file [source-files...] options for the user, with defaults in [ ], are: -h --help show this message --version show version --show=A,B,C only show figures for events A,B,C [all] --sort=A,B,C sort columns by events A,B,C [event column order] --threshold=<0--20> a function is shown if it accounts for more than x% of
the counts of the primary sort event [0.1]
--auto=yes|no annotate all source files containing functions
that helped reach the event count threshold [no]
--context=N print N lines of context before and after
annotated lines [8]
-I
--include= add to list of directories to search for source files
cg_annotate is Copyright (C) 2002-2007 Nicholas Nethercote. and licensed under the GNU General Public License, version 2. Bug reports, feedback, admiration, abuse, etc, to:
## 0x04 cg_diff - 的diff cachegrind文件
```bash
:~# cg_diff -h
usage: cg_diff [options] <cachegrind-out-file1> <cachegrind-out-file2>
options for the user, with defaults in [ ], are:
-h --help show this message
-v --version show version
--mod-filename=<expr> a Perl search-and-replace expression that is applied
to filenames, eg. --mod-filename='s/prog[0-9]/projN/'
--mod-funcname=<expr> like --mod-filename, but applied to function names
cg_diff is Copyright (C) 2010-2010 Nicholas Nethercote.
and licensed under the GNU General Public License, version 2.
Bug reports, feedback, admiration, abuse, etc, to:
0x05 cg_merge - 合并多个cachegrind输出文件合并成一个
:~# cg_merge
cg_merge: Merges multiple cachegrind output files into one
cg_merge: usage: cg_merge [-o outfile] [files-to-merge]
0x06 ms_print - 后处理工具地块
五
0x07 Valgrind的 - 的工具,调试和分析程序套件
:~# valgrind -h
usage: valgrind [options] prog-and-args
tool-selection option, with default in [ ]:
--tool=<name> use the Valgrind tool named <name> [memcheck]
basic user options for all Valgrind tools, with defaults in [ ]:
-h --help show this message
--help-debug show this message, plus debugging options
--version show version
-q --quiet run silently; only print error msgs
-v --verbose be more verbose -- show misc extra info
--trace-children=no|yes Valgrind-ise child processes (follow execve)? [no]
--trace-children-skip=patt1,patt2,... specifies a list of executables
that --trace-children=yes should not trace into
--trace-children-skip-by-arg=patt1,patt2,... same as --trace-children-skip=
but check the argv[] entries for children, rather
than the exe name, to make a follow/no-follow decision
--child-silent-after-fork=no|yes omit child output between fork & exec? [no]
--vgdb=no|yes|full activate gdbserver? [yes]
full is slower but provides precise watchpoint/step
--vgdb-error=<number> invoke gdbserver after <number> errors [999999999]
to get started quickly, use --vgdb-error=0
and follow the on-screen directions
--track-fds=no|yes track open file descriptors? [no]
--time-stamp=no|yes add timestamps to log messages? [no]
--log-fd=<number> log messages to file descriptor [2=stderr]
--log-file=<file> log messages to <file>
--log-socket=ipaddr:port log messages to socket ipaddr:port
user options for Valgrind tools that report errors:
--xml=yes emit error output in XML (some tools only)
--xml-fd=<number> XML output to file descriptor
--xml-file=<file> XML output to <file>
--xml-socket=ipaddr:port XML output to socket ipaddr:port
--xml-user-comment=STR copy STR verbatim into XML output
--demangle=no|yes automatically demangle C++ names? [yes]
--num-callers=<number> show <number> callers in stack traces [12]
--error-limit=no|yes stop showing new errors if too many? [yes]
--error-exitcode=<number> exit code to return if errors found [0=disable]
--show-below-main=no|yes continue stack traces below main() [no]
--suppressions=<filename> suppress errors described in <filename>
--gen-suppressions=no|yes|all print suppressions for errors? [no]
--db-attach=no|yes start debugger when errors detected? [no]
--db-command=<command> command to start debugger [/usr/bin/gdb -nw %f %p]
--input-fd=<number> file descriptor for input [0=stdin]
--dsymutil=no|yes run dsymutil on Mac OS X when helpful? [no]
--max-stackframe=<number> assume stack switch for SP changes larger
than <number> bytes [2000000]
--main-stacksize=<number> set size of main thread's stack (in bytes)
[use current 'ulimit' value]
user options for Valgrind tools that replace malloc:
--alignment=<number> set minimum alignment of heap allocations [8]
--redzone-size=<number> set minimum size of redzones added before/after
heap blocks (in bytes). [16]
uncommon user options for all Valgrind tools:
--fullpath-after= (with nothing after the '=')
show full source paths in call stacks
--fullpath-after=string like --fullpath-after=, but only show the
part of the path after 'string'. Allows removal
of path prefixes. Use this flag multiple times
to specify a set of prefixes to remove.
--smc-check=none|stack|all|all-non-file [stack]
checks for self-modifying code: none, only for
code found in stacks, for all code, or for all
code except that from file-backed mappings
--read-var-info=yes|no read debug info on stack and global variables
and use it to print better error messages in
tools that make use of it (Memcheck, Helgrind,
DRD) [no]
--vgdb-poll=<number> gdbserver poll max every <number> basic blocks [5000]
--vgdb-shadow-registers=no|yes let gdb see the shadow registers [no]
--vgdb-prefix=<prefix> prefix for vgdb FIFOs [/tmp/vgdb-pipe]
--run-libc-freeres=no|yes free up glibc memory at exit on Linux? [yes]
--sim-hints=hint1,hint2,... known hints:
lax-ioctls, enable-outer, fuse-compatible [none]
--fair-sched=no|yes|try schedule threads fairly on multicore systems [no]
--kernel-variant=variant1,variant2,... known variants: bproc [none]
handle non-standard kernel variants
--show-emwarns=no|yes show warnings about emulation limits? [no]
--require-text-symbol=:sonamepattern:symbolpattern abort run if the
stated shared object doesn't have the stated
text symbol. Patterns can contain ? and *.
--soname-synonyms=syn1=pattern1,syn2=pattern2,... synonym soname
specify patterns for function wrapping or replacement.
To use a non-libc malloc library that is
in the main exe: --soname-synonyms=somalloc=NONE
in libxyzzy.so: --soname-synonyms=somalloc=libxyzzy.so
user options for Memcheck:
--leak-check=no|summary|full search for memory leaks at exit? [summary]
--leak-resolution=low|med|high differentiation of leak stack traces [high]
--show-reachable=no|yes show reachable blocks in leak check? [no]
--show-possibly-lost=no|yes show possibly lost blocks in leak check?
[yes]
--undef-value-errors=no|yes check for undefined value errors [yes]
--track-origins=no|yes show origins of undefined values? [no]
--partial-loads-ok=no|yes too hard to explain here; see manual [no]
--freelist-vol=<number> volume of freed blocks queue [20000000]
--freelist-big-blocks=<number> releases first blocks with size >= [1000000]
--workaround-gcc296-bugs=no|yes self explanatory [no]
--ignore-ranges=0xPP-0xQQ[,0xRR-0xSS] assume given addresses are OK
--malloc-fill=<hexnumber> fill malloc'd areas with given value
--free-fill=<hexnumber> fill free'd areas with given value
Extra options read from ~/.valgrindrc, $VALGRIND_OPTS, ./.valgrindrc
Memcheck is Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
Valgrind is Copyright (C) 2000-2012, and GNU GPL'd, by Julian Seward et al.
LibVEX is Copyright (C) 2004-2012, and GNU GPL'd, by OpenWorks LLP et al.
Bug reports, feedback, admiration, abuse, etc, to: www.valgrind.org.
0x08 Valgrind的监听器 - 用于Valgrind的日志重定向一个简单的监听程序
:~# valgrind-listener -h
usage is:
valgrind-listener [--exit-at-zero|-e] [port-number]
where --exit-at-zero or -e causes the listener to exit
when the number of connections falls back to zero
(the default is to keep listening forever)
port-number is the default port on which to listen for
connections. It must be between 1024 and 65535.
Current default is 1500.
0x09 vgdb - 发送监控命令到Valgrind的gdbserver的
:~# vgdb -h
Usage: vgdb [OPTION]... [[-c] COMMAND]...
vgdb (valgrind gdb) has two usages
1. standalone to send monitor commands to a Valgrind gdbserver.
The OPTION(s) must be followed by the command to send
To send more than one command, separate the commands with -c
2. relay application between gdb and a Valgrind gdbserver.
Only OPTION(s) can be given.
OPTIONS are [--pid=<number>] [--vgdb-prefix=<prefix>]
[--wait=<number>] [--max-invoke-ms=<number>]
[--port=<portnr>
[--cmd-time-out=<number>] [-l] [-D] [-d]
--pid arg must be given if multiple Valgrind gdbservers are found.
--vgdb-prefix arg must be given to both Valgrind and vgdb utility
if you want to change the default prefix for the FIFOs communication
between the Valgrind gdbserver and vgdb.
--wait (default 0) tells vgdb to check during the specified number
of seconds if a Valgrind gdbserver can be found.
--max-invoke-ms (default 100) gives the nr of milli-seconds after which vgdb
will force the invocation of the Valgrind gdbserver (if the Valgrind
process is blocked in a system call).
--port instructs vgdb to listen for gdb on the specified port nr.
--cmd-time-out (default 99999999) tells vgdb to exit if the found Valgrind
gdbserver has not processed a command after number seconds
-l arg tells to show the list of running Valgrind gdbserver and then exit.
-D arg tells to show shared mem status and then exit.
-d arg tells to show debug info. Multiple -d args for more debug info
-h --help shows this message
To get help from the Valgrind gdbserver, use vgdb help
0x10 Valgrind的用法示例
:~# coming soon
原文来自:https://www.hackfun.org/kali-tools/valgrind_zh.html。转载请注明原出处,商用请联系原作者授权。