syscalltrack Tux

SourceForge Logo

Examples

sctrace of vi while also logging systemwide open calls

Here's a session log, from uploading this rule file:

rule {
     syscall_name = open
     when = before
     action { type = LOG }
}

which tells syscalltrack to log every open system call made on the system, and then running 'sctrace vi filename', to log every system call the 'vi' process makes.

syscall: 2980["bash"]: 5_open("/usr/local/bin/", 100352, 0) (rule 1)
syscall: 2980["bash"]: 5_open("/usr/local/bin/", 100352, 0) (rule 1)
syscall: 2980["bash"]: 5_open("/home/mulix/bin/", 100352, 0) (rule 1)
syscall: 2980["bash"]: 5_open("/usr/local/bin/", 100352, 0) (rule 1)
syscall: 2980["bash"]: 5_open("/usr/bin/", 100352, 0) (rule 1)
syscall: 2980["bash"]: 5_open("/bin/", 100352, 0) (rule 1)
syscall: 2980["bash"]: 5_open("/usr/sbin/", 100352, 0) (rule 1)
syscall: 2980["bash"]: 5_open("/sbin/", 100352, 0) (rule 1)
syscall: 2980["bash"]: 5_open("/usr/local/bin/", 100352, 0) (rule 1)
syscall: 2980["bash"]: 5_open("/usr/X11R6/bin/", 100352, 0) (rule 1)
syscall: 8088["sctrace"]: 5_open("/etc/ld.so.preload", 0, 8) (rule 1)
syscall: 8088["sctrace"]: 5_open("/etc/ld.so.cache", 0, 0) (rule 1)
syscall: 8088["sctrace"]: 5_open("/usr/lib/libstdc++-libc6.2-2.so.3", 0, 60104)
(rule 1)
syscall: 8088["sctrace"]: 5_open("/lib/i686/libm.so.6", 0, 60088) (rule 1)
syscall: 8088["sctrace"]: 5_open("/lib/i686/libc.so.6", 0, 60072) (rule 1)
syscall: 8088["sctrace"]: 5_open("/usr/local/etc/syscalltrack/syscalls.dat",
32768, 0) (rule 1)
syscall: 8088["sctrace"]: 5_open("/proc/modules", 0, 438) (rule 1)
syscall: 8088["sctrace"]: 5_open("/dev/sct_ctrl", 2, 61704) (rule 1)
[... snipped for brevity]
syscall: 8089["sctrace"]: 6_close(4) (rule 0)
syscall: 8089["sctrace"]: 3_read(3, "g", 1) (rule 0)
syscall: 8089["sctrace"]: 11_execve("/bin/vi", bffff868, bffff874) (rule 0)
syscall: 8089["vi"]: 122_newuname(new_utsname{c6b81df8, c6b81e39, c6b81e7a,
c6b81ebb, c6b81efc, c6b81f3d}) (rule 0)
syscall: 8089["vi"]: 45_brk(00000000) (rule 0)
syscall: 8089["vi"]: 5_open("/etc/ld.so.preload", 0, 8) (rule 1)
syscall: 8089["vi"]: 5_open("/etc/ld.so.preload", 0, 8) (rule 0)
syscall: 8089["vi"]: 5_open("/etc/ld.so.cache", 0, 0) (rule 1)
syscall: 8089["vi"]: 5_open("/etc/ld.so.cache", 0, 0) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 242601, 33188, 1, 0,
0, 0, c6b81f42, 60445, 4096, 128, 0, 1043773391, 0, 1032070873, 0, 1032070873,
0, 242601}, -961011936) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{0, 60445, 1, 2, 4, 0}) (rule
0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/lib/libtermcap.so.2", 0, 60136) (rule 1)
syscall: 8089["vi"]: 5_open("/lib/libtermcap.so.2", 0, 60136) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\127ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0°\13\0\04\0\0\0 *\0\0\0\0\0\04\0
\0\3\0(\0\23\0\22\0\1\0\0\0\0\0\0\0\0\0\0\0\...", 1024) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 512160, 33261, 1, 0,
0, 0, c6b81f42, 11832, 4096, 24, 0, 1043773391, 0, 994726679, 0, 1021546388, 0,
512160}, -961011936) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{0, 14932, 5, 2, 4, 0}) (rule
0)
syscall: 8089["vi"]: 125_mprotect(1073897472, 2644, 0) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{1073897472, 4096, 3, 18, 4,
8192}) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/lib/libdl.so.2", 0, 60120) (rule 1)
syscall: 8089["vi"]: 5_open("/lib/libdl.so.2", 0, 60120) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\127ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0ð\25\0\04\0\0\0
\31\0\0\0\0\0\04\0 \0\6\0(\0\27\0\24\0\6\0\0\04\0\0\04\0\0\04...", 1024) (rule
0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 512064, 33261, 1, 0,
0, 0, c6b81f42, 12102, 4096, 24, 0, 1043773391, 0, 1018877273, 0, 1021546058,
0, 512064}, -961011936) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{0, 4096, 3, 34, 4294967295,
0}) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{0, 11640, 5, 2, 4, 0}) (rule
0)
syscall: 8089["vi"]: 125_mprotect(1073913856, 3448, 0) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{1073913856, 4096, 3, 18, 4,
4096}) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/lib/i686/libc.so.6", 0, 60104) (rule 1)
syscall: 8089["vi"]: 5_open("/lib/i686/libc.so.6", 0, 60104) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\127ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`u\1B4\0\0\08c\19\0\0\0\0\04\0
\0\6\0(\03\00\0\6\0\0\04\0\0\04\0\0B4\0\0BÀ\0\...", 1024) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 384039, 33261, 1, 0,
0, 0, c6b81f42, 1401027, 4096, 2752, 0, 1043773391, 0, 1018877273, 0,
1021546058, 0, 384039}, -961011936) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{1107296256, 1264928, 5, 2, 4,
0}) (rule 0)
syscall: 8089["vi"]: 125_mprotect(1108525056, 36128, 0) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{1108525056, 20480, 3, 18, 4,
1228800}) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{1108545536, 15648, 3, 50,
4294967295, 0}) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 91_munmap(1073823744, 60445) (rule 0)
syscall: 8089["vi"]: 45_brk(00000000) (rule 0)
syscall: 8089["vi"]: 45_brk(080a8c40) (rule 0)
syscall: 8089["vi"]: 45_brk(080a9000) (rule 0)
syscall: 8089["vi"]: 191_getrlimit(3, rlimit{8388608, 4294967295}) (rule 0)
syscall: 8089["vi"]: 45_brk(080ac000) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/share/locale/locale.alias", 0, 438) (rule 1)
syscall: 8089["vi"]: 5_open("/usr/share/locale/locale.alias", 0, 438) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 480006, 33188, 1, 0,
0, 0, c6b81f42, 2601, 4096, 8, 0, 1043773366, 0, 1018879009, 0, 1021545977, 0,
480006}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 4096, 3, 34, 4294967295, 0) (rule 0)
syscall: 8089["vi"]: 3_read(4, "# Locale name alias data base.\10# Copyright
(C) 1996,1997,1998,1999,2000,2001 Free Software Foundation, Inc.\10#\10# This
p...", 4096) (rule 0)
syscall: 8089["vi"]: 45_brk(080ad000) (rule 0)
syscall: 8089["vi"]: 3_read(4, "# Locale name alias data base.\10# Copyright
(C) 1996,1997,1998,1999,2000,2001 Free Software Foundation, Inc.\10#\10# This
p...", 4096) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 91_munmap(1073823744, 4096) (rule 0)
syscall: 8089["vi"]:
5_open("/usr/lib/locale/en_US.iso885915/LC_IDENTIFICATION", 0, 0) (rule 1)
syscall: 8089["vi"]:
5_open("/usr/lib/locale/en_US.iso885915/LC_IDENTIFICATION", 0, 0) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96006, 33188, 1, 0,
0, 0, c6b81f42, 371, 4096, 8, 0, 1043773366, 0, 1018879101, 0, 1021545975, 0,
96006}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 371, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/gconv/gconv-modules.cache", 0, 62616)
(rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/gconv/gconv-modules.cache", 0, 62616)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 368233, 33188, 1, 0,
0, 0, c6b81f42, 20666, 4096, 48, 0, 1043773366, 0, 1021546060, 0, 1021546060,
0, 368233}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 20666, 1, 1, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_MEASUREMENT",
0, 0) (rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_MEASUREMENT",
0, 0) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96007, 33188, 1, 0,
0, 0, c6b81f42, 29, 4096, 8, 0, 1043773366, 0, 1018879101, 0, 1021545975, 0,
96007}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 29, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_TELEPHONE", 0,
0) (rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_TELEPHONE", 0,
0) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96011, 33188, 1, 0,
0, 0, c6b81f42, 65, 4096, 8, 0, 1043773366, 0, 1018879101, 0, 1021545975, 0,
96011}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 65, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_ADDRESS", 0, 0)
(rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_ADDRESS", 0, 0)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96005, 33188, 1, 0,
0, 0, c6b81f42, 161, 4096, 8, 0, 1043773366, 0, 1018879101, 0, 1021545975, 0,
96005}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 161, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_NAME", 0, 0)
(rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_NAME", 0, 0)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96009, 33188, 1, 0,
0, 0, c6b81f42, 83, 4096, 8, 0, 1043773366, 0, 1018879101, 0, 1021545975, 0,
96009}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 83, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_PAPER", 0, 0)
(rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_PAPER", 0, 0)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96010, 33188, 1, 0,
0, 0, c6b81f42, 40, 4096, 8, 0, 1043773366, 0, 1018879101, 0, 1021545975, 0,
96010}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 40, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_MESSAGES", 0,
0) (rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_MESSAGES", 0,
0) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 144002, 16877, 2, 0,
0, 0, c6b81f42, 4096, 4096, 8, 0, 1043719653, 0, 1021545980, 0, 1021545980, 0,
144002}, -961011936) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]:
5_open("/usr/lib/locale/en_US.iso885915/LC_MESSAGES/SYS_LC_MESSAGES", 0, 12)
(rule 1)
syscall: 8089["vi"]:
5_open("/usr/lib/locale/en_US.iso885915/LC_MESSAGES/SYS_LC_MESSAGES", 0, 12)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 144048, 33188, 3, 0,
0, 0, c6b81f42, 58, 4096, 8, 0, 1043773366, 0, 1018879096, 0, 1021545980, 0,
144048}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 58, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_MONETARY", 0,
0) (rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_MONETARY", 0,
0) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96008, 33188, 1, 0,
0, 0, c6b81f42, 292, 4096, 8, 0, 1043773366, 0, 1018879101, 0, 1021545975, 0,
96008}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 292, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_COLLATE", 0, 0)
(rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_COLLATE", 0, 0)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96018, 33188, 3, 0,
0, 0, c6b81f42, 22592, 4096, 48, 0, 1043773366, 0, 1018879089, 0, 1021545980,
0, 96018}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 22592, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 45_brk(080ae000) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_TIME", 0, 0)
(rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_TIME", 0, 0)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96012, 33188, 1, 0,
0, 0, c6b81f42, 2457, 4096, 8, 0, 1043773366, 0, 1018879101, 0, 1021545975, 0,
96012}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 2457, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_NUMERIC", 0, 0)
(rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_NUMERIC", 0, 0)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96017, 33188, 3, 0,
0, 0, c6b81f42, 60, 4096, 8, 0, 1043773366, 0, 1018879096, 0, 1021545980, 0,
96017}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 60, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_CTYPE", 0, 0)
(rule 1)
syscall: 8089["vi"]: 5_open("/usr/lib/locale/en_US.iso885915/LC_CTYPE", 0, 0)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 96019, 33188, 3, 0,
0, 0, c6b81f42, 173680, 4096, 352, 0, 1043773366, 0, 1018879088, 0, 1021545981,
0, 96019}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 173680, 1, 2, 4, 0) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 54_ioctl(1, 21505, 3221223024) (rule 0)
syscall: 8089["vi"]: 183_getcwd("/root", 1024) (rule 0)
syscall: 8089["vi"]: 12_chdir("/root") (rule 0)
syscall: 8089["vi"]: 183_getcwd("/root", 1025) (rule 0)
syscall: 8089["vi"]: 12_chdir("/root") (rule 0)
syscall: 8089["vi"]: 116_sysinfo(sysinfo{2975, c6b81f4c, 254087168, 47857664,
0, 20942848, 789585920, 789585920, 57, 0, 0, 0, 1, c6b81f80}) (rule 0)
syscall: 8089["vi"]: 191_getrlimit(2, rlimit{4294967295, 4294967295}) (rule 0)
syscall: 8089["vi"]: 45_brk(080af000) (rule 0)
syscall: 8089["vi"]: 5_open(".", 32768, 0) (rule 1)
syscall: 8089["vi"]: 5_open(".", 32768, 0) (rule 0)
syscall: 8089["vi"]: 133_fchdir(4) (rule 0)
syscall: 8089["vi"]: 12_chdir("/tmp") (rule 0)
syscall: 8089["vi"]: 183_getcwd("/tmp", 1024) (rule 0)
syscall: 8089["vi"]: 133_fchdir(4) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 195_stat64("/tmp/r", stat64{774, c6b81f22, 227505, 33204,
1, 500, 500, 0, c6b81f42, 80, 4096, 8, 0, 1043773382, 0, 1043773268, 0,
1043773268, 0, 227505}, -961011936) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(28, bffff4b0, bffff420, 8) (rule 0)
syscall: 8089["vi"]: 175_rt_sigprocmask(1, bffff570, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(20, bffff4b0, bffff420, 8) (rule 0)
syscall: 8089["vi"]: 175_rt_sigprocmask(1, bffff570, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(13, bffff4b0, bffff420, 8) (rule 0)
syscall: 8089["vi"]: 175_rt_sigprocmask(1, bffff570, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(2, bffff4b0, bffff420, 8) (rule 0)
syscall: 8089["vi"]: 175_rt_sigprocmask(1, bffff570, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(14, bffff4b0, bffff420, 8) (rule 0)
syscall: 8089["vi"]: 175_rt_sigprocmask(1, bffff570, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(30, bffff4b0, bffff420, 8) (rule 0)
syscall: 8089["vi"]: 175_rt_sigprocmask(1, bffff570, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(1, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(3, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(4, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(5, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(6, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(8, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(7, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(11, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(31, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(15, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(26, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(27, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(24, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(25, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(10, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 174_rt_sigaction(12, bffff5b0, 00000000, 8) (rule 0)
syscall: 8089["vi"]: 54_ioctl(0, 21505, 3221223040) (rule 0)
syscall: 8089["vi"]: 45_brk(080b0000) (rule 0)
syscall: 8089["vi"]: 5_open("/etc/termcap", 0, 438) (rule 1)
syscall: 8089["vi"]: 5_open("/etc/termcap", 0, 438) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 240088, 33188, 1, 0,
0, 0, c6b81f42, 737535, 4096, 1456, 0, 1043773334, 0, 995630903, 0, 1021546380,
0, 240088}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 4096, 3, 34, 4294967295, 0) (rule 0)
syscall: 8089["vi"]: 140_llseek(4, 0, 0, bfffdaf0, 0) (rule 0)
syscall: 8089["vi"]: 3_read(4, "######## TERMINAL TYPE DESCRIPTIONS SOURCE
FILE\10#\10# This version of terminfo.src is distributed with ncurses.\10#
Report...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "GHTS AND OTHER DELUSIONS below). Much
information\10# comes from vendors who maintain official terminfos for their
hardware...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "equest (equiv. to VT100/ANSI/ECMA-48 DSR
6)\10#\9u6\9cursor position report (equiv. to ANSI/ECMA-48 CPR)\10#\10# The
termina...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "ill merely succeed in looking like a fool. \10#
Use it as you like. Use it at your own risk. Copy and redistribute
freely....", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"E[7m:\\10\9:..sa=\E[0;10%?%p1%t;7%;%?%p2%t;4%;%?%p3%t;7%;%?%p4%t;5%;%?%p6%t;1%;
%?%p7%t;8%;%?%p9%t;12%;m:\\10\9:se=\E[m:so=\E...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "entry on one verified terminal (Visual
102).\10# I would appreciate the results on other terminals sent to me.\10#\10#
Pleas...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"c=ansi+local:\\10\9:tc=ansi+idc:tc=ansi+idl:tc=ansi+rep:tc=ansi+sgrbold:\\10\9:
tc=ansi+arrows:\10\10#### DOS ANSI.SYS varian...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "=^I. This entry, in *\10# * response to user
requests, assumes kcbt=\E[Z, the ANSI/ECMA reverse-tab *\10# * character.
He...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "f@:tc=linux:\10linux-c-nc|linux console 1.3.x
hack for ncurses
only:\\10\9:cc:\\10\9:..Ic=\E]P%p1%x%p2%{255}%*%{1000}%/%02x%...", 4096) (rule
0)
syscall: 8089["vi"]: 3_read(4,
":ce=\E[m\E[K:\\10\9:cl=\E[2J\E[H:cm=\E[%i%d;%dH:dc=\E[P:dl=\E[M:do=\E[B:ei=:\\1
0\9:ho=\E[H:ic=\E[@:im=:k1=\E[M:k2=\E[N:k3=\E...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "inful on the UNIX PC, since\10# there are two
sequences for every key-modifier combination (local keyboard\10# sequence and
...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"C:\\10\9:UP=\E[%dA:al=\E[L:bl=^G:bt=\E^I:cd=\E[0J:ce=\E[0K:\\10\9:cl=\E[2J\E[H:
cm=\E[%i%d;%dH:cr=^M:dc=\E[P:dl=\E[M:\\10\9:d...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "d a duplicate\10# ":kh=\E[Y:". Added IBM-PC
forms characters and highlights, they match\10# what was there before. --
esr)\...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
">7l:Zd=\E[>6l:Zf=\E[>1h:Zg=\E[>1h:\\10\9:Zh=\E[>1h\E[>9l:Zi=\E[>6h:i1=\E[0t:tc=
qansi:\10#\10qansi-w|QNX ansi for windows:\\1...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"kr=\E[C:ks=\E[?1h\E=:\\10\9:ku=\E[A:le=^H:mb=\E[5m:md=\E[1m:me=\E[m\017:mk=\E[8
m:\\10\9:mr=\E[7m:nd=\E[C:rc=\E8:\\10\9:rs=\E...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"5:pa#64:\\10\9:@7=\E[F:AB=\E[4%dm:AF=\E[3%dm:AL=\E[%dL:DC=\E[%dP:\\10\9:DL=\E[%
dM:DO=\E[%dB:F1=\E[W:F2=\E[X:IC=\E[%d@:K2=\E[...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "rsion 1.1, 2.0, 2.1\10# Note, the emulator
supports many of the additional console features\10# listed in the iBCS2 (e.g.
ch...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "The VT100 series terminals have cursor
("arrows") keys which can operate\10# in two different modes: Cursor Mode and
Applica...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "\10# \10# Scroll 0-Jump Shifted
3 0-#\10# | 1-Smooth | 1-British pound
sign\10#...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "PC comm programs that pretend to be
`vt100-compatible'\10# fail to interpret the ^O and ^N escapes properly.
Symptom: the :...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"EE:pf=\E[4i:po=\E[5i:ps=\E[i:r1=\E[?3l:rc=\E8:sc=\E7:\\10\9:se=\E[27m:sf=\ED:so
=\E[7m:sr=\EM:st=\EH:ta=^I:ue=\E[24m:\\10\9:u...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "v is same as tab - Backtab is useless...\10# I
left out :sa: because of its RIDICULOUS complexity,\10# and the resulting
fac...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\E[C:nw=^M\ED:\\10\9:r1=\E[?3l:rc=\E8:rf=/usr/share/tabset/vt300:sc=\E7:\\10\9:
se=\E[27m:sf=\ED:so=\E[7m:sr=\EM:st=\EH:ta=^I...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "st be the hexadecimal equivalent, e.g.,
"5052494E" for "PRINT". \10# There's no provision in terminfo for emitting a
string ...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"18~:k7=\E[19~:k8=\E[20~:\\10\9:k9=\E[21~:k;=\E[29~:kD=\E[3~:kI=\E[2~:kN=\E[6~:k
P=\E[5~:\\10\9:kb=^H:kd=\E[B:kl=\E[D:kr=\E[C:...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\303u\264v\301w\302x\263y\363z\362{\343|\330}\234~\376:\\10\9:al=\E[L:cb=\E[1K:
cd=\E[J:ce=\E[K:ch=\E[%i%dG:cl=\E[H\E[J:\\10\...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "e editing keypad. Sun and PC\10# keyboards
have an editing keypad which is similar to the vt220:\10#\10# VT220 editing
...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "xterm" variations (XFree86\10# xterm,
color_xterm, nxterm, rxvt):\10xterm-color|generic "ANSI" color xterm (X Window
System)...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"sr=\215:\\10\9:st=\210:ta=^I:te=\233?1047l\233?1048l:\\10\9:ti=\233?1048h\233?1
047h:ue=\23324m:up=\233A:us=\2334m:\\10\9:vb=...", 4096) (rule 0)
syscall: 8089["vi"]: 140_llseek(4, 0, 0, bfffdaf0, 0) (rule 0)
syscall: 8089["vi"]: 3_read(4, "######## TERMINAL TYPE DESCRIPTIONS SOURCE
FILE\10#\10# This version of terminfo.src is distributed with ncurses.\10#
Report...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "GHTS AND OTHER DELUSIONS below). Much
information\10# comes from vendors who maintain official terminfos for their
hardware...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "equest (equiv. to VT100/ANSI/ECMA-48 DSR
6)\10#\9u6\9cursor position report (equiv. to ANSI/ECMA-48 CPR)\10#\10# The
termina...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "ill merely succeed in looking like a fool. \10#
Use it as you like. Use it at your own risk. Copy and redistribute
freely....", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"E[7m:\\10\9:..sa=\E[0;10%?%p1%t;7%;%?%p2%t;4%;%?%p3%t;7%;%?%p4%t;5%;%?%p6%t;1%;
%?%p7%t;8%;%?%p9%t;12%;m:\\10\9:se=\E[m:so=\E...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "entry on one verified terminal (Visual
102).\10# I would appreciate the results on other terminals sent to me.\10#\10#
Pleas...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"c=ansi+local:\\10\9:tc=ansi+idc:tc=ansi+idl:tc=ansi+rep:tc=ansi+sgrbold:\\10\9:
tc=ansi+arrows:\10\10#### DOS ANSI.SYS varian...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "=^I. This entry, in *\10# * response to user
requests, assumes kcbt=\E[Z, the ANSI/ECMA reverse-tab *\10# * character.
He...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "f@:tc=linux:\10linux-c-nc|linux console 1.3.x
hack for ncurses
only:\\10\9:cc:\\10\9:..Ic=\E]P%p1%x%p2%{255}%*%{1000}%/%02x%...", 4096) (rule
0)
syscall: 8089["vi"]: 3_read(4,
":ce=\E[m\E[K:\\10\9:cl=\E[2J\E[H:cm=\E[%i%d;%dH:dc=\E[P:dl=\E[M:do=\E[B:ei=:\\1
0\9:ho=\E[H:ic=\E[@:im=:k1=\E[M:k2=\E[N:k3=\E...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "inful on the UNIX PC, since\10# there are two
sequences for every key-modifier combination (local keyboard\10# sequence and
...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"C:\\10\9:UP=\E[%dA:al=\E[L:bl=^G:bt=\E^I:cd=\E[0J:ce=\E[0K:\\10\9:cl=\E[2J\E[H:
cm=\E[%i%d;%dH:cr=^M:dc=\E[P:dl=\E[M:\\10\9:d...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "d a duplicate\10# ":kh=\E[Y:". Added IBM-PC
forms characters and highlights, they match\10# what was there before. --
esr)\...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
">7l:Zd=\E[>6l:Zf=\E[>1h:Zg=\E[>1h:\\10\9:Zh=\E[>1h\E[>9l:Zi=\E[>6h:i1=\E[0t:tc=
qansi:\10#\10qansi-w|QNX ansi for windows:\\1...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"kr=\E[C:ks=\E[?1h\E=:\\10\9:ku=\E[A:le=^H:mb=\E[5m:md=\E[1m:me=\E[m\017:mk=\E[8
m:\\10\9:mr=\E[7m:nd=\E[C:rc=\E8:\\10\9:rs=\E...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"5:pa#64:\\10\9:@7=\E[F:AB=\E[4%dm:AF=\E[3%dm:AL=\E[%dL:DC=\E[%dP:\\10\9:DL=\E[%
dM:DO=\E[%dB:F1=\E[W:F2=\E[X:IC=\E[%d@:K2=\E[...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "rsion 1.1, 2.0, 2.1\10# Note, the emulator
supports many of the additional console features\10# listed in the iBCS2 (e.g.
ch...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "The VT100 series terminals have cursor
("arrows") keys which can operate\10# in two different modes: Cursor Mode and
Applica...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "\10# \10# Scroll 0-Jump Shifted
3 0-#\10# | 1-Smooth | 1-British pound
sign\10#...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "PC comm programs that pretend to be
`vt100-compatible'\10# fail to interpret the ^O and ^N escapes properly.
Symptom: the :...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"EE:pf=\E[4i:po=\E[5i:ps=\E[i:r1=\E[?3l:rc=\E8:sc=\E7:\\10\9:se=\E[27m:sf=\ED:so
=\E[7m:sr=\EM:st=\EH:ta=^I:ue=\E[24m:\\10\9:u...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "v is same as tab - Backtab is useless...\10# I
left out :sa: because of its RIDICULOUS complexity,\10# and the resulting
fac...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\E[C:nw=^M\ED:\\10\9:r1=\E[?3l:rc=\E8:rf=/usr/share/tabset/vt300:sc=\E7:\\10\9:
se=\E[27m:sf=\ED:so=\E[7m:sr=\EM:st=\EH:ta=^I...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "st be the hexadecimal equivalent, e.g.,
"5052494E" for "PRINT". \10# There's no provision in terminfo for emitting a
string ...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"18~:k7=\E[19~:k8=\E[20~:\\10\9:k9=\E[21~:k;=\E[29~:kD=\E[3~:kI=\E[2~:kN=\E[6~:k
P=\E[5~:\\10\9:kb=^H:kd=\E[B:kl=\E[D:kr=\E[C:...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\303u\264v\301w\302x\263y\363z\362{\343|\330}\234~\376:\\10\9:al=\E[L:cb=\E[1K:
cd=\E[J:ce=\E[K:ch=\E[%i%dG:cl=\E[H\E[J:\\10\...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "e editing keypad. Sun and PC\10# keyboards
have an editing keypad which is similar to the vt220:\10#\10# VT220 editing
...", 4096) (rule 0)
syscall: 8089["vi"]: 140_llseek(4, 0, 0, bfffdaf0, 0) (rule 0)
syscall: 8089["vi"]: 3_read(4, "######## TERMINAL TYPE DESCRIPTIONS SOURCE
FILE\10#\10# This version of terminfo.src is distributed with ncurses.\10#
Report...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "GHTS AND OTHER DELUSIONS below). Much
information\10# comes from vendors who maintain official terminfos for their
hardware...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "equest (equiv. to VT100/ANSI/ECMA-48 DSR
6)\10#\9u6\9cursor position report (equiv. to ANSI/ECMA-48 CPR)\10#\10# The
termina...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "ill merely succeed in looking like a fool. \10#
Use it as you like. Use it at your own risk. Copy and redistribute
freely....", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"E[7m:\\10\9:..sa=\E[0;10%?%p1%t;7%;%?%p2%t;4%;%?%p3%t;7%;%?%p4%t;5%;%?%p6%t;1%;
%?%p7%t;8%;%?%p9%t;12%;m:\\10\9:se=\E[m:so=\E...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "entry on one verified terminal (Visual
102).\10# I would appreciate the results on other terminals sent to me.\10#\10#
Pleas...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"c=ansi+local:\\10\9:tc=ansi+idc:tc=ansi+idl:tc=ansi+rep:tc=ansi+sgrbold:\\10\9:
tc=ansi+arrows:\10\10#### DOS ANSI.SYS varian...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "=^I. This entry, in *\10# * response to user
requests, assumes kcbt=\E[Z, the ANSI/ECMA reverse-tab *\10# * character.
He...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "f@:tc=linux:\10linux-c-nc|linux console 1.3.x
hack for ncurses
only:\\10\9:cc:\\10\9:..Ic=\E]P%p1%x%p2%{255}%*%{1000}%/%02x%...", 4096) (rule
0)
syscall: 8089["vi"]: 3_read(4,
":ce=\E[m\E[K:\\10\9:cl=\E[2J\E[H:cm=\E[%i%d;%dH:dc=\E[P:dl=\E[M:do=\E[B:ei=:\\1
0\9:ho=\E[H:ic=\E[@:im=:k1=\E[M:k2=\E[N:k3=\E...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "inful on the UNIX PC, since\10# there are two
sequences for every key-modifier combination (local keyboard\10# sequence and
...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"C:\\10\9:UP=\E[%dA:al=\E[L:bl=^G:bt=\E^I:cd=\E[0J:ce=\E[0K:\\10\9:cl=\E[2J\E[H:
cm=\E[%i%d;%dH:cr=^M:dc=\E[P:dl=\E[M:\\10\9:d...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "d a duplicate\10# ":kh=\E[Y:". Added IBM-PC
forms characters and highlights, they match\10# what was there before. --
esr)\...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
">7l:Zd=\E[>6l:Zf=\E[>1h:Zg=\E[>1h:\\10\9:Zh=\E[>1h\E[>9l:Zi=\E[>6h:i1=\E[0t:tc=
qansi:\10#\10qansi-w|QNX ansi for windows:\\1...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"kr=\E[C:ks=\E[?1h\E=:\\10\9:ku=\E[A:le=^H:mb=\E[5m:md=\E[1m:me=\E[m\017:mk=\E[8
m:\\10\9:mr=\E[7m:nd=\E[C:rc=\E8:\\10\9:rs=\E...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"5:pa#64:\\10\9:@7=\E[F:AB=\E[4%dm:AF=\E[3%dm:AL=\E[%dL:DC=\E[%dP:\\10\9:DL=\E[%
dM:DO=\E[%dB:F1=\E[W:F2=\E[X:IC=\E[%d@:K2=\E[...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "rsion 1.1, 2.0, 2.1\10# Note, the emulator
supports many of the additional console features\10# listed in the iBCS2 (e.g.
ch...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "The VT100 series terminals have cursor
("arrows") keys which can operate\10# in two different modes: Cursor Mode and
Applica...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "\10# \10# Scroll 0-Jump Shifted
3 0-#\10# | 1-Smooth | 1-British pound
sign\10#...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "PC comm programs that pretend to be
`vt100-compatible'\10# fail to interpret the ^O and ^N escapes properly.
Symptom: the :...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"EE:pf=\E[4i:po=\E[5i:ps=\E[i:r1=\E[?3l:rc=\E8:sc=\E7:\\10\9:se=\E[27m:sf=\ED:so
=\E[7m:sr=\EM:st=\EH:ta=^I:ue=\E[24m:\\10\9:u...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "v is same as tab - Backtab is useless...\10# I
left out :sa: because of its RIDICULOUS complexity,\10# and the resulting
fac...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\E[C:nw=^M\ED:\\10\9:r1=\E[?3l:rc=\E8:rf=/usr/share/tabset/vt300:sc=\E7:\\10\9:
se=\E[27m:sf=\ED:so=\E[7m:sr=\EM:st=\EH:ta=^I...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "st be the hexadecimal equivalent, e.g.,
"5052494E" for "PRINT". \10# There's no provision in terminfo for emitting a
string ...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"18~:k7=\E[19~:k8=\E[20~:\\10\9:k9=\E[21~:k;=\E[29~:kD=\E[3~:kI=\E[2~:kN=\E[6~:k
P=\E[5~:\\10\9:kb=^H:kd=\E[B:kl=\E[D:kr=\E[C:...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\303u\264v\301w\302x\263y\363z\362{\343|\330}\234~\376:\\10\9:al=\E[L:cb=\E[1K:
cd=\E[J:ce=\E[K:ch=\E[%i%dG:cl=\E[H\E[J:\\10\...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "e editing keypad. Sun and PC\10# keyboards
have an editing keypad which is similar to the vt220:\10#\10# VT220 editing
...", 4096) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 91_munmap(1074122752, 4096) (rule 0)
syscall: 8089["vi"]: 54_ioctl(0, 21523, 3221220936) (rule 0)
syscall: 8089["vi"]: 45_brk(080b1000) (rule 0)
syscall: 8089["vi"]: 54_ioctl(0, 21505, 3221220928) (rule 0)
syscall: 8089["vi"]: 54_ioctl(1, 21523, 3221221040) (rule 0)
syscall: 8089["vi"]: 45_brk(080b2000) (rule 0)
syscall: 8089["vi"]: 54_ioctl(1, 21523, 3221223216) (rule 0)
syscall: 8089["vi"]: 195_stat64("/usr/share/vim/vim61/macros/vimrc",
stat64{774, c6b81f22, 480341, 33188, 1, 0, 0, 0, c6b81f42, 3644, 4096, 8, 0,
1043773334, 0, 1017271213, 0, 1021546725, 0, 480341}, -961011936) (rule 0)
syscall: 8089["vi"]: 5_open("/usr/share/vim/vim61/macros/vimrc", 32768, 0)
(rule 1)
syscall: 8089["vi"]: 5_open("/usr/share/vim/vim61/macros/vimrc", 32768, 0)
(rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 480341, 33188, 1, 0,
0, 0, c6b81f42, 3644, 4096, 8, 0, 1043773334, 0, 1017271213, 0, 1021546725, 0,
480341}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 4096, 3, 34, 4294967295, 0) (rule 0)
syscall: 8089["vi"]: 3_read(4, "if v:lang =~ "^ko"\10 set
fileencodings=euc-kr\10 set
guifontset=-*-*-medium-r-normal--16-*-*-*-*-*-*-*\10elseif v:lang ...", 4096)
(rule 0)
syscall: 8089["vi"]: 3_read(4, "if v:lang =~ "^ko"\10 set
fileencodings=euc-kr\10 set
guifontset=-*-*-medium-r-normal--16-*-*-*-*-*-*-*\10elseif v:lang ...", 4096)
(rule 0)
syscall: 8089["vi"]: 3_read(4, "if v:lang =~ "^ko"\10 set
fileencodings=euc-kr\10 set
guifontset=-*-*-medium-r-normal--16-*-*-*-*-*-*-*\10elseif v:lang ...", 4096)
(rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 91_munmap(1074122752, 4096) (rule 0)
syscall: 8089["vi"]: 195_stat64("/root/.vimrc", stat64{774, c6b81f22, 34901,
33188, 1, 500, 500, 0, c6b81f42, 1619, 4096, 8, 0, 1043773334, 0, 1021616044,
0, 1021616177, 0, 34901}, -961011936) (rule 0)
syscall: 8089["vi"]: 5_open("/root/.vimrc", 32768, 0) (rule 1)
syscall: 8089["vi"]: 5_open("/root/.vimrc", 32768, 0) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 34901, 33188, 1, 500,
500, 0, c6b81f42, 1619, 4096, 8, 0, 1043773334, 0, 1021616044, 0, 1021616177,
0, 34901}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 4096, 3, 34, 4294967295, 0) (rule 0)
syscall: 8089["vi"]: 3_read(4, "" An example for a gvimrc file.\10" The
commands in this are executed when the GUI is started.\10"\10"
Maintainer:\9Bram Moo...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "" An example for a gvimrc file.\10" The
commands in this are executed when the GUI is started.\10"\10"
Maintainer:\9Bram Moo...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "" An example for a gvimrc file.\10" The
commands in this are executed when the GUI is started.\10"\10"
Maintainer:\9Bram Moo...", 4096) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 91_munmap(1074122752, 4096) (rule 0)
syscall: 8089["vi"]: 4_write(1, "\27[23;1H\27[K", 10) (rule 0)
syscall: 8089["vi"]: 54_ioctl(0, 21505, 3221223008) (rule 0)
syscall: 8089["vi"]: 54_ioctl(0, 21506, 3221223008) (rule 0)
syscall: 8089["vi"]: 54_ioctl(0, 21505, 3221223008) (rule 0)
syscall: 8089["vi"]: 4_write(1, "\27[?1048h\27[?1047h\27[?1h\27=", 23) (rule 0)
syscall: 8089["vi"]: 45_brk(080b4000) (rule 0)
syscall: 8089["vi"]: 195_stat64("/tmp/r", stat64{774, c6b81f22, 227505, 33204,
1, 500, 500, 0, c6b81f42, 80, 4096, 8, 0, 1043773382, 0, 1043773268, 0,
1043773268, 0, 227505}, -961011936) (rule 0)
syscall: 8089["vi"]: 199_getuid(void) (rule 0)
syscall: 8089["vi"]: 102_socket(1, 1, 0) (rule 0)
syscall: 8089["vi"]: 102_connect(4, sockaddr{1, c6b81f3a}, -961011912) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/etc/nsswitch.conf", 0, 438) (rule 1)
syscall: 8089["vi"]: 5_open("/etc/nsswitch.conf", 0, 438) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 240052, 33188, 1, 0,
0, 0, c6b81f42, 1750, 4096, 8, 0, 1043773334, 0, 1021551226, 0, 1021551226, 0,
240052}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 4096, 3, 34, 4294967295, 0) (rule 0)
syscall: 8089["vi"]: 3_read(4, "#\10# /etc/nsswitch.conf\10#\10# An example
Name Service Switch config file. This file should be\10# sorted with the
most-us...", 4096) (rule 0)
syscall: 8089["vi"]: 3_read(4, "#\10# /etc/nsswitch.conf\10#\10# An example
Name Service Switch config file. This file should be\10# sorted with the
most-us...", 4096) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 91_munmap(1074122752, 4096) (rule 0)
syscall: 8089["vi"]: 5_open("/etc/ld.so.cache", 0, 61392) (rule 1)
syscall: 8089["vi"]: 5_open("/etc/ld.so.cache", 0, 61392) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 242601, 33188, 1, 0,
0, 0, c6b81f42, 60445, 4096, 128, 0, 1043773391, 0, 1032070873, 0, 1032070873,
0, 242601}, -961011936) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{0, 60445, 1, 2, 4, 0}) (rule
0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 5_open("/lib/libnss_files.so.2", 0, 60920) (rule 1)
syscall: 8089["vi"]: 5_open("/lib/libnss_files.so.2", 0, 60920) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"\127ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\29\0\04\0\0\0\16\148\0\0\0\0\
0\04\0 \0\6\0(\0\27\0\24\0\6\0\0\04\0\0\04\0\...", 1024) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 512084, 33261, 1, 0,
0, 0, c6b81f42, 45415, 4096, 96, 0, 1043773391, 0, 1018877273, 0, 1021546058,
0, 512084}, -961011936) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{0, 37848, 5, 2, 4, 0}) (rule
0)
syscall: 8089["vi"]: 125_mprotect(1074221056, 984, 0) (rule 0)
syscall: 8089["vi"]: 90_old_mmap(mmap_arg_struct{1074221056, 4096, 3, 18, 4,
36864}) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 91_munmap(1074122752, 60445) (rule 0)
syscall: 8089["vi"]: 5_open("/etc/passwd", 0, 438) (rule 1)
syscall: 8089["vi"]: 5_open("/etc/passwd", 0, 438) (rule 0)
syscall: 8089["vi"]: 221_fcntl64(4, 1, 0) (rule 0)
syscall: 8089["vi"]: 221_fcntl64(4, 2, 1) (rule 0)
syscall: 8089["vi"]: 197_fstat64(4, stat64{774, c6b81f22, 242987, 33188, 1, 0,
0, 0, c6b81f42, 1542, 4096, 8, 0, 1043773366, 0, 1028261361, 0, 1028261361, 0,
242987}, -961011936) (rule 0)
syscall: 8089["vi"]: 192_mmap2(0, 4096, 3, 34, 4294967295, 0) (rule 0)
syscall: 8089["vi"]: 3_read(4,
"root:x:0:0:root:/root:/bin/bash\10bin:x:1:1:bin:/bin:/sbin/nologin\10daemon:x:2
:2:daemon:/sbin:/sbin/nologin\10adm:x:3:4:adm...", 4096) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 91_munmap(1074122752, 4096) (rule 0)
syscall: 8089["vi"]: 122_newuname(new_utsname{c6b81df8, c6b81e39, c6b81e7a,
c6b81ebb, c6b81efc, c6b81f3d}) (rule 0)
syscall: 8089["vi"]: 20_getpid(void) (rule 0)
syscall: 8089["vi"]: 45_brk(080b6000) (rule 0)
syscall: 8089["vi"]: 195_stat64("/tmp/r", stat64{774, c6b81f22, 227505, 33204,
1, 500, 500, 0, c6b81f42, 80, 4096, 8, 0, 1043773382, 0, 1043773268, 0,
1043773268, 0, 227505}, -961011936) (rule 0)
syscall: 8089["vi"]: 195_stat64("/tmp/r", stat64{774, c6b81f22, 227505, 33204,
1, 500, 500, 0, c6b81f42, 80, 4096, 8, 0, 1043773382, 0, 1043773268, 0,
1043773268, 0, 227505}, -961011936) (rule 0)
syscall: 8089["vi"]: 33_access("/tmp/r", 2) (rule 0)
syscall: 8089["vi"]: 5_open("/tmp/r", 32768, 0) (rule 1)
syscall: 8089["vi"]: 5_open("/tmp/r", 32768, 0) (rule 0)
syscall: 8089["vi"]: 5_open("/tmp/.r.swp", 32768, 0) (rule 1)
syscall: 8089["vi"]: 5_open("/tmp/.r.swp", 32768, 0) (rule 0)
syscall: 8089["vi"]: 5_open("/tmp/.r.swp", 32962, 384) (rule 1)
syscall: 8089["vi"]: 5_open("/tmp/.r.swp", 32962, 384) (rule 0)
syscall: 8089["vi"]: 5_open("/tmp/.r.swpx", 32768, 0) (rule 1)
syscall: 8089["vi"]: 5_open("/tmp/.r.swpx", 32768, 0) (rule 0)
syscall: 8089["vi"]: 5_open("/tmp/.r.swpx", 32962, 384) (rule 1)
syscall: 8089["vi"]: 5_open("/tmp/.r.swpx", 32962, 384) (rule 0)
syscall: 8089["vi"]: 197_fstat64(5, stat64{774, c6b81f22, 227633, 33152, 1, 0,
0, 0, c6b81f42, 0, 4096, 0, 0, 1043773391, 0, 1043773391, 0, 1043773391, 0,
227633}, -961011936) (rule 0)
syscall: 8089["vi"]: 197_fstat64(6, stat64{774, c6b81f22, 227634, 33152, 1, 0,
0, 0, c6b81f42, 0, 4096, 0, 0, 1043773391, 0, 1043773391, 0, 1043773391, 0,
227634}, -961011936) (rule 0)
syscall: 8089["vi"]: 6_close(6) (rule 0)
syscall: 8089["vi"]: 10_unlink("/tmp/.r.swpx") (rule 0)
syscall: 8089["vi"]: 6_close(5) (rule 0)
syscall: 8089["vi"]: 10_unlink("/tmp/.r.swp") (rule 0)
syscall: 8089["vi"]: 195_stat64("/tmp/.r.swp", stat64{57248, c6b81f22,
1073821804, 3221221504, 1073787046, 1073821804, 1107799166, 1, c6b81f42, 1, 72,
1108533152, 1108542220, 134950296, 1108533152, 3221221528, 1107799076,
3221222840, 1073787440, 0}, -961011936) (rule 0)
syscall: 8089["vi"]: 196_lstat64("/tmp/.r.swp", stat64{774, c6b81f22, 227634,
33152, 1, 0, 0, 0, c6b81f42, 0, 4096, 0, 0, 1043773391, 0, 1043773391, 0,
1043773391, 0, 227634}, -961011936) (rule 0)
syscall: 8089["vi"]: 196_lstat64("/tmp/.r.swp", stat64{47055, c6b81f22, 0, 774,
0, 0, 227633, 33152, c6b81f42, 0, 0, 0, 0, 0, 4096, 0, 0, 1043773391, 0,
1043773391}, -961011936) (rule 0)
syscall: 8089["vi"]: 5_open("/tmp/.r.swp", 32962, 384) (rule 1)
syscall: 8089["vi"]: 5_open("/tmp/.r.swp", 32962, 384) (rule 0)
syscall: 8089["vi"]: 140_llseek(5, 0, 0, bffff530, 0) (rule 0)
syscall: 8089["vi"]: 4_write(5, "b0VIM
6.1\0\0\0\0\16\0\0T·6>±x\3\0\153\31\0\0root\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0tea...", 4096) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff4e0, 00000000, bffff460, timeval{0, 0})
(rule 0)
syscall: 8089["vi"]: 4_write(1,
"\27[1;24r\27[?25h\27[?25h\27[27m\27[m\27[H\27[2J\27[?25l\27[23;1H"/tmp/r"",
55) (rule 0)
syscall: 8089["vi"]: 45_brk(080c7000) (rule 0)
syscall: 8089["vi"]: 3_read(4, "(nil", 65536) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff540, 00000000, bffff4c0, timeval{0, 0})
(rule 0)
syscall: 8089["vi"]: 45_brk(080d8000) (rule 0)
syscall: 8089["vi"]: 3_read(4, "(nil", 65536) (rule 0)
syscall: 8089["vi"]: 6_close(4) (rule 0)
syscall: 8089["vi"]: 4_write(1, " 5L, 80C", 8) (rule 0)
syscall: 8089["vi"]: 183_getcwd("/root", 1024) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff520, 00000000, bffff4a0, timeval{0, 0})
(rule 0)
syscall: 8089["vi"]: 4_write(1, "\27[1;1Hrule {\27[2;6Hsyscall_name =
open\27[3;6Hwhen = before\27[4;6Haction { type = LOG
}\13\10}\13\10\27[1m~\13\10~\13\10...", 153) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff3e0, 00000000, bffff360, timeval{2,
280000}) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff3e0, 00000000, bffff360,
timeval{(nil)}) (rule 0)
syscall: 8089["vi"]: 3_read(0,
":\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\...", 250) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff520, 00000000, bffff4a0, timeval{0, 0})
(rule 0)
syscall: 8089["vi"]: 142_select(1, bffff450, 00000000, bffff3d0, timeval{0, 0})
(rule 0)
syscall: 8089["vi"]: 4_write(1,
"\27[?25l\27[m\27[23;1H\27[K\27[23;1H:\27[?25h", 33) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff310, 00000000, bffff290, timeval{3,
840000}) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff310, 00000000, bffff290,
timeval{(nil)}) (rule 0)
syscall: 8089["vi"]: 3_read(0,
"q\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\...", 250) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff450, 00000000, bffff3d0, timeval{0, 0})
(rule 0)
syscall: 8089["vi"]: 142_select(1, bffff450, 00000000, bffff3d0, timeval{0, 0})
(rule 0)
syscall: 8089["vi"]: 4_write(1, "q", 1) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff310, 00000000, bffff290, timeval{3,
520000}) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff310, 00000000, bffff290,
timeval{(nil)}) (rule 0)
syscall: 8089["vi"]: 3_read(0,
"\13\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\...", 250) (rule 0)
syscall: 8089["vi"]: 142_select(1, bffff450, 00000000, bffff3d0, timeval{0, 0})
(rule 0)
syscall: 8089["vi"]: 4_write(1, "\13", 1) (rule 0)
syscall: 8089["vi"]: 4_write(1, "\27[?25l\13\10", 8) (rule 0)
syscall: 8089["vi"]: 54_ioctl(0, 21506, 3221222496) (rule 0)
syscall: 8089["vi"]: 54_ioctl(0, 21505, 3221222496) (rule 0)
syscall: 8089["vi"]: 4_write(1, "\27[?1l\27>", 7) (rule 0)
syscall: 8089["vi"]: 4_write(1, "\27[?25h\27[?1047l\27[?1048l", 22) (rule 0)
syscall: 8089["vi"]: 6_close(5) (rule 0)
syscall: 8089["vi"]: 10_unlink("/tmp/.r.swp") (rule 0)
syscall: 8089["vi"]: 45_brk(080b6000) (rule 0)
syscall: 8089["vi"]: 1_exit(0) (rule 0)
syscall: 8088["sctrace"]: 5_open("/dev/sct_ctrl", 2, 61816) (rule 1)
[...snipped for brevity]
syscall: 8088["sctrace"]: 5_open("/dev/sct_ctrl", 2, 61816) (rule 1)
$Id: examples.html,v 1.9 2003/02/05 22:30:55 mulix Exp $