jingleyang
commented
5 years ago hi, 文件行为的判定标准是syscall open(), 系统在load ELF文件的时候,会加载so文件,这些都是通过open系统调用打开句柄,然后加载到内存的,所以有文件行为。 Because showing File IO behaviors is linked with syscall open(). When a ELF file is loaded, many defaults so files will be mapped into memory by calling open(). Thanks
thinkycx
The result is from https://habo.qq.com/ and the ELF source code is in the picture. Why the habo has "文件行为"?