search

tanelpoder / 0xtools

0x.Tools: X-Ray vision for Linux systems
https://0x.tools
GNU General Public License v2.0
1.41k stars 107 forks source link

unistd_64.h not found #1

Closed ethanpost closed 5 years ago

ethanpost commented 5 years ago

I am running this image in VirtualBox. Runs fine on another machine with VirtualBox but Ubuntu image is 4.15.0-47-generic there and not 46. Python versions are same on both but have not confirmed if same packages available on both.

Any ideas? 

epost@arcshellvm:/media/sf_temp/arcshell/global/bin$ python --version
Python 2.7.15rc1

epost@arcshellvm:/media/sf_temp/arcshell/global/bin$ uname -a
Linux arcshellvm 4.15.0-46-generic #49-Ubuntu SMP Wed Feb 6 09:33:07 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

epost@arcshellvm:/media/sf_temp/arcshell/global/bin$ psn
Traceback (most recent call last):
  File "/media/sf_temp/arcshell/global/bin/psn", line 25, in <module>
    import proc, report
  File "/media/sf_temp/arcshell/global/bin/proc.py", line 276, in <module>
    syscall_id_to_name = get_system_call_names()
  File "/media/sf_temp/arcshell/global/bin/proc.py", line 273, in get_system_call_names
    raise 'unistd_64.h not found'
TypeError: exceptions must be old-style classes or derived from BaseException, not str
tanelpoder commented 5 years ago

Check if you have libc6-dev package installed? (apt-get install libc6-dev). That should provide the .h file.

As system calls are only added in Linux world and never removed & renumbered, the existing syscall numbers remain the same for a platform. So I could copy & paste these numbers to the psnapper code to remove the dependency.

Maybe I’ll do it only for x86_64 platform at first and on other platforms (where syscall numbers are different) would still require the .h.

ethanpost commented 5 years ago

That fixed the issue.

On Fri, Apr 5, 2019 at 6:51 PM Tanel Poder notifications@github.com wrote:

Check if you have libc6-dev package installed? (apt-get install libc6-dev). That should provide the .h file.

As system calls are only added in Linux world and never removed & renumbered, the existing syscall numbers remain the same for a platform. So I could copy & paste these numbers to the psnapper code to remove the dependency.

Maybe I’ll do it only for x86_64 platform at first and on other platforms (where syscall numbers are different) would still require the .h.

On Fri, Apr 5, 2019 at 18:57 Ethan Post notifications@github.com wrote:

I am running this image in VirtualBox. Runs fine on another machine with VirtualBox but Ubuntu image is 4.15.0-47-generic there and not 46. Python versions are same on both but have not confirmed if same packages available on both.

Any ideas?

epost@arcshellvm:/media/sf_temp/arcshell/global/bin$ python --version Python 2.7.15rc1

epost@arcshellvm:/media/sf_temp/arcshell/global/bin$ uname -a Linux arcshellvm 4.15.0-46-generic #49-Ubuntu SMP Wed Feb 6 09:33:07 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

epost@arcshellvm:/media/sf_temp/arcshell/global/bin$ psn Traceback (most recent call last): File "/media/sf_temp/arcshell/global/bin/psn", line 25, in import proc, report File "/media/sf_temp/arcshell/global/bin/proc.py", line 276, in syscall_id_to_name = get_system_call_names() File "/media/sf_temp/arcshell/global/bin/proc.py", line 273, in get_system_call_names raise 'unistd_64.h not found' TypeError: exceptions must be old-style classes or derived from BaseException, not str

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/tanelpoder/psnapper/issues/1, or mute the thread < https://github.com/notifications/unsubscribe-auth/ADd-HfYuRlj7u7IRtLORAjFRSIc6sJH2ks5vd9TKgaJpZM4cf2lY

.

-- Sent from mobile

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/tanelpoder/psnapper/issues/1#issuecomment-480454308, or mute the thread https://github.com/notifications/unsubscribe-auth/AEyTiXxXQ9zxkMORH2VglgtbtKVOBqKOks5vd-GHgaJpZM4cf2lY .

ethanpost commented 5 years ago

Didn't think this would work but had to try :)

epost@arcshellvm:/media/sf_temp/arcshell$ psn -d 1000

Process Snapper sampling stat, cmdline for 1000 seconds... Traceback (most recent call last): File "/media/sf_temp/arcshell/global/bin/psn", line 230, in selected_pids = get_matching_processes(args.pid, args.recursive) File "/media/sf_temp/arcshell/global/bin/psn", line 162, in get_matching_processes for line in os.popen('ps -A -o pid,ppid,comm', 'r').readlines()[1:]: OSError: [Errno 12] Cannot allocate memory

On Fri, Apr 5, 2019 at 8:08 PM Ethan Post post.ethan@gmail.com wrote:

That fixed the issue.

On Fri, Apr 5, 2019 at 6:51 PM Tanel Poder notifications@github.com wrote:

Check if you have libc6-dev package installed? (apt-get install libc6-dev). That should provide the .h file.

As system calls are only added in Linux world and never removed & renumbered, the existing syscall numbers remain the same for a platform. So I could copy & paste these numbers to the psnapper code to remove the dependency.

Maybe I’ll do it only for x86_64 platform at first and on other platforms (where syscall numbers are different) would still require the .h.

On Fri, Apr 5, 2019 at 18:57 Ethan Post notifications@github.com wrote:

I am running this image in VirtualBox. Runs fine on another machine with VirtualBox but Ubuntu image is 4.15.0-47-generic there and not 46. Python versions are same on both but have not confirmed if same packages available on both.

Any ideas?

epost@arcshellvm:/media/sf_temp/arcshell/global/bin$ python --version Python 2.7.15rc1

epost@arcshellvm:/media/sf_temp/arcshell/global/bin$ uname -a Linux arcshellvm 4.15.0-46-generic #49-Ubuntu SMP Wed Feb 6 09:33:07 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

epost@arcshellvm:/media/sf_temp/arcshell/global/bin$ psn Traceback (most recent call last): File "/media/sf_temp/arcshell/global/bin/psn", line 25, in import proc, report File "/media/sf_temp/arcshell/global/bin/proc.py", line 276, in syscall_id_to_name = get_system_call_names() File "/media/sf_temp/arcshell/global/bin/proc.py", line 273, in get_system_call_names raise 'unistd_64.h not found' TypeError: exceptions must be old-style classes or derived from BaseException, not str

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/tanelpoder/psnapper/issues/1, or mute the thread < https://github.com/notifications/unsubscribe-auth/ADd-HfYuRlj7u7IRtLORAjFRSIc6sJH2ks5vd9TKgaJpZM4cf2lY

.

-- Sent from mobile

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/tanelpoder/psnapper/issues/1#issuecomment-480454308, or mute the thread https://github.com/notifications/unsubscribe-auth/AEyTiXxXQ9zxkMORH2VglgtbtKVOBqKOks5vd-GHgaJpZM4cf2lY .

tanelpoder commented 5 years ago

Yep this is because I use SQLite under the hood (for flexible joins & aggregations between different /proc datasources) and currenlty it's using memory as backing store for its temporary tables. In a future version I'll do 2 things:

1) allow running psnapper indefinitely and it prints out a snapshot report every X seconds (and discards the history) 2) store unlimited history in an on-disk SQLite backing store and allow reporting based on time selected