How to know which interpreter it uses when execve() executes a file on Debian Linux, from its strace syscall logs?
For example, how to know a file is executed as a bash script (#!/bin/bash), or a python script (#!/usr/bin/env python), or a pure ELF file?
Assume we do not have the correct file suffix so we cannot simply tell from execve()'s arguments.
If it is not fetch-able from strace syscall logs, what other methods can be used?
Use file for that:
$ echo '#!/bin/python' > 1
$ file 1
1: a /bin/python script, ASCII text executable
$ echo '#!/bin/sh' > 2
$ file 2
2: POSIX shell script, ASCII text executable
$ echo '#!/usr/bin/env python' > 3
$ file 3
3: Python script, ASCII text executable
$ echo 'int main() { return 0; } ' | gcc -xc -o4 -
$ file 4
4: ELF 64-bit LSB pie executable x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=d2f65ad2fe7b73bd5f4acc9fc9da25f748fe9915, not stripped
