-1

Using strace to compare outputs of two different binaries, I am having trouble determining what the values written actually are.

write(3, "g\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096

write(4, "g\377\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096

The difference from the first to second seems to be \377\377 to \7\0, but what encoding are these using? These should be decimal values but I do not know how to convert them to compare them.

user2725742
  • 398
  • 2
  • 12
  • 1
    Why don't you just try out what strace does? That said, it's probably similar to C code and I believe it is octal. – Ulrich Eckhardt May 07 '19 at 18:16
  • 3
    This is `octal` notation and `\377` is equal to 0xff in hexadecimal or 11111111 in binary. And https://unix.stackexchange.com/ would be a better forum for this question. StackOverflow is meant for programming questions while UNIX & Linux StackExchange covers general questions. – tk421 May 07 '19 at 18:17
  • Thank you, @tk421. I should have figured it was octal since chars are bytes. – user2725742 May 07 '19 at 20:42

1 Answers1

1

Strace write() handler uses a printstrn function, that calls printstr_ex function from util.c , which calls string_quote (also in util.c) which does the printing.

The function (by default) prints the data using ASCII characters, then standard C notation of \r \n and \b etc. and then it uses octal values for other non-printable bytes. The string should be parsable by a C compiler, so you can write a simple C program to compare them, ex. strcmp("g\377\377\377", "g\377\7\0") will work as expected.

If you want to compare the values, there's also these switches from man strace:

-x

Print all non-ASCII strings in hexadecimal string format.

-xx

Print all strings in hexadecimal string format.

KamilCuk
  • 120,984
  • 8
  • 59
  • 111