What system call does Evince use to open pdf?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I have tried to hook system calls using linux kernel module. However, when I open a pdf file using Evince, I find no open,read and write is used on this specific file, only lstat is used.
Here is the strace log of strace evince folder1/test.pdf
So I wonder what system call does evince use to open andread from file?
ubuntu linux-kernel system-calls read evince
asked Nov 23 at 1:00
user6456568
203
add a comment |
up vote
2
down vote
favorite
I have tried to hook system calls using linux kernel module. However, when I open a pdf file using Evince, I find no open,read and write is used on this specific file, only lstat is used.
Here is the strace log of strace evince folder1/test.pdf
So I wonder what system call does evince use to open andread from file?
ubuntu linux-kernel system-calls read evince
asked Nov 23 at 1:00
user6456568
203
2
Trystracewith the-f(follow) option, since theclonecall creates a subprocess.
– Thomas Dickey
Nov 23 at 1:24
@ThomasDickey Thanks, I've updated the log in the link. Now I can seeopen("/home/xytao/folder1/test.pdf", O_RDONLY)in line 5376, but I still don't seeread, maybe because it's usingpread?
– user6456568
Nov 23 at 1:36
perhaps the socket I/O is what's doing it - orpreadcan. Reading the source-code would help :-)
– Thomas Dickey
Nov 23 at 1:40
Yes, pread. This is the start of the PDF file:pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256
– Filipe Brandenburger
Nov 23 at 2:17
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I have tried to hook system calls using linux kernel module. However, when I open a pdf file using Evince, I find no open,read and write is used on this specific file, only lstat is used.
Here is the strace log of strace evince folder1/test.pdf
So I wonder what system call does evince use to open andread from file?
ubuntu linux-kernel system-calls read evince
asked Nov 23 at 1:00
user6456568
203
I have tried to hook system calls using linux kernel module. However, when I open a pdf file using Evince, I find no open,read and write is used on this specific file, only lstat is used.
Here is the strace log of strace evince folder1/test.pdf
So I wonder what system call does evince use to open andread from file?
ubuntu linux-kernel system-calls read evince
ubuntu linux-kernel system-calls read evince
asked Nov 23 at 1:00
user6456568
203
asked Nov 23 at 1:00
user6456568
203
asked Nov 23 at 1:00
user6456568
203
asked Nov 23 at 1:00
user6456568
203
asked Nov 23 at 1:00
user6456568
203
203
2
Trystracewith the-f(follow) option, since theclonecall creates a subprocess.
– Thomas Dickey
Nov 23 at 1:24
@ThomasDickey Thanks, I've updated the log in the link. Now I can seeopen("/home/xytao/folder1/test.pdf", O_RDONLY)in line 5376, but I still don't seeread, maybe because it's usingpread?
– user6456568
Nov 23 at 1:36
perhaps the socket I/O is what's doing it - orpreadcan. Reading the source-code would help :-)
– Thomas Dickey
Nov 23 at 1:40
Yes, pread. This is the start of the PDF file:pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256
– Filipe Brandenburger
Nov 23 at 2:17
add a comment |
2
Trystracewith the-f(follow) option, since theclonecall creates a subprocess.
– Thomas Dickey
Nov 23 at 1:24
@ThomasDickey Thanks, I've updated the log in the link. Now I can seeopen("/home/xytao/folder1/test.pdf", O_RDONLY)in line 5376, but I still don't seeread, maybe because it's usingpread?
– user6456568
Nov 23 at 1:36
perhaps the socket I/O is what's doing it - orpreadcan. Reading the source-code would help :-)
– Thomas Dickey
Nov 23 at 1:40
Yes, pread. This is the start of the PDF file:pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256
– Filipe Brandenburger
Nov 23 at 2:17
2
2
Try
strace with the -f (follow) option, since the clone call creates a subprocess.– Thomas Dickey
Nov 23 at 1:24
Try
strace with the -f (follow) option, since the clone call creates a subprocess.– Thomas Dickey
Nov 23 at 1:24
@ThomasDickey Thanks, I've updated the log in the link. Now I can see
open("/home/xytao/folder1/test.pdf", O_RDONLY) in line 5376, but I still don't see read, maybe because it's using pread?– user6456568
Nov 23 at 1:36
@ThomasDickey Thanks, I've updated the log in the link. Now I can see
open("/home/xytao/folder1/test.pdf", O_RDONLY) in line 5376, but I still don't see read, maybe because it's using pread?– user6456568
Nov 23 at 1:36
perhaps the socket I/O is what's doing it - or
pread can. Reading the source-code would help :-)– Thomas Dickey
Nov 23 at 1:40
perhaps the socket I/O is what's doing it - or
pread can. Reading the source-code would help :-)– Thomas Dickey
Nov 23 at 1:40
Yes, pread. This is the start of the PDF file:
pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256– Filipe Brandenburger
Nov 23 at 2:17
Yes, pread. This is the start of the PDF file:
pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256– Filipe Brandenburger
Nov 23 at 2:17
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
As pointed out by @ThomasDickey, you need to pass strace the -f option, in order to include the trace of all the threads.
(The clone() syscalls are creating new threads, not processes, but you still need -f to have strace follow threads.)
Once you're following all threads, the open becomes aparent, opening the file in read-only mode, on file descriptor 19:
open("/home/xytao/folder1/test.pdf", O_RDONLY) = 19
The contents of the file are read using a succession of pread calls into a small 256 character buffer, the first of which gets the %PDF-1.3 header:
pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256
If you go through the trace, you'll see it will then lseek to the end of the file (to determine file size), then read a couple of blocks of data from there. I assume that's information about the pages in the document.
The following preads happen at offsets in the middle of the file, but all of them seem to start with some information about "page", so I assume that's evince figuring out about the pages in the PDF document, probably using offsets it got from the end of the file.
answered Nov 23 at 3:12
Filipe Brandenburger
6,6501731
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
As pointed out by @ThomasDickey, you need to pass strace the -f option, in order to include the trace of all the threads.
(The clone() syscalls are creating new threads, not processes, but you still need -f to have strace follow threads.)
Once you're following all threads, the open becomes aparent, opening the file in read-only mode, on file descriptor 19:
open("/home/xytao/folder1/test.pdf", O_RDONLY) = 19
The contents of the file are read using a succession of pread calls into a small 256 character buffer, the first of which gets the %PDF-1.3 header:
pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256
If you go through the trace, you'll see it will then lseek to the end of the file (to determine file size), then read a couple of blocks of data from there. I assume that's information about the pages in the document.
The following preads happen at offsets in the middle of the file, but all of them seem to start with some information about "page", so I assume that's evince figuring out about the pages in the PDF document, probably using offsets it got from the end of the file.
answered Nov 23 at 3:12
Filipe Brandenburger
6,6501731
add a comment |
up vote
0
down vote
accepted
As pointed out by @ThomasDickey, you need to pass strace the -f option, in order to include the trace of all the threads.
(The clone() syscalls are creating new threads, not processes, but you still need -f to have strace follow threads.)
Once you're following all threads, the open becomes aparent, opening the file in read-only mode, on file descriptor 19:
open("/home/xytao/folder1/test.pdf", O_RDONLY) = 19
The contents of the file are read using a succession of pread calls into a small 256 character buffer, the first of which gets the %PDF-1.3 header:
pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256
If you go through the trace, you'll see it will then lseek to the end of the file (to determine file size), then read a couple of blocks of data from there. I assume that's information about the pages in the document.
The following preads happen at offsets in the middle of the file, but all of them seem to start with some information about "page", so I assume that's evince figuring out about the pages in the PDF document, probably using offsets it got from the end of the file.
answered Nov 23 at 3:12
Filipe Brandenburger
6,6501731
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
As pointed out by @ThomasDickey, you need to pass strace the -f option, in order to include the trace of all the threads.
(The clone() syscalls are creating new threads, not processes, but you still need -f to have strace follow threads.)
Once you're following all threads, the open becomes aparent, opening the file in read-only mode, on file descriptor 19:
open("/home/xytao/folder1/test.pdf", O_RDONLY) = 19
The contents of the file are read using a succession of pread calls into a small 256 character buffer, the first of which gets the %PDF-1.3 header:
pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256
If you go through the trace, you'll see it will then lseek to the end of the file (to determine file size), then read a couple of blocks of data from there. I assume that's information about the pages in the document.
The following preads happen at offsets in the middle of the file, but all of them seem to start with some information about "page", so I assume that's evince figuring out about the pages in the PDF document, probably using offsets it got from the end of the file.
answered Nov 23 at 3:12
Filipe Brandenburger
6,6501731
As pointed out by @ThomasDickey, you need to pass strace the -f option, in order to include the trace of all the threads.
(The clone() syscalls are creating new threads, not processes, but you still need -f to have strace follow threads.)
Once you're following all threads, the open becomes aparent, opening the file in read-only mode, on file descriptor 19:
open("/home/xytao/folder1/test.pdf", O_RDONLY) = 19
The contents of the file are read using a succession of pread calls into a small 256 character buffer, the first of which gets the %PDF-1.3 header:
pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256
If you go through the trace, you'll see it will then lseek to the end of the file (to determine file size), then read a couple of blocks of data from there. I assume that's information about the pages in the document.
The following preads happen at offsets in the middle of the file, but all of them seem to start with some information about "page", so I assume that's evince figuring out about the pages in the PDF document, probably using offsets it got from the end of the file.
answered Nov 23 at 3:12
Filipe Brandenburger
6,6501731
answered Nov 23 at 3:12
Filipe Brandenburger
6,6501731
answered Nov 23 at 3:12
Filipe Brandenburger
6,6501731
answered Nov 23 at 3:12
Filipe Brandenburger
6,6501731
6,6501731
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f483562%2fwhat-system-call-does-evince-use-to-open-pdf%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Try
stracewith the-f(follow) option, since theclonecall creates a subprocess.– Thomas Dickey
Nov 23 at 1:24
@ThomasDickey Thanks, I've updated the log in the link. Now I can see
open("/home/xytao/folder1/test.pdf", O_RDONLY)in line 5376, but I still don't seeread, maybe because it's usingpread?– user6456568
Nov 23 at 1:36
perhaps the socket I/O is what's doing it - or
preadcan. Reading the source-code would help :-)– Thomas Dickey
Nov 23 at 1:40
Yes, pread. This is the start of the PDF file:
pread(19, "%PDF-1.3rn%241263305327rn3 0 objrn<</Fil"..., 256, 0) = 256– Filipe Brandenburger
Nov 23 at 2:17