今天,我在系统中搜索文件,并在目录中找到了一个文件/
File Attributes:
Name: core
Size: 19MBs
Type: Unknown (I tried to cat the file)
Location: /
权限:
-rw------- 1 root root 19529728 Aug 30 11:41 core
我还尝试检查该文件是否被任何进程使用
fuser core
但什么也没返回。
尝试文件命令来检查有关文件的更多信息文件核心
输出:
# 尝试 binwalk 命令检查文件,以下是输出。核心:ELF 64 位 LSB 核心文件 x86-64,版本 1 (SYSV),SVR4 样式,来自 '/sbin/init splash'
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ELF, 64-bit LSB core file AMD x86-64, version 1 (SYSV)
12288 0x3000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
172048 0x2A010 Unix path: /etc/selinux/targeted/contexts/files/file_contexts
185792 0x2D5C0 Unix path: /lib/systemd/system/acpid.path
188592 0x2E0B0 Unix path: /usr/lib/snapd/snapd
196634 0x3001A Unix path: /wiki/Software/systemd/APIFileSystems
205392 0x32250 Unix path: /lib/systemd/system/plymouth-quit-wait.service
205888 0x32440 Unix path: /lib/systemd/system/rc-local.service.d/debian.conf
218640 0x35610 Unix path: /sys/devices/platform/serial8250/tty/ttyS20
232096 0x38AA0 Unix path: /usr/lib/policykit-1/polkitd
285344 0x45AA0 Unix path: /sys/subsystem/bluetooth/devices/hci0
308998 0x4B706 Unix path: /0pointer.de/blog/projects/serial-console.html
317552 0x4D870 Unix path: /run/systemd/generator.late/ondemand.service
322816 0x4ED00 Unix path: /sys/devices/platform/serial8250/tty/ttyS21
335632 0x51F10 Unix path: /dev/disk/by-uuid/f9bb92ed-eebb-4b3f-92ca-568ffe4c0165
369264 0x5A270 Unix path: /lib/systemd/system/systemd-networkd-resolvconf-update.path
394992 0x606F0 Unix path: /lib/systemd/system/failsafe-graphical.target
411856 0x648D0 Unix path: /proc/sys/fs/mqueue
414960 0x654F0 Unix path: /lib/systemd/system/rescue.target
419088 0x66510 Unix path: /lib/systemd/system/getty-static.service
429568 0x68E00 Unix path: /lib/systemd/system/systemd-ask-password-wall.path
451088 0x6E210 Unix path: /run/systemd/netif/state
461072 0x70910 Unix path: /lib/systemd/system/virtlogd.service
469559 0x72A37 Unix path: /www.kernel.org/doc/Documentation/binfmt_misc.txt
469670 0x72AA6 Unix path: /www.freedesktop.org/wiki/Software/systemd/APIFileSystems
469776 0x72B10 Unix path: /lib/systemd/system/sys-kernel-config.mount
479584 0x75160 Unix path: /lib/systemd/system/syslog.socket
483472 0x76090 Unix path: /lib/systemd/system/cups.socket
500368 0x7A290 Unix path: /lib/systemd/system/systemd-udevd-control.socket
507900 0x7BFFC Unix path: /freedesktop/systemd1/unit/ssh_2eservice
520960 0x7F300 Unix path: /usr/lib/snapd/snapd.core-fixup.sh
522704 0x7F9D0 Unix path: /lib/systemd/system/openvpn.service
529008 0x81270 Unix path: /lib/systemd/system/rtkit-daemon.service
534512 0x827F0 Unix path: /run/systemd/system/user-1000.slice.d/50-After-systemd-logind\x2eservice.conf
538128 0x83610 Unix path: /run/systemd/system/user-1000.slice.d/50-After-systemd-user-sessions\x2eservice.conf
574000 0x8C230 Unix path: /lib/systemd/system/systemd-binfmt.service
583472 0x8E730 Unix path: /usr/lib/apt/apt.systemd.daily
584848 0x8EC90 Unix path: /lib/systemd/system/emergency.target
590528 0x902C0 Unix path: /run/systemd/generator.late/irqbalance.service
602384 0x93110 Unix path: /sys/devices/platform/serial8250/tty/ttyS16
630352 0x99E50 Unix path: /lib/systemd/system/lightdm.service
642656 0x9CE60 Unix path: /var/run/libvirt/virtlockd-sock
653312 0x9F800 Unix path: /usr/lib/snapd/system-shutdown
661456 0xA17D0 Unix path: /dev/disk/by-id/ata-WDC_WD5000LPLX-75ZNTT0_WXJ1A17A3A8N-part5
672336 0xA4250 Unix path: /lib/systemd/system/cgproxy.service
674608 0xA4B30 Unix path: /lib/systemd/system/snapd.autoimport.service
681680 0xA66D0 Unix path: /org/freedesktop/systemd1/unit/systemd_2dnetworkd_2dresolvconf_2dupdate_2epath
691056 0xA8B70 Unix path: /sys/devices/platform/serial8250/tty/ttyS8
702838 0xAB976 Unix path: /system.slice/libvirt-guests.service/control/cgroup.procs
704464 0xABFD0 Unix path: /lib/systemd/system/systemd-networkd.service
716400 0xAEE70 Unix path: /lib/systemd/system/whoopsie.service
719760 0xAFB90 Unix path: /lib/systemd/system/NetworkManager.service
728096 0xB1C20 Unix path: /lib/systemd/system/systemd-journal-flush.service
747552 0xB6820 Unix path: /lib/systemd/system/anacron.service
754152 0xB81E8 Unix path: /org/freedesktop/systemd1/unit/ssh_2eservice
758608 0xB9350 Unix path: /lib/systemd/system/snapd.system-shutdown.service
767632 0xBB690 Unix path: /lib/systemd/system/cups.service
780960 0xBEAA0 Unix path: /lib/systemd/system/systemd-ask-password-console.service
787952 0xC05F0 Unix path: /var/lib/systemd/timers/stamp-apt-daily.timer
805840 0xC4BD0 Unix path: /sys/devices/platform/serial8250/tty/ttyS1
824528 0xC94D0 Unix path: /lib/systemd/system/polkitd.service
829184 0xCA700 Unix path: /var/run/libvirt/virtlockd-sock
852640 0xD02A0 Unix path: /lib/systemd/system/wpa_supplicant.service
920192 0xE0A80 Unix path: /lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf
926768 0xE2430 Unix path: /lib/systemd/system/systemd-remount-fs.service
928678 0xE2BA6 Unix path: /www.freedesktop.org/wiki/Software/systemd/APIFileSystems
935698 0xE4712 Unix path: /var/run/libvirt/virtlogd-sock
941280 0xE5CE0 Unix path: /run/user/1000/gvfs
951776 0xE85E0 Unix path: /lib/systemd/system/systemd-ask-password-plymouth.path
965344 0xEBAE0 Unix path: /lib/systemd/system/network-pre.target
977232 0xEE950 Unix path: /lib/systemd/system/local-fs.target
978448 0xEEE10 Unix path: /lib/systemd/system/acpid.service
997168 0xF3730 Unix path: /org/freedesktop/systemd1/job
1000144 0xF42D0 Unix path: /org/freedesktop/DBus/Local
1009960 0xF6928 Unix path: /org/freedesktop/systemd1/unit/upstart_2eservice
1011488 0xF6F20 Unix path: /org/freedesktop/systemd1/unit
1015160 0xF7D78 Unix path: /usr/lib/snapd/system-shutdown /run/initramfs/shutdown
1023504 0xF9E10 Unix path: /lib/systemd/system/-.slice
1034922 0xFCAAA Unix path: /var/run/dbus/system_bus_socket
1038094 0xFD70E Unix path: /systemd/system.slice/virtualbox.service/control/cgroup.procs
1048768 0x1000C0 Unix path: /lib/systemd/system/alsa-state.service
1055520 0x101B20 Unix path: /lib/systemd/system/multi-user.target
1067416 0x104998 Unix path: /org/freedesktop/DBus/Lo
1072032 0x105BA0 Unix path: /lib/systemd/system/emergency.service
1112368 0x10F930 Unix path: /lib/systemd/system/final.target
1116930 0x110B02 Unix path: /var/run/avahi-daemon/socket
1125248 0x112B80 Unix path: /var/cache/cups/org.cups.cupsd
1192416 0x1231E0 Unix path: /lib/systemd/system/systemd-networkd-resolvconf-update.service
1224416 0x12AEE0 Unix path: /sys/devices/virtual/net/virbr0
1257440 0x132FE0 Unix path: /sys/devices/platform/serial8250/tty/ttyS26
1270528 0x136300 Unix path: /run/systemd/system/session-c2.scope.d/50-TasksMax.conf
1296392 0x13C808 Unix path: /org/freedesktop/systemd1/unit/systemd_2djournald_2ddev_2dlog_2esocket
1313008 0x1408F0 Unix path: /lib/systemd/system/unattended-upgrades.service
1316048 0x1414D0 Unix path: /lib/systemd/system/cgmanager.service
1329440 0x144920 Unix path: /var/run/cups/cups.sock
1333264 0x145810 Unix path: /var/lib/systemd/timers
1341872 0x1479B0 Unix path: /var/lib/systemd/random-seed
1347936 0x149160 Unix path: /var/run/avahi-daemon/socket
1355136 0x14AD80 Unix path: /lib/systemd/system/colord.service
1370976 0x14EB60 Unix path: /usr/local/lib/modules-load.d
1380098 0x150F02 Unix path: /var/run/avahi-daemon/socket
1390016 0x1535C0 Unix path: /var/lib/systemd/timers
1396056 0x154D58 Unix path: /org/freedesktop/systemd1/unit/ssh_2eservice
1397984 0x1554E0 Unix path: /dev/disk/by-path/pci-0000:00:1f.2-ata-1-part5
1403328 0x1569C0 Unix path: /lib/systemd/system/sockets.target
1403872 0x156BE0 Unix path: /dev/disk/by-path/pci-0000:00:1f.2-ata-1-part5
1418816 0x15A640 Unix path: /lib/systemd/system/systemd-fsck-root.service
1452056 0x162818 Unix path: /org/freedesktop/systemd1/unit/ssh_2eservice
1615352 0x18A5F8 Unix path: /org/freedesktop/DBus/Local
18935808 0x120F000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
18948096 0x1212000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
18972672 0x1218000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
18984960 0x121B000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
18997248 0x121E000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (GNU/Linux)
19042304 0x1229000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19070976 0x1230000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19087360 0x1234000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19099648 0x1237000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19111936 0x123A000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19165184 0x1247000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19177472 0x124A000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19267584 0x1260000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19279872 0x1263000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19292160 0x1266000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19312640 0x126B000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19314167 0x126B5F7 mcrypt 2.2 encrypted data, algorithm: blowfish-448, mode: CBC, keymode: 8bit
19517440 0x129D000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19518576 0x129D470 Unix path: /build/linux-hVVhWi/linux-4.4.0/arch/x86/entry/vdso/vclock_gettime.c
我没有手动添加此文件。我不知道该文件是如何在系统上创建的。是我的系统被感染了还是 Ubuntu 会自动写入此类文件?
我如何检查该文件是如何创建的以及该文件在那里做什么?
答案1
当应用程序崩溃时,会创建 core 文件。然后程序员可以使用 gdb 找出应用程序崩溃的原因。