babeltrace与CTF相关学习笔记-2

这里写自定义目录标题

写在前面
前面的小结
bt_ctf_writer_create

写在前面

事情正在朝着不可控的方向狂奔。。。
系统工师师，其实只有一个任务：将复杂的系统简单化；将乱成一团的分工，明确化；降低每个人面对的复杂度。归根到底系统工程师要处理的是复杂度：简化复杂度。与庖丁解牛类似。
但现在的情况，是正在向北极狂奔。尽管我马快，车夫好，但我现在唯一担心的，不是去不去楚国的问题，而是身上的衣服能不能度过北极的问题。
本来，我们根本不需要研究nanolog的，我们只需自己划格子。有人出了格，我们能用证据说明：你出格了。我们的任务就完成了。但我们现在要解析nanolog，不是向少，而是向多。
我们只能听天命尽人事了。

前面的小结

我们的目标是找到meta，然后将nanolog的meta，转为ctf的meta.
前面，我们找到了babeltrace库。
但是，这个库，我们看到的是如何处理数据，没有看到meta相关的信息。
要么，我们没有分析透这个例程，要么，还有别的例程与meta相关。
两个方面，我们都要研究。下面开始吧。

bt_ctf_writer_create

进入核心库后，第一句，我们就看到了这一句：
在这里插入图片描述
metadata_path = g_build_filename(path, “metadata”, NULL);
是什么意思。
今天我决定果奔了，走到哪算哪。
好像是凭空创建了一个新的meta文件，这也许是好消息，也许相反。
然后，进入模拟trace的过程：

发现meta文件生成后被删除了。
所以，清空tmp后，重新来过。
在这里插入图片描述
meta生成，但为空。
这可能说明，这个示例，主要是数据。可能与meta关系不大。
谢天谢地，在这句，有了变化：

虽然说，方向的选择不一定正确，但看到了希望。
这句的意思，可能是清空这些文件，在这之前，将它们下载到本。
在这里插入图片描述
似乎这里就已经晚了，
有些内容已变少了：
重走后发现是这句，bt_ctf_object_put_ref(stream_class);
进行merge的。

下面是metadata的内容

/* CTF 1.8 */trace {major = 1;minor = 8;uuid = "0388149e-6e6d-45bf-a65c-cca377dbe0d3";byte_order = be;packet.header := struct {integer { size = 32; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } magic;integer { size = 8; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } uuid[16];integer { size = 32; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } stream_id;integer { size = 22; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } custom_trace_packet_header_field;} align(8);
};env {host = "testhost";test_env_int = 654321;test_env_str = "oh yeah";sysname = "GNU/Linux";nodename = "testhost";release = "4.4.0-87-generic";version = "#110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017";machine = "x86_64";new_field = "test";
};clock {name = test_clock;uuid = "e2234c8a-3fb4-47db-bbac-e0ea774b9034";description = "This is a test clock";freq = 1123456789;precision = 10;offset_s = 13515309;offset = 1234567;absolute = true;
};stream {id = 123;event.header := struct {integer { size = 32; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } id;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; map = clock.test_clock.value; } timestamp;} align(8);packet.context := struct {integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; map = clock.test_clock.value; } timestamp_begin;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; map = clock.test_clock.value; } timestamp_end;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } content_size;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } packet_size;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } events_discarded;integer { size = 5; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } custom_packet_context_field;} align(8);event.context := struct {integer { size = 32; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } common_event_context;} align(1);
};event {name = "Simple Event";id = 13;stream_id = 123;context := struct {integer { size = 12; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } event_specific_context;} align(1);fields := struct {enum : integer { size = 64; align = 1; signed = true; encoding = none; base = decimal; byte_order = native; } { "another entry" = -42000 ... -13000, "negative_value" = -12345 ... 0, "something" = -500 ... -400, "escaping; \"test\"" = 1, "\tanother 'escaping'\n test\"" = 2 ... 4, "_event clock int float" = 5 ... 22, "truie" = 42, "truie" = 43 ... 51 } enum_field;enum : integer { size = 12; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } { "escaping; \"test\"" = 0, "\tanother 'escaping'\n test\"" = 1 ... 4, "_event clock int float" = 5 ... 22, "something" = 7 ... 8, "truie" = 42, "truie" = 43 ... 51 } enum_field_unsigned;integer { size = 12; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } integer_field;floating_point { exp_dig = 11; mant_dig = 53; byte_order = native; align = 32; } float_field;} align(32);
};event {name = "Spammy_Event";id = 0;stream_id = 123;fields := struct {integer { size = 17; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } field_1;string { encoding = UTF8; } a_string;} align(8);
};event {name = "Complex Test Event";id = 42;stream_id = 123;loglevel = 6;fields := struct {integer { size = 35; align = 1; signed = false; encoding = none; base = hexadecimal; byte_order = native; } uint_35;integer { size = 16; align = 32; signed = true; encoding = none; base = decimal; byte_order = native; } int_16;struct {enum : integer { size = 3; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } { "UINT3_TYPE" = 0, "INT16_TYPE" = 1, "UINT35_TYPE" = 2 ... 7 } variant_selector;string { encoding = UTF8; } _string;variant < variant_selector> {integer { size = 3; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } UINT3_TYPE;integer { size = 16; align = 32; signed = true; encoding = none; base = decimal; byte_order = native; } INT16_TYPE;integer { size = 35; align = 1; signed = false; encoding = none; base = hexadecimal; byte_order = native; } UINT35_TYPE;} variant_value;struct {integer { size = 35; align = 1; signed = false; encoding = none; base = hexadecimal; byte_order = native; } seq_len;integer { size = 16; align = 32; signed = true; encoding = none; base = decimal; byte_order = native; } a_sequence[ seq_len];integer { size = 16; align = 32; signed = true; encoding = none; base = decimal; byte_order = native; } an_array[5];} align(32) inner_structure;} align(32) complex_structure;} align(32);
};event {name = "Simple Event";id = 1;stream_id = 123;fields := struct {} align(1);
};stream {id = 0;event.header := struct {integer { size = 32; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } id;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; map = clock.test_clock.value; } timestamp;} align(8);packet.context := struct {integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; map = clock.test_clock.value; } timestamp_begin;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; map = clock.test_clock.value; } timestamp_end;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } content_size;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } packet_size;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } events_discarded;} align(8);
};event {name = "some_event_class_name";id = 0;stream_id = 0;fields := struct {integer { size = 32; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } integer_field;} align(1);
};stream {id = 1;};stream {id = 2;event.header := struct {integer { size = 32; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } id;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; map = clock.test_clock.value; } timestamp;integer { size = 13; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } seq_len;} align(8);packet.context := struct {integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; map = clock.test_clock.value; } timestamp_begin;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; map = clock.test_clock.value; } timestamp_end;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } content_size;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } packet_size;integer { size = 64; align = 8; signed = false; encoding = none; base = decimal; byte_order = native; } events_discarded;} align(8);
};event {name = "sequence_event";id = 0;stream_id = 2;fields := struct {integer { size = 13; align = 1; signed = false; encoding = none; base = decimal; byte_order = native; } some_sequence[ stream.event.header.seq_len];} align(1);
};

已经可以用compass 打开
在这里插入图片描述虽然没有CPUid,可以看了