Share this page!

Amit Serper 🇺🇦🌻 Profile picture
Twitter logo
Nov 21 3 tweets 2 min read
Your #Linux #internals tip of the day: On Linux, there's a magical directory called /proc. In it, every process get a subdirectory according to its PID. Inside of this /proc/pid (that framework is called procfs) you can find a lot of information about the process, (1/3)
everything from it's memory allocation mapping (/proc/pid/maps) to the command line that executed the process (/proc/pid/cmdline) and more... An interesting file to check there is "status". Status sums up a lot of interesting pieces of information such as the PPID, owner (2/3)
uid/gid and more. If you're new to Linux internals, give yourself a tour of the /proc directory. The full documentation of procfs can be read here:
kernel.org/doc/Documentat… (3/3) A screen shot of the status...

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Amit Serper 🇺🇦🌻

Amit Serper 🇺🇦🌻 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @0xAmit

Amit Serper 🇺🇦🌻 Profile picture
Sep 16
Had another "debate" with an avid trump supporter today over WhatsApp. Nuts. Facts I provided, backed with sources, graphs, charts, and actual empirical data meant nothing. For every fact there was a deflection and whataboutism. We couldn't even agree on reality. Depressing stuff
Eventually I snapped and the guy in a pretty large chat group "bro, you're in a cult". He replied that I am "in the cult of hate". I'm not proud of myself for talking like that to someone in front of a lot of people in a group chat but Im also tired of people not facing reality
I do believe though, that I gave a master class in debate to a whole group of people that never asked for it. Lol.
Read 4 tweets
Amit Serper 🇺🇦🌻 Profile picture
Feb 24
1/n Thread: Been reversing this malware that's been going around Ukraine. It appears to be a wiper that's dropping a driver to do low-level partition manipulation. That driver appears to be a legitimate EaseUS Partition Master driver
2/n This driver can also be seen accessing Parition0 of Hardisk%u (probably the boot device) in order to corrupt the partition table? (I've only done static analysis so I'm not quite sure)
Another thing that caught my eye was the pdb - when looking for those strings, I found a stackexchange post from almost a decade ago discussing an old version of the same driver, the paths are similar (see screenshots), so it looks like a recent version of the same EaseUS driver
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(