|
|
参考 http://blog.chinaunix.net/uid-26822401-id-3153147.html
似乎跟信号那有关系
记账记录的结构体定义在<sys/acct.h>头文件里,并看起来像:typedef u_short comp_t; /* 3-bit base 8 exponent; 13-bit fraction */struct acct{ char ac_flag; /* flag (see following Figure) */ char ac_stat; /* termination status (signal & core flag only) */ /* Solaris Only */ uid_t ac_uid; /* real user ID */ gid_t ac_gid; /*real group ID */ dev_t ac_tty; /* controlling terminal */ time_t ac_btime; /* starting calendar time */ comp_t ac_utime; /* user CPU time (clock ticks) */ comp_t ac_stime; /* system CPU time (clock ticks) */ comp_t ac_etime; /* elapsed time (clock ticks) */ comp_t ac_mem; /* average memory usage */ comp_t ac_io; /* bytes transfered (by read and write) */ /* "blocks on BSD systems */ comp_t ac_rw; /* blocks read or written */ /* (not present on BSD systems) */ char ac_comm[8]; /* command name: [8] for Solaris, [10] for Mac OS X, [16] for FreeBSD, and [17] for Linux */};
#include <unistd.h>#include <signal.h>intmain(void){ pid_t pid; if ((pid = fork()) < 0) { printf("fork error\n"); exit(1); } else if (pid != 0) { /* parent */ sleep(2); exit(2); /* terminate with exit status 2 */ } /* first child */ if ((pid = fork()) < 0) { printf("fork error\n"); exit(1); } else if (pid != 0) { sleep(4); abort(); /* terminate with core dump */ } /* second child */ if ((pid = fork()) < 0) { printf("fork error\n"); exit(1); } else if (pid != 0) { execl("/bin/dd", "dd", "if=/etc/termcap", "of=/dev/null", NULL); exit(7); /* shouldn't get here */ } /* third child */ if ((pid = fork()) < 0) { printf("fork error\n"); exit(1); } else if (pid != 0) { sleep(8); exit(0); /* normal exit */ } /* fourth child */ sleep(6); kill(getpid(), SIGKILL); /* terminate w/signal, no core dump */ exit(6); /* shouldn't get here */}
#include <sys/acct.h>#include <unistd.h>#include <stdio.h>#ifdef HAS_SA_STAT#define FMT "%-*.*s e = %6ld, chars = %7ld, stat = %3u: %c %c %c %c\n"#else#define FMT "%-*.*s e = %6ld, chars = %7ld, %c %c %c %c\n"#endif#ifndef HAS_ACORE#define ACORE 0#endif#ifndef HAS_AXSIG#define AXSIG 0#endifstatic unsigned longcompt2ulong(comp_t comptime) /* convert comp_t to unsigend long */{ unsigned long val; int exp; val = comptime & 0x1fff; /* 13-bit fraction */ exp = (comptime >> 13) & 7; /* 3-bit exponent (0-7) */ while (exp-- > 0) val *= 8; return(val);}intmain(int argc, char *argv[]){ struct acct acdata; FILE *fp; if (argc != 2) { printf("usage: parcct filename\n"); exit(1); } if ((fp = fopen(argv[1], "r")) == NULL) { printf("can't open %s\n", argv[1]); exit(1); } while (fread(&acdata, sizeof(acdata), 1, fp) == 1) { printf(FMT, (int)sizeof(acdata.ac_comm), (int)sizeof(acdata.ac_comm), acdata.ac_comm, compt2ulong(acdata.ac_etime), compt2ulong(acdata.ac_io),#ifdef HAS_SA_STAT (unsigned char) acdata.ac_stat,#endif acdata.ac_flag & ACORE ? 'D' : ' ', acdata.ac_flag & AXSIG ? 'X' : ' ', acdata.ac_flag & AFORK ? 'F' : ' ', acdata.ac_flag & ASU ? 'S' : ' '); } if (ferror(fp)) { printf("read error\n"); exit(1); } exit(0);} |
|
京ICP备14020293号-2
本网站内容均收集于互联网,如有问题请联系QQ:389897944予以删除
窥视卡
雷达卡
楼主
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡