本文主要是介绍VsCode编译调试Suricata,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
原理:
Suricata 源码说到底也是一个makefile项目,Code 是绝对可以编译的,本质上还是模拟 make 命令,然后使用GDB调试c程序。
有一个视频: https://www.bilibili.com/video/BV1Aw4m1U7Mo/?vd_source=b6d10e8288ab2f9afe2227a94446a6c3
c_cpp_properties.json:
实际上这部分是关于 代码悬停提示,智能提示这一方面的,
关于includepath和browse ->path的介绍有一个视频:https://www.bilibili.com/video/BV1Hm411r7nq/?vd_source=b6d10e8288ab2f9afe2227a94446a6c3
{"configurations": [{"name": "daxian-2023-12-24","includePath": ["${workspaceFolder}/**","/usr/include/**","/usr/local/include/**","/usr/include/netinet/**"],"defines": [],"compilerPath": "/usr/bin/g++","cStandard": "c17","cppStandard": "c++17","intelliSenseMode": "gcc-x64","browse": {"path": ["${workspaceFolder}","/usr/include/netinet"],"limitSymbolsToIncludedHeaders": true,"databaseFilename": ""},"configurationProvider": "ms-vscode.makefile-tools"}],"version": 4
}
settings.json
这其实和编译无关,涉及到一些 vsocode 的配置
{"window.zoomLevel": 0.5,"files.exclude": {"**/.exe": true //排除尾缀为.exe的文件不在编辑器左边的目录菜单中显示},// "C_Cpp.intelliSenseEngine": "Tag Parser",/*或者是default模式(默认也是这个)*/"C_Cpp.exclusionPolicy": "checkFilesAndFolders","C_Cpp.default.intelliSenseMode": "gcc-x64","C_Cpp.default.compilerPath": "/usr/bin/g++","C_Cpp.default.cppStandard": "c++17","debug.onTaskErrors": "abort","files.associations": {"iostream": "cpp","suricata-common.h": "c","cstdlib": "c","array": "c","istream": "c","ostream": "c","tuple": "c","type_traits": "c","utility": "c","fstream": "c","streambuf": "c","queue.h": "c","deque": "c","string": "c","unordered_map": "c","vector": "c","string_view": "c","initializer_list": "c","functional": "c","threads.h": "c","threadvars.h": "c","util-lua.h": "c","util-lua-http.h": "c","detect-threshold.h": "c","*.tcc": "c","numeric": "c","sstream": "c","detect-engine-register.h": "c","detect-engine-build.h": "c"},"C_Cpp.errorSquiggles": "enabled","workbench.editor.wrapTabs": false,/*选项卡是否换行*/"editor.wordWrap": "off",/*编辑区域是自动换行*/// "editor.renderWhitespace": "all"/*让空格显示为点 selection*/}
tasks.json
执行编译任务, ctrl+b执行编译任务,会选择第一个make
{"version": "2.0.0","tasks": [{"label": "build_suricata","type": "shell","command": "make", //suricata编译"problemMatcher": ["$gcc"],"group": {"kind": "build","isDefault": true},"presentation": {"echo": true,"reveal": "always","focus": false,"panel": "dedicated","showReuseMessage": false,"clear": true}},//下面是C++的不予理会{"type": "shell", //或者是process 区别找文档"label": "C/C++: g++ build active file", //任务标签"command": "/usr/bin/g++","args": ["-g","-Wall","-std=c++17","${fileDirname}/*.cpp","-o","${fileDirname}/${fileBasenameNoExtension}"],"detail": "compiler: /usr/bin/g++","group": {"kind": "build","isDefault": true},"presentation": {"echo": true,"reveal": "always", //是否将集成终端面板置于前面"focus": true, //是否获得焦点"panel": "dedicated","showReuseMessage": false, //控制是否显示“终端将被任务重用,按任意键关闭它”消息"clear": true // 运行前清除终端},"problemMatcher": ["$gcc"]},],"options": {"shell": {"executable": "/bin/bash","args": ["-c"]},"env": {"PATH": "/usr/bin:${env:PATH}"}}
}//官方文档:https://code.visualstudio.com/docs/editor/tasks
launch.json
make 以后不用make install的
make编译之后会在src/.libs/下生成临时的可执行程序, gdb可以调试这个程序,args是执行调试时候加入的参数,--runmode single是只有一个处理线程的模式,(参照suricata的运行模式,要注意不是任何情况下都有single模式的),这里读入的流量是从pcap文件中拿到的(这个文件是通过wireshark抓包工具得到的),关于这些参数在这里
{"version": "0.2.0","configurations": [{"type": "cppdbg","request": "launch","name": "DeBug_suricata","program": "${workspaceFolder}/src/.libs/suricata",// "program": "/usr/local/bin/suricata", //make install 后可执行程序的安装位置"args": ["--runmode","single","-r", "/home/daxian/ping.pcap","-vvvv","-c","/home/daxian/Desktop/zs/suricata-6.0.8/suricata.yaml","-l","/home/daxian/Desktop/zs/suricata-log-dir","-S","/home/daxian/Desktop/zs/rules/test.rules","-k","none"// "-i",// "ens33",// "--list-keywords=csv",// "--list-app-layer-protos"],"stopAtEntry": false,"cwd": "${workspaceFolder}","environment": [],"externalConsole": false,"MIMode": "gdb","miDebuggerPath": "/usr/bin/gdb","preLaunchTask": "build_suricata"},//下面是c++的 不予理会{"name": "g++ - Build and debug active file","type": "cppdbg","request": "launch","program": "${fileDirname}/${fileBasenameNoExtension}","args": [],"stopAtEntry": false,"cwd": "${workspaceFolder}","environment": [],"externalConsole": false,"MIMode": "gdb","miDebuggerPath": "/usr/bin/gdb","setupCommands": [{"description": "Enable pretty-printing for gdb","text": "-enable-pretty-printing","ignoreFailures": true}],"preLaunchTask": "C/C++: g++ build active file"},]
}
这篇关于VsCode编译调试Suricata的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
