Find Command Line executions of Gui program

security
infosec
#1

I have a bulky compiled program that does simple things. Basically executes two CLI comands.
One command is a jackd command and the other is a pulseaudio command.

More general:
Lets say you have a linux GUI program X which when executed silently starts two other CLI executable programs Y & Z with arguments.
How do I figure out what these commands and arguments are.

More trivial example.

Lests say X is a gui program that when compiled and exectuted does the following two commands unseen by the user.

  1. emacs ~/testfile
    and
  2. firefox
    Obviously the user wont see these commands being executed even if X was run from a terminal, but will just be presented with emacs and firefox popping up.

How do I find out what the commands 1&2 are when X executes ?

I tried using strace but that failed. The commands 1&2 are known to be command line executable strings.
I guess auditctl is also an option, but how do I use it in this case.

0 Likes

#2

I’d use ‘strings’ and have a look.

strings X | less

Then look for any mention of ‘emacs’ and ‘firefox’. The important bits may all be on the same line, maybe they’ll be in neighboring lines, maybe they’ll be in variables and you’ll have to search for those too. I’ve found this command to be WAY handy for cases like this.

0 Likes

#3

Thanks John, I will try it. I have the sourcecode for the software but the commands are compiled in a tangled mess I cannot figure out. It would be very accurate finding it from the executable.
Thanks for the recommendation, I will report back how it goes.

0 Likes

#4

Nope strings X did not work for my purposes. Thanks fro the suggestion though.

0 Likes

#5

Take look at http://www.ouah.org/RevEng/

There is also ghidra GUI software https://github.com/NationalSecurityAgency/ghidra and https://www.nsa.gov/resources/everyone/ghidra/

0 Likes

#6

Thanks nixcraft, that looks heavy duty.
I changed the title to be more specific to what I am trying to achieve as the description was too wide and could draw criticism and answers way wide from the scope I need.

The program is the open source
https://kx.studio/Applications:Cadence

I cannot figure from the source how to create a daemon for their jack strings.
All that it will be is a string;
jackd
and pulseaudio
that will configure jack and pulseaudio.
Since it works very well, but impractical I need to get the startup strings.

0 Likes

#7

Actually all I need is to monitor the linux system to capture any command issued with
jackd and pulse as wildcards by software.
It must start these programs so comands are issued.
This seems dead easy, but I cannot find a way to do this
I was not successful in looking at process strings and full command for the start of a process or daemon.
I cannot see that these process command strings are started in a way for example with pointers in memory.
It will still show up as a process string.

0 Likes

#8

pstree shows me what script is running. maybe it will help? give pid of your script
pstree pid

0 Likes