File Analysis
The File tab of the dynamic analyzer shows information associated with file operations. The File tab can be enabled or disabled in runtime from the Configuration dialog. If the file analysis capabilities are disables, the file API information is not displayed.
The tab consists of the following views:
- File chart shows file operations (open/close, read/write, lock) as a time flow chart.
- File API List view shows the file APIs that are associated with the file selected in the file chart.
- File Details view shows detail information of the file selected in the file chart.
Figure: File analysis
Together, the views shows the following information:
- Name and location of the file
- Current state of the file (closed or open)
- Usage time and size of the data saved or read in the file
- Information of the API used in the file (API name, parameter value, return value, and the success or failure of the API)
- Also Non-target processes as well as target processes are shown on File Chart View. More information are not displayed on File API List and File Details View
Terminology
- A target process is on a given App or Lib that the user is interested in analyzing.
- A non-target process is the opposite of the target process, but they access the target files.
- A target file is the file that has the function calls which the user is interested in.
- A non-target file is the opposite of the target file. For example, if the user is only interested in internal calls, files that include direct call are non-target files.
File Chart
The file chart has a separated child and parent chart. There can be only 1 parent chart of each file, whereas multiple child charts are supported. Multiple child charts are separated by PID and TID. The parent chart records all the operations performed by the child charts.
Figure: File chart
The file chart shows the following information:
- The open or closed state of the file is shown through the color of the graph bars:
- Aqua area indicates the open area of the file.
- Teal area indicates that the file was opened and duplicated by other processes or threads.
- The upper line in the bar on the child chart indicates the time of locking the file:
- Violet area indicates the lock area of the file.
- Purple area indicates the lock waiting of the file.
- The lower line in the bar indicates the time of reading and writing the file:
- Sky blue area or line indicates the write or read area of the file.
- Blue area or line indicates the concurrent writing or reading of the file without the lock.
- Red line indicates that the API has failed.
File API List
The File API List view shows the APIs that are associated with the file selected in the File chart. When the child of the file is selected, this view shows information about the file included in the TID.
Figure: File API List view
The view has the following columns:
- # (integer) shows the sequence number of the API calls.
- Start Time (time) is the time when the API was called.
- Elapsed Time (time) is the time that elapses while an event occurs.
- PID (integer) is the API process ID.
- TID (integer) is the ID of the thread that called the API.
- FD (integer) is the ID of the file.
- API Name (text) is the name of the API.
- Parameter shows the input parameters of the API.
- Return (integer) is the return value of the called API.
- Error code (text) shows the value returned by the API. In case of the APIs associated with glibc, the value is the description of the error number.
File Details
The File Details view shows detail information of the file selected in the file chart. When the child row of the file is selected, this view shows information of the file that is included in the TID.
Figure: File Details view
The view has the following fields:
- File name is the file name.
- File path shows the path of the file.
- File size is the total size of file.
- Read size is the total size of read.
- Write size is the total size of write.
- API count defines the total API count that is associated with the file.
- Failed API count is the total failed API count.
