pread64 - read up to count bytes from file descriptor fd at offset offset
The pread64() system call reads up to
count bytes from file descriptor
fd at offset
offset. It is identical to
read except for the checking for a file descriptor that supports
pread and the
read the data is not read from the current file offset; instead,
offset byteswithe counted from the start of the file.
If some bytes were read before and
O_APPEND was not set on the file descriptor, subsequent reads are made from the position which was 'current' at the time pread64() has been called. If the file was open with
O_APPEND set, the data will be read from the current end of file.
The pread64() system call does not change the file offset and it is not affected by whether or not
O_APPEND is set on the file descriptor.
fd:int - file descriptor of the file to be read
buf:void*[K] - a pointer to a buffer in which the data should be stored
count:size_t - the number of bytes to be read
offset:off_t - offset from the start of the file
- K - Originated from kernel-space
To trace reads from the start of a file.
Example Use Case¶
A security audit might need to track activity that reads from the beginning of files.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.