## 0x02 问题排查

......
root      2948 10340  0 15:30 ?        00:00:00 [synoscgi_______] <defunct>
root     10280     1  0 15:30 ?        00:00:08 /usr/syno/sbin/synocgid -D
root     10340     1  0 15:30 ?        00:00:26 synoscgi
system   10470 10340  0 15:30 ?        00:00:00 synoscgi
system   29109 10340  0 15:30 ?        00:00:00 synoscgi
root     29180 29148  0 15:30 pts/5    00:00:00 grep --color=auto cgi
system   31659 10340  0 15:30 ?        00:00:00 synoscgi
system   31834 10340  0 15:30 ?        00:00:00 synoscgi
system   31924 10340  0 15:30 ?        00:00:00 synoscgi
......


defunct的中文释义为损坏的、不复存在的，在这里指的是僵尸进程，synoscgi进程可以理解为群晖中的cgi-bin，用于实现Web服务。

kill -9 10280
/usr/syno/sbin/synocgid


synoscgi: error while loading shared libraries: /lib/libsynoshare.so.6: invalid ELF header


## 0x03 问题分析

Linux下的so文件与Windows下的dll文件类似，都是便于应用程序调用的动态链接库，在Windows下我们遇到dll错误或dll缺失会从互联网上或启动盘中拷贝一个工作正常的dll到指定目录，那么对于Linux，我们也可以使用类似的解决方法，将故障文件进行拷贝。

### 3. 了解常用归档文件的文件头

Gzip 0x1F8B
Bzip 0x425A68
Zip 0x504B0304
LHA 0x2D6C68352D
RAR 0x52617221
7Zip 0x377ABCAF271C

tar中文件的头部结构如下表所示：

0 100 文件名
100 8 文件的unix mode（权限）
108 8 拥有者的unix用户ID
116 8 所属unix组的用户ID
124 12 8进制的文件大小
136 12 8进制的上次修改时间（unix时间）
148 8 头部数据的校验码
156 1 是否是软链接
157 100 所链接的文件名（路径）

### 4. 扳手指数数，只不过这次是十六进制~

00000000  56 45 52 53 49 4f 4e 00  00 00 00 00 00 00 00 00  |VERSION.........|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 30 30 30 30  37 35 35 00 30 30 30 30  |....0000755.0000|
00000070  30 30 30 00 30 30 30 30  30 30 30 00 30 30 30 30  |000.0000000.0000|
00000080  30 30 30 30 34 34 32 00  31 33 32 37 37 37 30 37  |0000442.13277707|
00000090  35 33 33 00 30 31 30 36  34 35 00 20 30 00 00 00  |533.010645. 0...|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000100  00 75 73 74 61 72 20 20  00 72 6f 6f 74 00 00 00  |.ustar  .root...|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000120  00 00 00 00 00 00 00 00  00 72 6f 6f 74 00 00 00  |.........root...|
00000130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|


## 0x04 问题解决

### 1. 使用diff命令对比文件

diff -c -a -b -B -r -q /mnt/image/hda1/lib /lib


-c     使用上下文输出格式.
-a     所有的文件都视为文本文件来逐行比较，甚至他们似乎不是文本文件.
-b     忽略空格引起的变化.
-B     忽略插入删除空行引起的变化.
-r     当比较目录时，递归比较任何找到的子目录.
-q     仅报告文件是否相异,不报告详细的差异.


Files lib/libsynoshare.so.6 and lib/libsynoshare.so.6 differ
Files lib/libsynopkg.so.1 and lib/libsynopkg.so.1 differ


### 2. 覆盖损坏的文件

sudo mv -f /mnt/image/hda1/lib/libsynopkg.so.1 /lib/
sudo mv -f /mnt/image/hda1/lib/libsynoshare.so.6 /lib/
chmod 644 /lib/libsynopkg.so.1
chmod 644 /lib/libsynoshare.so.6