This hook is produced on STRACE startup. It contains information about the system on which trace is operating, initial time of day information, and number of processors in the system. The data returned is mapped by SFTSTARTUP.
2218 a8 2 254:3417264209 0 141e000708000000cc0715390703000001000000598d9303 | | | | | | | | | | | +---Data as follows: | | | | | UCHAR VerMajor | | | | | UCHAR VerMinor | | | | | UCHAR RevLettr | | | | | UCHAR DayDate | | | | | UCHAR MonDate | | | | | UCHAR pad1[3] | | | | | USHORT YrsDate | | | | | UCHAR HrsTime | | | | | UCHAR MinTime | | | | | UCHAR SecTime | | | | | UCHAR HunTime | | | | | UCHAR pad2[2] | | | | | ULONG ulNumCPUs | | | | | ULONG ulCPURate[] | | | | | | | | | +----- Processor ID (0,1,2,3,...,63) | | | +-------------- Normalized Time Stamp (high32bits:low32bits) | | +---------------------------- Minor Code = 0x02 | +--------------------------------- Major Code = 0xa8 +-------------------------------------- Type Indicator/Length (SFT_HOOK_STARTUP | 0x18 bytes)