[英]Retrieve executable from core dump
I want to retrieve the executable from a core dump and the output of any linux package used to get this information should contain execfn
in it's output. I want to retrieve the executable from a core dump and the output of any linux package used to get this information should contain
execfn
in it's output.
Here are the following things which I have tried so far:以下是我迄今为止尝试过的以下事情:
$ file kms
kms: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/test', real uid: 1000440000, effective uid: 1000440000, real gid: 0, effective gid: 0, execfn: '/test', platform: 'x86_64'
The file
command only works for specific cores and it's not a generic solution because some core dump gives following output. file
命令仅适用于特定内核,它不是通用解决方案,因为某些内核转储提供了以下 output。
$ file ss
ss: ELF 64-bit LSB core file x86-64, version 1 (SYSV), too many program header sections (6841)
gdb
command doesn't work for all core dumps in the same manner. gdb
命令不适用于所有核心转储以相同的方式。 The output using gdb command is inconsistent.使用 gdb 命令的 output 不一致。 The output received by gdb command for some core dump is not the same as
strings
command. gdb 命令收到的 output 用于某些核心转储与
strings
命令不同。
$gdb kms
Core was generated by `/test'.
I even tried strings
package and I think it gives proper output but the format doesn't contain execfn
for it to be used in my solution我什至尝试了
strings
package ,我认为它给出了正确的 output 但格式不包含execfn
以便在我的解决方案中使用
$ strings kms | grep ^/ | tail -1
/test
Can anyone please suggest any linux package which will help me in retrieving executable from core dump which contains execfn
in it's output.任何人都可以建议任何 linux package,这将帮助我从包含
execfn
的 output 的核心转储中检索可执行文件。
Try running the file(1) command on your core(5) file.尝试在你的core(5)文件上运行file(1)命令。 But that requires your
core
file to be complete.但这需要您的
core
文件完整。 See below and gcore(1) with strace(1) and ptrace(2) .见下文和gcore(1)与strace(1)和ptrace(2) 。
If your ELF executable (see elf(5) ) was built with DWARF debugging information then you should have enough information in your core
file.如果您的ELF可执行文件(参见elf(5) )是使用DWARF调试信息构建的,那么您的
core
文件中应该有足够的信息。 See also gdb(1) and this answer.另见gdb(1)和这个答案。
DWARF debugging information is obtained by compiling and linking your program -if it was compiled with GCC (or with Clang ) so using a recent gcc
, g++
, gfortran
, clang
, clang++
command - with the -g
(or -g2
....) flag. DWARF debugging information is obtained by compiling and linking your program -if it was compiled with GCC (or with Clang ) so using a recent
gcc
, g++
, gfortran
, clang
, clang++
command - with the -g
(or -g2
.... ) 旗帜。
Be aware of setrlimit(2) .请注意setrlimit(2) 。 You may need to use the
ulimit
builtin of GNU bash
(see bash(1) and the documentation of GNU bash ...), or the limit
builtin of zsh
to increase the core
size file limit .您可能需要使用 GNU
bash
的ulimit
内置函数(参见bash(1)和GNU bash 的文档...),或者zsh
的内置函数limit
来增加core
大小文件限制。
If your core
dump limit size (ie RLIMIT_CORE
for setrlimit
) is too small, it is preferable to raise it and run again your program.如果您的
core
转储限制大小(即setrlimit
的RLIMIT_CORE
)太小,最好提高它并再次运行您的程序。 A good developer could disable core
dumps in an executable.优秀的开发人员可以禁用可执行文件中的
core
转储。 My guess (perhaps wrong) is that a too small core limit size might be consistent with your observations.我的猜测(可能是错误的)是太小的核心限制尺寸可能与您的观察结果一致。
If your interactive Unix shell is something else that /bin/bash
(eg fish ) be sure to read its documentation.如果您的交互式 Unix shell 是
/bin/bash
(例如fish )的其他东西,请务必阅读其文档。 See also passwd(5) , ps(1) -to be used as ps $$
, pstree(1) , top(1) .另见passwd(5) , ps(1) - 用作
ps $$
, pstree(1) , top(1) 。
See also proc(5) .另请参见proc(5) 。 You might try
cat /proc/$$/limits
or /bin/cat /self/limits
in your terminal before running your program there.在运行程序之前,您可以在终端中尝试
cat /proc/$$/limits
或/bin/cat /self/limits
。 Perhaps /bin/cat /proc/version
could be needed to understand more.也许
/bin/cat /proc/version
可能需要了解更多。
Your Linux kernel can also be configured to avoid core
dumps.您的 Linux kernel也可以配置为避免
core
转储。 Ask for details on kernelnewbies and read more about SE Linux .询问有关kernelnewbies的详细信息并阅读有关SE Linux的更多信息。 Some Linux kernels accept
gzcat /proc/config.gz
as root, but other don't, to query their configuration.一些 Linux 内核接受
gzcat /proc/config.gz
作为 root,但其他不接受,以查询它们的配置。 You could need root access with sudo(8) or su(1) .您可能需要使用sudo(8)或su(1)进行 root 访问。 See credentials(7) .
见凭证(7) 。
On Linux, you might be interested by Ian Taylor libbacktrace .在 Linux 上,您可能对 Ian Taylor libbacktrace 感兴趣。 RefPerSys and GCC are using it.
RefPerSys和GCC正在使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.