What to do with a process dump?

Question

I am trying to learn on a more deeper level how programs work. I came across someone writing about "process dumping" and that that person said process dumping might be a way to get information from a program. I have tried this process dumping (dr jimbob's answer) method on my Linux machine and got a huge file from the program I used the script on. It mostly contains stuff such as ^@^@^@ ^Q^@^@^@^@^@^@^@^@^@^@^@^@^@ ^O^@^@ ^@^@^@^@^@^@^@^@^@^@^@ but there were some strings and lots of random information (eg libraries) in the file. I am guessing the @ signs and other random combinations of symbols are just stuff in the program that is not formated in UTF-8/letter format. I also tried this method and got lots of .dump files.

My question boils down to: How do I actually read the dump file and get relevant information? Is it not more efficient to do something like strings file.dump since what I am looking for is readable information, not @ signs?

Answer 1

strings file.dump is perfectly fine, if you just want to examine some strings.

Usually, you want to examine function stack and values of specific variables (which are usually binary - so strings won't work). To do that you can load core dump into debugger, for example:

dump process 9319 (bash):

gcore 9319

load into gdb:

gdb bash core.9319

then proceed as if it were a live process. For example, dump stack trace:

(gdb) bt
#0  0x00007f5ef50318a7 in __GI___waitpid (pid=-1, stat_loc=0x7ffd567683d0, 
    options=10) at ../sysdeps/unix/sysv/linux/waitpid.c:30
#1  0x000055ef3ea89869 in ?? ()
#2  0x000055ef3ea8acc3 in wait_for ()
#3  0x000055ef3ea78b85 in execute_command_internal ()
#4  0x000055ef3ea78df2 in execute_command ()
#5  0x000055ef3ea60833 in reader_loop ()
#6  0x000055ef3ea5f104 in main ()

or examine some global variables:

(gdb) print (int)history_length 
$1 = 81

it helps if your program has debug symbols (compiled with -g) - you will see a lot more information