Gdb dump program memory

Fragsworth Fragsworth 1, 2 2 gold badges 12 12 silver badges 14 14 bronze badges. You might also want to read superuser. Add a comment. Active Oldest Votes. Improve this answer. James L James L 5, 1 1 gold badge 18 18 silver badges 23 23 bronze badges. Programming4life gcore 1 — julian. I've made a script that accomplishes this task. Qsiris 3 3 bronze badges. Nilsson A. Nilsson 5 5 silver badges 7 7 bronze badges.

Just used it to discover which script a mysterious bash instance was running. Why are you only grepping for and dumpying ranges with rw-p permissions? If you want a dump of both, then go ahead and exchange grep for e. Aquarius Power Aquarius Power 1 1 gold badge 7 7 silver badges 14 14 bronze badges. Occasionally, you may wish to produce a core file of the program you are debugging in order to preserve a snapshot of its state.

GDB has a special command for that. Produce a core dump of the inferior process. This command shows the core file size limit. Step Core dump analysis Now we will generate the core dump file and analyze the segmentation fault using the GDB. Again run the program and this time core file will generate. Run a few gdb commands to get more info. However, we've hit another, also with an argument of zero. Trying our write trick again:. In the previous section, I had to use three continues to reach the right invocation of a breakpoint.

If that were hundreds of invocations, then I'd use a conditional breakpoint. So why didn't I run it right away, when I first created the "pending" breakpoint? I've found conditionals don't work on pending breakpoints, at least on this gdb version.

Either that or I'm doing it wrong. I also used i b here info breakpoints to list them with information. I did try another write-like hack, but this time changing the instruction path rather than the data. My hope is that by not executing it, it won't set the global curterm to 0x0. One more try. After browsing the code a bit more, I want to try doing a ret twice, in case the parent function is also involved.

Again, this is just a hacky experiment:. I'd been posting debugging output to github , especially since the lead BPF engineer, Alexei Starovoitov, is also well versed in llvm internals, and the root cause seemed to be a bug in llvm. While I was messing with writes and returns, he suggested adding the llvm option -fno-color-diagnostics to bcc, to avoid this problem code path. It worked! It was added to bcc as a workaround. And we should get that llvm bug fixed.

At this point we've fixed the problem, but you might be curious to see the stack trace fully fixed. The python debug packages have added other capabilities to gdb. Now we can look at the python backtrace:. It's identifying where in our Python code we were executing that hit the segfault.

That's really nice! The problem with the initial stack trace is that we're seeing Python internals that are executing the methods, but not the methods themselves. If you do a web search for " language name " and "gdb" you might find it has gdb debugging extensions like Python does. If it doesn't, the bad news is you'll need to write your own. The good news is that this is even possible!

While it might look like I've written comprehensive tour of gdb, I really haven't: there's a lot more to gdb. The help command will list the major sections:.

You can then run help on each command class. For example, here's the full listing for breakpoints:. This helps to illustrate how many capabilities gdb has, and how few I needed to use in this example.

Well, that was kind of a nasty issue: an LLVM bug breaking ncurses and causing a Python program to segfault. But the commands and procedures I used to debug it were mostly routine: viewing stack traces, checking registers, setting breakpoints, stepping, and browsing source.

When I first used gdb years ago , I really didn't like it. It felt clumsy and limited. Feature sets vary between debuggers, but gdb may be the most powerful text-based debugger nowadays, with lldb catching up. I hope anyone searching for gdb examples finds the full output I've shared to be useful, as well as the various caveats I discussed along the way.

Maybe I'll post some more gdb sessions when I get a chance, especially for other runtimes like Java. You can comment here, but I can't guarantee your comment will remain here forever: I might switch comment systems at some point e. Systems Performance 2nd Ed. Brendan Gregg's Blog home. The Problem The bcc collection of BPF tools had a pull request for cachetop , which uses a top-like display to show page cache statistics by process.

Trying again:. Type "show copying" and "show warranty" for details. Type "show configuration" for configuration details. For bug reporting instructions, please see:. Find the GDB manual and other documentation resources online at:. For help, type "help". Type "apropos word" to search for commands related to "word" Back Trace Stack back traces show how we arrived at the point of fail, and are often enough to help identify a common problem. Use the "file" command.