"DEBUG HACKS"を読んでいて(P.61-62辺り)、pmapで見た内容がcoreに出力されてんじゃないの?と気がついたので確かめてみた。
※知ってる人はとっくに知ってるんだろうけど。
調査ターゲットを探す
# ps
PID TTY TIME CMD
3578 pts/0 00:00:00 su
3579 pts/0 00:00:00 bash ←こいつをターゲットにしてみよう
3671 pts/0 00:00:00 ps
ターゲット(pid=3579)のpmapを確認
# pmap 3579
3579: -bash
0019e000 36K r-x-- /lib/libnss_files-2.5.so
001a7000 4K r---- /lib/libnss_files-2.5.so
001a8000 4K rw--- /lib/libnss_files-2.5.so
008db000 100K r-x-- /lib/ld-2.5.so
008f4000 4K r---- /lib/ld-2.5.so
008f5000 4K rw--- /lib/ld-2.5.so
008f8000 1256K r-x-- /lib/libc-2.5.so
00a32000 8K r---- /lib/libc-2.5.so
00a34000 4K rw--- /lib/libc-2.5.so
00a35000 12K rw--- [ anon ]
00a3a000 8K r-x-- /lib/libdl-2.5.so
00a3c000 4K r---- /lib/libdl-2.5.so
00a3d000 4K rw--- /lib/libdl-2.5.so
00a82000 12K r-x-- /lib/libtermcap.so.2.0.8
00a85000 4K rw--- /lib/libtermcap.so.2.0.8
00d7b000 4K r-x-- [ anon ]
08047000 684K r-x-- /bin/bash
080f2000 20K rw--- /bin/bash
080f7000 20K rw--- [ anon ]
08d6e000 132K rw--- [ anon ]
b7c8d000 8K rw--- [ anon ]
b7c8f000 28K r--s- /usr/lib/gconv/gconv-modules.cache
b7c96000 940K r---- /usr/lib/locale/locale-archive
b7d81000 2048K r---- /usr/lib/locale/locale-archive
b7f81000 8K rw--- [ anon ]
bfe87000 88K rw--- [ stack ]
total 5444K
gcoreでcore dumpを無理やり取ってみる
# gcore 3579
(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
0x00d7b410 in __kernel_vsyscall ()
Saved corefile core.3579
gdbでcore dumpを確認してみる('->'から右は比較のためpmapの実行結果をコピペしている)
# gdb -c ./core.3579
...
Core was generated by `/bin/bash'.
#0 0x00d7b410 in __kernel_vsyscall ()
(gdb) info files
Local core dump file:
`/root/./core.3579', file type elf32-i386.
0x001a8000 - 0x001a9000 is load3 -> 001a8000 4K rw--- /lib/libnss_files-2.5.so
0x008f5000 - 0x008f6000 is load6 -> 008f5000 4K rw--- /lib/ld-2.5.so
0x00a34000 - 0x00a35000 is load9 -> 00a34000 4K rw--- /lib/libc-2.5.so
0x00a35000 - 0x00a38000 is load10 -> 00a35000 12K rw--- [ anon ]
0x00a3d000 - 0x00a3e000 is load13 -> 00a3d000 4K rw--- /lib/libdl-2.5.so
0x00a85000 - 0x00a86000 is load15 -> 00a85000 4K rw--- /lib/libtermcap.so.2.0.8
0x00d7b000 - 0x00d7c000 is load16 -> 00d7b000 4K r-x-- [ anon ]
0x080f2000 - 0x080f7000 is load18 -> 080f2000 20K rw--- /bin/bash
0x080f7000 - 0x080fc000 is load19 -> 080f7000 20K rw--- [ anon ]
0x08d6e000 - 0x08d8f000 is load20 -> 08d6e000 132K rw--- [ anon ]
0xb7c8d000 - 0xb7c8f000 is load21 -> b7c8d000 8K rw--- [ anon ]
0xb7c8f000 - 0xb7c96000 is load22 -> b7c8f000 28K r--s- /usr/lib/gconv/gconv-modules.cache
0xb7c96000 - 0xb7d81000 is load23 -> b7c96000 940K r---- /usr/lib/locale/locale-archive
0xb7d81000 - 0xb7f81000 is load24 -> b7d81000 2048K r---- /usr/lib/locale/locale-archive
0xb7f81000 - 0xb7f83000 is load25 -> b7f81000 8K rw--- [ anon ]
0xbfe87000 - 0xbfe9d000 is load26 -> bfe87000 88K rw--- [ stack ]
(gdb)
0 件のコメント:
コメントを投稿