Geek Answers Handbook

How to read frames from a core dump (without GDB)?

I would like to access the frames stored in the core dump of a program that does not have debugging symbols (I want to do this in C). When I open the program and the core dump inside GDB, I get a stack trace, including function names. For example:

(gdb) bt #0 0x08048443 in layer3 () #1 0x08048489 in layer2 () #2 0x080484c9 in layer1 () #3 0x0804854e in main ()

The names of all functions are stored in the executable file in the .strtab section. How can I plot a stack trace with different frames? Running GDB in batch mode is not . And also just “copying the parts from gdb that are needed” is also a good idea, because the code is not written independently.

So, to clarify my question: where can I find the point inside the core dump, where can I start reading stack information? Is there any library to access this information? Can I use a structure? Or better yet, documentation, how is this data structured inside a core dump?

(I already saw the question " how to create a stack trace from a core dump file in C without calling an external tool like gdb ", but since there is no valid answer, I thought I would ask it again)

[Edit] I do this under Linux x86

+7
source share
1 answer

Coredump contains stack information. If you can use this stack information along with the EBP and EIP register values ​​in the coredump file, you can print the stack trace. I wrote a program for this. You can find the program at the following link.

  http://www.emntech.com/programs/corestrace.c

Usage: Compile the above program and give the main file when it is executed.

  $corestrace core

If you want the characters to be printed as well, you do this: suppose that the program generated by the kernel is a "test".

  $ nm -n test > symbols $ corestrace core symbols

An example output is as follows:

  $ ./coretrace core symbols 0x80483cd foo+0x9 0x8048401 func+0x1f 0x8048430 main+0x2d
+7
source

More articles:


All Articles