Thursday, May 5, 2011

How to analysis coredump using GDB tool?

■ Requirement : How to analysis coredump using GDB tool
■ OS Environment : Linux[RHEL, Centos]
■ Application: gdb
■ Implementation Steps : 

         Usually application or kernel creates core dump/vmcore file. You need to enable coredump on the linux machine. To collect the vmcore file(memory dump using crash kernel) you need to install kexec/kdump utils in the machine.

Once setup is done, you can install GDB like :

$ yum install gdb

1. Analysis coredump generated by process/binary :

a)Install the particular package which contains that binary. Check the version to make it similar if you want to analysis the coredump file on another system.
b) Install -debuginfo- on the machine of that same package.
c) start GDBing like : 


$gdb
$run

d) Enter 
"bt"

at the gdb prompt to get the stack of the symbols. Now analyse these to get the clue.

2. To analysis the vmcore file you need to replace the with and with file

then type bt to get backstrace.

DEMO : Using a simple c program :


1. Program hello.c

#include

char hello[] = { "Hello, World!" };

int
main()
{
fprintf (stdout, "%s\n", hello);
return (0);
}



2. Compile the above program :

$ gcc -g -o hello hello.c

3. Run gdb on the hello binary, i.e. gdb hello.


$ gdb hello

4. Same thing can be done even before execution is started. The variable hello is global, so it can be seen even before the main procedure starts:

gdb) p hello
$1 = "Hello, World!"
(gdb) p hello[0]
$2 = 72 'H'
(gdb) p *hello
$3 = 72 'H'
(gdb)


5.Next, list the source:

(gdb) l OR gdb list

1 #include

2
3 char hello[] = { "Hello, World!" };
4
5 int
6 main()
7 {
8 fprintf (stdout, "%s\n", hello);
9 return (0);
10 }


6. The list reveals that the fprintf call is on line 8. Apply a breakpoint on that line and resume the code:

(gdb) br 8
Breakpoint 1 at 0x80483ed: file hello.c, line 8.
(gdb) r
Starting program: /home/moller/tinkering/gdb-manual/hello

Breakpoint 1, main () at hello.c:8
8 fprintf (stdout, "%s\n", hello);


7. Finally, use the “next” command to step past the fprintf call, executing it:
gdb n

No comments:

Post a Comment