尝试定位一个程序的core dump
1. 拿到这个程序的coredump文件。我的在/var/log下:xxx_18.core,18是最新编号。
然后使用gdb:
$ gdb ngw ngw.18.core
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ngw...done.
warning: exec file is newer than core file.
warning: Unexpected size of section `.reg/1' in core file.
warning: Unexpected size of section `.reg2/1' in core file.
Program terminated with signal SIGSEGV, Segmentation fault.
warning: Unexpected size of section `.reg/1' in core file.
warning: Unexpected size of section `.reg2/1' in core file.
#00x100bed98 in ?? ()
(gdb) p main
$1 = {int (void)} 0xbe30 <main()>
另一方面反汇编可执行文件xxx。
$ aarch64-linux-gnu-objdump -ID -C -S./xxx > d-xxx.txt得到反汇编代码:
在这里面可以找到函数的地址,就像上面main的。
接下来尝试寻找core dump的地址
页:
[1]