Ale*_*tar 4 c c++ linux gdb coredump
使用 gdb 从核心转储文件中识别完整命令时出现问题\n崩溃的命令本身可能很长
\nIE
\nmyCommand -f log/SlaRunTimeReport.rep -I input/myFile.txt -t output/myFile.txt\n但是当使用gdb识别位置\xe2\x80\x9c中的命令Core是由\xe2\x80\x9d生成的
\n即通过执行
\ngdb -c core.56536\n输出:
\nGNU gdb (GDB) Red Hat Enterprise Linux 7.10-20.el7\n\n\xe2\x80\xa6.\n\nCore was generated by `myCommand -f log/SlaRunTimeReport.rep -I \ninput/myFile.t'.\n可以看到完整的命令(可执行文件+参数)被中间切掉了
\n\xe2\x80\x98myCommand -f log/SlaRunTimeReport.rep -I input/myFile.t'\n另外使用字符串命令时,也无助于识别完整命令
\nstrings core.56536 | grep PMRunTimeReport\n输出:
\nmyCommand \n\nmyCommand -f log/SlaRunTimeReport.rep -I input/myFile.t\n有没有办法从 coredump 文件中获取导致失败的完整命令
\n提前致谢
\n有没有办法从 coredump 文件中获取导致失败的完整命令
方法有很多种,但跑步strings是错误的方法。
如果您使用调试信息构建了程序,您应该能够简单地执行up命令直到到达main,然后argv[0]通过进行检查argv[argc-1]。
如果您的main构建不是使用调试信息,或者不使用argcand argv,您应该能够从__libc_argcand__libc_argv变量恢复该信息。例子:
$ ./a.out foo bar baz $(python -c 'print "a" * 500')
Aborted (core dumped)
$ gdb -q ./a.out core
Core was generated by `./a.out foo bar baz aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'.
请注意,“生成者”被截断了——它来自 内部的固定长度数组struct prpsinfo,保存NT_PRPSINFO在core.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007fab38cfcf2b in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.27-15.fc28.x86_64
(gdb) p (int)__libc_argc
$1 = 5
(gdb) p ((char**)__libc_argv)[0]@5
$2 = {0x7ffede43289f "./a.out", 0x7ffede4328a7 "foo", 0x7ffede4328ab "bar",
0x7ffede4328af "baz",
0x7ffede4328b3 'a' <repeats 200 times>...}
最后一行实际上是一个谎言——我们知道它'a'重复了 500 次。
我们可以像这样修复它:
(gdb) set print elem 0
(gdb) p ((char**)__libc_argv)[0]@5
$3 = {0x7ffede43289f "./a.out", 0x7ffede4328a7 "foo", 0x7ffede4328ab "bar",
0x7ffede4328af "baz",
0x7ffede4328b3 'a' <repeats 500 times>}
瞧:我们现在有了完整的命令。
最后,如果您安装了 GLIBC 的调试信息,您可以简单地查看__libc_start_main(称为您的main):
(gdb) set backtrace past-main
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007fab38ce7561 in __GI_abort () at abort.c:79
#2 0x00000000004004ef in main () at foo.c:3
#3 0x00007fab38ce918b in __libc_start_main (main=0x4004e6 <main>, argc=5, argv=0x7ffede431118,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffede431108)
at ../csu/libc-start.c:308
#4 0x000000000040042a in _start ()
在这里,您可以在第 3 帧中清楚地看到argc和argv,并且可以像这样检查它: argv
(gdb) fr 3
#3 0x00007fab38ce918b in __libc_start_main (main=0x4004e6 <main>, argc=5, argv=0x7ffede431118,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffede431108)
at ../csu/libc-start.c:308
308 result = main (argc, argv, __environ MAIN_AUXVEC_PARAM);
(gdb) p argv[0]@5
$1 = {0x7ffede43289f "./a.out", 0x7ffede4328a7 "foo", 0x7ffede4328ab "bar",
0x7ffede4328af "baz",
0x7ffede4328b3 'a' <repeats 500 times>}