Getting a core dump of a process without killing it?
Oliver Pinter
oliver.pinter at hardenedbsd.org
Sat Jan 2 22:53:12 UTC 2016
On Saturday, January 2, 2016, Dieter BSD <dieterbsd at gmail.com> wrote:
> I have a (stopped) process which hopefully has some data in its
> memory.
>
> Is there a way to get a core dump of a process without killing it?
>
> Looked in kern_sig.c but it appears that any signal that gives a
> core dump also kills the process.
>
> Created a similar process, sent it a SIGTRAP, looked at the core dump
> with hexdump and found the data. But of course SIGTRAP also kills the
> process.
>
> Gdb can attach to a process and dump areas of memory,
> (dump memory filename addr1 addr2) if you can figure
> out what address range(s) you want. I tried "maint info sections"
> but no joy. Use too large a range with "dump memory" and
> gdb fails. There doesn't seem to be a dump everything option.
>
> FreeBSD 8.2 [ because 10.1 doesn't work :-( ] on amd64
> ps reports that VSZ is 108104.
Take a look at gcore command.
> _______________________________________________
> freebsd-hackers at freebsd.org <javascript:;> mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org
> <javascript:;>"
>
More information about the freebsd-hackers
mailing list