Basically, you use a debugger. Since you did not specify an OS I'll assume you have
gdb. You must have compiled the file
in order for symbols to be available. If you are analyzing a core dump of somebody else's code you are in trouble.
The core dump file is called core
This will show you a backtrace (stack dump) of the call tree that lead to the crash.
You will have to find using the stack dump where in the code (not in a C library) the crash occurred. In other words the last line of the program's code that actually led to the crash.
Hi folks,
I'm hoping someone would be charitable enough to give me a quick explanation of adb usage for analyzing core files...or point me in the right direction. A search here revealed scant results and web searches are providing me with ambiguous information.
Running Solaris.
Thanks,... (1 Reply)
Hi,
I just wanted to know is there any tool avaliable for core analysis on hp-ux. I have heard about q4 utility. But I think it is used for analysis of system crash dump and not for core dump produced by a user process.
gdb doesn't give much information unless the binary is debug-build.
... (0 Replies)
Hello,
I'm new to the group and this is my first post. I'm hoping someone can help me out. I have a core dump that I need to analyze from a Unix box and I've never done this sort of thing before. I was told to run a pmap and pstack on the core file which provided two different output files. ... (3 Replies)
How can we analyze a core file and determine why it was generated on a solaris system?
I know file core filename will tell us what program generated the file. But, what to do next to get more details?
Thanks, (5 Replies)
We have just enabled core dump on our RHEL5.7 OS. the java process is terminating very often so we enable core dump to analysis the issue and find below in core dump file.
Core was generated by `/usr/java/jdk1.6.0_06//bin/java -server -Xms1536m -Xmx1536m -Xmn576m -XX:+Aggre'.
Program... (0 Replies)
dear all,
i have p770 aix6.1
last week, the host reboot suddenly with dump. but i don't know how to analyze the dump.
I posted kdb details in the attachment.
please anybody help me.
#>kdb vmcore.0 /unix
vmcore.0 mapped from @ 700000000000000 to @ 7000001c72c0908
START ... (13 Replies)
Discussion started by: tomato00
13 Replies
LEARN ABOUT BSD
crash
CRASH(L) CRASH(L)
NAME
crash - analyze kernel dump or active system image
SYNOPSIS
crash [ aps ] [ -bdvtiz ] [ -s sfile ] [ -c cfile ] [ -u addr ]
DESCRIPTION
Synopsis of options -
-b Brief mode; skip general display of processes
-d Crash dump contains swap image. (default?)
-v Verbose; dump much information about each proc [future]
-t TTY structs to be dumpped
-i Incore inode table to be printed
-c FILE Provide non-standard file name for system image input
-s FILE Provide non-standard symboltable input
-u ADDR Trace a process other than currently selected one
-z Interrupt Trace displayed
aps Print PS & PC at time of interupt (doesn't do anything)
crash examines a dump of unix which it looks for in the file sysdump. It prints out the contents of the general registers, the kernel
stack and a traceback through the kernel stack. If an aps is specified, the ps and pc at time of interrupt are also printed out. The dump
of the stack commences from a "reasonable" address and all addresses are relocated to virtual addresses by using the value of kdsa6 found
in the dump.
The following options may be specified.
-b Brief mode; skip general display of processes. Only the currently selected process will be traced.
-c cfile
If the -c argument is found, the following argument is taken to be the name of a file containing the system image. The default is
"/usr/sys/core".
-s sfile
If the -s argument is found the following argument is taken to be the name of a file, containing a symbol table which should be used
in interpreting text addresses. The default is "/unix".
-u addr
Force a process to be displayed as if it were active when the crash occurred. addr is the octal address of the proc table entry.
FILES
/unix system namelist
/dev/swap swap device
/usr/sys/core core file
SEE ALSO crash(8), adb(1), ps(1), rstat(1)DIAGNOSTICS
Missing arg Unable to Open file Format Error in symbolfile
BUGS
Care should be used in running crash on "/dev/mem". Things can change while crash is running; the picture it gives is only a close approx-
imation to reality.
AUTHOR
Mike Muuss, JHU EE
John Stewart, Teledyne Geotech
March 1983 CRASH(L)