Can read/interpret "core" files (crashdump/coredump) ?
Opened this issue · 1 comments
Can interpret and dump any coredump (ELF image with ET_CORE type)
with sections containing info useful for debugging
For ELF executable programs (see a.out(4)), the core file generated is also an ELF file, containing ELF program and file headers. The e_type field in the file header has type ET_CORE. The program header contains an entry for every segment that was part of the process address space, including shared library segments. The contents of the writable segments are also part of the core image.
The program header of an ELF core file also contains entries for two NOTE segments, each containing several note entries as described below. The note entry header and core file note type (n_type) definitions are contained in <sys/elf.h>. The first NOTE segment exists for binary compatibility with old programs that deal with core files. It contains structures defined in <sys/old_procfs.h>. New programs should recognize and skip this NOTE segment, advancing instead to the new NOTE segment. The old NOTE segment will be deleted from core files in a future release.
https://docs.oracle.com/cd/E19455-01/806-0633/6j9vn6q30/index.html
Further References:
http://uhlo.blogspot.com/2012/05/brief-look-into-core-dumps.html
http://www.gabriel.urdhr.fr/2015/05/29/core-file/
https://static1.squarespace.com/static/556340ece4b0869396f21099/t/558498e6e4b016fed75f80be/1434753254369/2014_11_Ryan-ONeill_Extended-Core-Format-Snapshots.pdf
Commands section of https://linux.die.net/man/8/crash contains few useful examples of commands that can be supported to read/interpret a core file.