I've got some core files generated in my system, but the suffix for these core files only has timestamp, no process id information.
我的系统中生成了一些核心文件,但这些核心文件的后缀只有时间戳,没有进程ID信息。
So it there any process id related information inside core files so that I can know it from gdb or other tools?
那么核心文件中是否有任何进程id相关信息,以便我可以从gdb或其他工具中知道它?
2 个解决方案
#1
1
So it there any process id related information inside core files
所以它在核心文件中有任何进程id相关信息
Definitely.
In the core file, there is a set of ELF notes. The note you are looking for is of type NT_PRPSINFO, and it contains (among other things) pr_pid that you want:
在核心文件中,有一组ELF注释。您要查找的注释是NT_PRPSINFO类型,它包含(以及其他)您想要的pr_pid:
typedef struct prpsinfo { /* Information about process */
unsigned char pr_state; /* Numeric process state */
char pr_sname; /* Char for pr_state */
unsigned char pr_zomb; /* Zombie */
signed char pr_nice; /* Nice val */
unsigned long pr_flag; /* Flags */
uint32_t pr_uid; /* User ID */
uint32_t pr_gid; /* Group ID */
pid_t pr_pid; /* Process ID */
pid_t pr_ppid; /* Parent's process ID */
pid_t pr_pgrp; /* Group ID */
pid_t pr_sid; /* Session ID */
char pr_fname[16]; /* Filename of executable */
char pr_psargs[80]; /* Initial part of arg list */
} prpsinfo;
The question is: which tool(s) can find and decode this note. Try eu-readelf from elfutils.
问题是:哪个工具可以找到并解码此注释。从elfutils尝试eu-readelf。
#2
-1
Yes, use the "file" command.
是的,使用“file”命令。
file <core_file>
That should tell you what executable/command caused the core to dump. Let me know if that's not what you needed.
这应该告诉你什么可执行文件/命令导致核心转储。如果那不是您需要的,请告诉我。
#1
1
So it there any process id related information inside core files
所以它在核心文件中有任何进程id相关信息
Definitely.
In the core file, there is a set of ELF notes. The note you are looking for is of type NT_PRPSINFO, and it contains (among other things) pr_pid that you want:
在核心文件中,有一组ELF注释。您要查找的注释是NT_PRPSINFO类型,它包含(以及其他)您想要的pr_pid:
typedef struct prpsinfo { /* Information about process */
unsigned char pr_state; /* Numeric process state */
char pr_sname; /* Char for pr_state */
unsigned char pr_zomb; /* Zombie */
signed char pr_nice; /* Nice val */
unsigned long pr_flag; /* Flags */
uint32_t pr_uid; /* User ID */
uint32_t pr_gid; /* Group ID */
pid_t pr_pid; /* Process ID */
pid_t pr_ppid; /* Parent's process ID */
pid_t pr_pgrp; /* Group ID */
pid_t pr_sid; /* Session ID */
char pr_fname[16]; /* Filename of executable */
char pr_psargs[80]; /* Initial part of arg list */
} prpsinfo;
The question is: which tool(s) can find and decode this note. Try eu-readelf from elfutils.
问题是:哪个工具可以找到并解码此注释。从elfutils尝试eu-readelf。
#2
-1
Yes, use the "file" command.
是的,使用“file”命令。
file <core_file>
That should tell you what executable/command caused the core to dump. Let me know if that's not what you needed.
这应该告诉你什么可执行文件/命令导致核心转储。如果那不是您需要的,请告诉我。