如何轻松打包分析核心转储所需的库(即 packcore)

发布于 2024-12-06 16:54:45 字数 195 浏览 11 评论 0原文

HPUX 上可用的 GDB 版本有一个名为“packcore”的命令,该命令创建一个包含核心转储、可执行文件和所有库的 tarball。当尝试在不同的机器上调试核心转储时,我发现这非常有用。

在 Linux 机器上的 GDB 标准版本中是否有类似的命令?

我正在寻找一个简单的命令,当生产机器上出现问题时,不一定是开发人员的人也可以运行该命令。

The version of GDB that is available on HPUX has a command called "packcore", which creates a tarball containing the core dump, the executable and all libraries. I've found this extremely useful when trying to debug core dumps on a different machine.

Is there a similar command in the standard version of GDB that I might find on a Linux machine?

I'm looking for an easy command that someone that isn't necessarily a developer can run when things go bad on a production machine.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

相守太难 2024-12-13 16:54:45

核心文件包含生成它的命令。理想情况下,这将包括相应可执行文件的完整路径。例如:

$ file core.29529 
core.29529: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/bin/sleep 60'

在 ELF 二进制文件上运行 ldd 将显示它所依赖的库:

$ ldd /bin/sleep
linux-vdso.so.1 =>  (0x00007fff1d3ff000)
libc.so.6 => /lib64/libc.so.6 (0x0000003d3ce00000)
/lib64/ld-linux-x86-64.so.2 (0x0000003d3ca00000)

所以现在我知道了分析核心转储所需的可执行文件和库。

这里棘手的部分是从核心文件中提取可执行路径。似乎没有一个好的工具可以直接阅读此内容。数据以 prpsinfo 结构编码(来自 /usr/include/sys/procfs.h),您可以使用 readelf: 找到数据的位置大小

$ readelf -n core.29529
Notes at offset 0x00000468 with length 0x00000558:
  Owner         Data size       Description
  CORE          0x00000150      NT_PRSTATUS (prstatus structure)
  CORE          0x00000088      NT_PRPSINFO (prpsinfo structure)
  CORE          0x00000130      NT_AUXV (auxiliary vector)
  CORE          0x00000200      NT_FPREGSET (floating point registers)

。 ..因此,理论上可以编写一个代码片段来从该结构中提取命令行,并以一种使整个过程更容易自动化的方式打印出来。当然,您可以只解析 file 的输出:

$ file core.29529  | sed "s/.*from '\([^']*\)'/\1/"
/bin/sleep 60

这就是所有部分。这是将所有内容放在一起的起点:

#!/bin/sh

core=$1
exe=$(file $core  | sed "s/.*from '\([^']*\)'/\1/" | awk '{print $1}')

libs=$(
    ldd $exe |
    awk '
        /=> \// {print $3}
        ! /=>/ {print $1}
    '
    )

cat <<EOF | tar -cah -T- -f $1-all.tar.xz
$libs
$exe
EOF

对于我的示例,如果我将此脚本命名为 packcore 并通过 sleep 命令在核心文件上运行它,我会得到以下结果:

$ packcore core.29529
tar: Removing leading `/' from member names
$ tar -c -f core.29529-all.tar.xz
core.29529
lib64/libc.so.6
lib64/ld-linux-x86-64.so.2
bin/sleep

就目前而言,这个脚本非常脆弱;我仅根据此示例输出对 ldd 的输出做出了很多假设。

The core file includes the command from which it was generated. Ideally this will include the full path to the appropriate executable. For example:

$ file core.29529 
core.29529: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/bin/sleep 60'

Running ldd on an ELF binary will show what libraries it depends on:

$ ldd /bin/sleep
linux-vdso.so.1 =>  (0x00007fff1d3ff000)
libc.so.6 => /lib64/libc.so.6 (0x0000003d3ce00000)
/lib64/ld-linux-x86-64.so.2 (0x0000003d3ca00000)

So now I know the executable and the libraries needed to analyze the core dump.

The tricky part here is extracting the executable path from the core file. There doesn't appear to be a good tool for reading this directly. The data is encoded in a prpsinfo structure (from /usr/include/sys/procfs.h), and you can find the location size of the data using readelf:

$ readelf -n core.29529
Notes at offset 0x00000468 with length 0x00000558:
  Owner         Data size       Description
  CORE          0x00000150      NT_PRSTATUS (prstatus structure)
  CORE          0x00000088      NT_PRPSINFO (prpsinfo structure)
  CORE          0x00000130      NT_AUXV (auxiliary vector)
  CORE          0x00000200      NT_FPREGSET (floating point registers)

...so one could in theory write a code snippet to extract the command line from this structure and print it out in a way that would make this whole process easier to automate. You could, of course, just parse the output of file:

$ file core.29529  | sed "s/.*from '\([^']*\)'/\1/"
/bin/sleep 60

So that's all the parts. Here's a starting point for putting it all together:

#!/bin/sh

core=$1
exe=$(file $core  | sed "s/.*from '\([^']*\)'/\1/" | awk '{print $1}')

libs=$(
    ldd $exe |
    awk '
        /=> \// {print $3}
        ! /=>/ {print $1}
    '
    )

cat <<EOF | tar -cah -T- -f $1-all.tar.xz
$libs
$exe
EOF

For my example, if I name this script packcore and run it on the core file from the sleep command, I get this:

$ packcore core.29529
tar: Removing leading `/' from member names
$ tar -c -f core.29529-all.tar.xz
core.29529
lib64/libc.so.6
lib64/ld-linux-x86-64.so.2
bin/sleep

As it stands this script is pretty fragile; I've made lots of assumptions about the output from ldd based on only this sample output.

原谅我要高飞 2024-12-13 16:54:45

下面是执行必要步骤的脚本(仅在 RHEL5 上测试,但也可能在其他地方工作):

#!/bin/sh
#
# Take a core dump and create a tarball of all of the binaries and libraries
# that are needed to debug it.
#

include_core=1
keep_workdir=0

usage()
{
        argv0="$1"
        retval="$2"
        errmsg="$3"
        if [ ! -z "$errmsg" ] ; then
                echo "ERROR: $errmsg" 1>&2
        fi
        cat <<EOF
Usage: $argv0 [-k] [-x] <corefile>
        Parse a core dump and create a tarball with all binaries and libraries
        needed to be able to debug the core dump.
        Creates <corefile>.tgz

        -k - Keep temporary working directory
        -x - Exclude the core dump from the generated tarball
EOF
        exit $retval
}

while [ $# -gt 0 ] ; do
        case "$1" in
        -k)
                keep_workdir=1
                ;;
        -x)
                include_core=0
                ;;
        -h|--help)
                usage "$0" 0
                ;;
        -*)
                usage "$0" 1 "Unknown command line arguments: $*"
                ;;
        *)
                break
                ;;
        esac
        shift
done

COREFILE="$1"

if [ ! -e "$COREFILE" ] ; then
        usage "$0" 1 "core dump '$COREFILE' doesn't exist."
fi
case "$(file "$COREFILE")" in
        *"core file"*)
                break
                ;;
        *)
                usage "$0" 1 "per the 'file' command, core dump '$COREFILE' is not a core dump."
                ;;
esac

cmdname=$(file "$COREFILE" | sed -e"s/.*from '\(.*\)'/\1/")
echo "Command name from core file: $cmdname"
fullpath=$(which "$cmdname")
if [ ! -x "$fullpath" ] ; then
        usage "$0" 1 "unable to find command '$cmdname'"
fi
echo "Full path to executable: $fullpath"

mkdir "${COREFILE}.pack"
gdb --eval-command="quit" "${fullpath}" ${COREFILE}  2>&1 | \
  grep "Reading symbols" | \
  sed -e's/Reading symbols from //' -e's/\.\.\..*//' | \
  tar --files-from=- -cf - | (cd "${COREFILE}.pack" && tar xf -)
if [ $include_core -eq 1 ] ; then
        cp "${COREFILE}" "${COREFILE}.pack"
fi
tar czf "${COREFILE}.pack.tgz" "${COREFILE}.pack"

if [ $keep_workdir -eq 0 ] ; then
        rm -r "${COREFILE}.pack"
fi

echo "Done, created ${COREFILE}.path.tgz"

Here's a script that does the necessary steps (tested only on RHEL5, but might work elsewhere too):

#!/bin/sh
#
# Take a core dump and create a tarball of all of the binaries and libraries
# that are needed to debug it.
#

include_core=1
keep_workdir=0

usage()
{
        argv0="$1"
        retval="$2"
        errmsg="$3"
        if [ ! -z "$errmsg" ] ; then
                echo "ERROR: $errmsg" 1>&2
        fi
        cat <<EOF
Usage: $argv0 [-k] [-x] <corefile>
        Parse a core dump and create a tarball with all binaries and libraries
        needed to be able to debug the core dump.
        Creates <corefile>.tgz

        -k - Keep temporary working directory
        -x - Exclude the core dump from the generated tarball
EOF
        exit $retval
}

while [ $# -gt 0 ] ; do
        case "$1" in
        -k)
                keep_workdir=1
                ;;
        -x)
                include_core=0
                ;;
        -h|--help)
                usage "$0" 0
                ;;
        -*)
                usage "$0" 1 "Unknown command line arguments: $*"
                ;;
        *)
                break
                ;;
        esac
        shift
done

COREFILE="$1"

if [ ! -e "$COREFILE" ] ; then
        usage "$0" 1 "core dump '$COREFILE' doesn't exist."
fi
case "$(file "$COREFILE")" in
        *"core file"*)
                break
                ;;
        *)
                usage "$0" 1 "per the 'file' command, core dump '$COREFILE' is not a core dump."
                ;;
esac

cmdname=$(file "$COREFILE" | sed -e"s/.*from '\(.*\)'/\1/")
echo "Command name from core file: $cmdname"
fullpath=$(which "$cmdname")
if [ ! -x "$fullpath" ] ; then
        usage "$0" 1 "unable to find command '$cmdname'"
fi
echo "Full path to executable: $fullpath"

mkdir "${COREFILE}.pack"
gdb --eval-command="quit" "${fullpath}" ${COREFILE}  2>&1 | \
  grep "Reading symbols" | \
  sed -e's/Reading symbols from //' -e's/\.\.\..*//' | \
  tar --files-from=- -cf - | (cd "${COREFILE}.pack" && tar xf -)
if [ $include_core -eq 1 ] ; then
        cp "${COREFILE}" "${COREFILE}.pack"
fi
tar czf "${COREFILE}.pack.tgz" "${COREFILE}.pack"

if [ $keep_workdir -eq 0 ] ; then
        rm -r "${COREFILE}.pack"
fi

echo "Done, created ${COREFILE}.path.tgz"
寄人书 2024-12-13 16:54:45

我为此编写了 shell 脚本。它使用了上面答案中的想法,并添加了一些使用信息和附加命令。将来我可能会添加命令,以便使用 gdb 在 docker 容器中快速调试。

I've written shell script for this. It uses ideas from the answers above and adds some usage information and additional commands. In future I'll possibly add command for quick debugging in docker container with gdb.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文