Subject: Re: savecore/etc
To: JR "Bob" Dobbs <email@example.com>
From: David Jones <firstname.lastname@example.org>
Date: 06/28/1995 19:07:51
> Now what the hell do I do with this if I'm interested in finding out exactly
> what blew up? Use gdb on the saved kernel image and core?
GDB likes user-land core files. They have a core header which gives the
value of the PC and registers at the time of the core.
A kernel core file is a raw dump of physical memory. You have 8 MB of RAM
so you got an 8 MB core. There is no core header.
Worse, this is _physical_ memory. To map it to kernel virtual space, you need
an MMU table. On most machines, the MMU table is stored in core, so it's
in that core dump - somewhere. The first thing a kernel hacker would
do is figure out what the MMU root pointers (or whatever they're called
in 386 land) were so the kernel's memory map could be reconstructed based
on the values in the core file.
Once you've established that, you still
don't have a PC value or anything. The PC might be written to a kernel
global - I'm not sure. You could also look at the kernel stack, trying
to isolate valid parts of the last kernel call from garbage left over from
the previous call.
We never said kernel hacking was easy. :-)
David Jones, M.A.Sc student, Electronics Group (VLSI), University of Toronto
email: email@example.com, finger for PGP public key
For a good time, telnet torfree.net and log in as `guest'.