The gnu debugger (gdb) is probably the best tool for looking into core files. It also isn't overly complex to use to get some basic starting information. So this is a quick guide to getting some debug information eg variable's and stack traces from a core dump which is formed when an application crashes in Linux.

If an application crashes and doesn't produce a core file it is probably because of the limit settings you can check and enable core dumps by using the following "ulimit -c" if it outputs a 0 it will not produce a core. You can use "ulimit -c unlimited" to make the core dump file size unlimited. Be aware though that if you have a lot of crashes it can use a significant amount of disk space.

Let start with finding out what made a core file in the first place. In order to debug it at all you need to know exactly what program crashed. You can determine this using the following command.

cat core |strings |grep -E '^_='
_=./willcore.exe

In this case the "./willcore.exe" made the core dump. Another way to find out what core'd is to use gdb. The example is below

gdb --core core

Core was generated by `./willcore.exe'.
Program terminated with signal 11, Segmentation fault.
#0  0x080483d4 in ?? ()
(gdb)

Something to notice at this point is that is shows where the last execution point was. In this case it was running at memory location 0x080483d4. However since there are no debugging symbols loaded in gdb yet it shows ?? because it cannot translate the raw address to a function.

You can get gdb to load the executable and debugging symbols (assuming they are compiled into the executable) using the "file" command. I have also added the "bt" command to produce a back trace so show the execution stack.

(gdb) file ./willcore.exe
Reading symbols from /home/james/CVS-Root/linux/misc/willcore.exe...done.
(gdb) bt
#0  0x080483d4 in main (argc=1, argv=0xbf877ef4) at willcore.c:8

In the example above the symbols now resolve and will show a lot more information. If they do not show after loading the executable into gdb it will be a problem with debugging symbols. You will need to go and compile the program with debugging switched on eg the "-ggdb" flag in gcc and g++.

Now that things are loaded you can move between stack frame's using "frame " where number is the part beside the # in the stack output and you can also print and inspect other parts of memory as well as list the source code from the program assuming the source still exists in the original location that it was compiled from.

(gdb) p argc
$1 = 1
(gdb) p argv[0]
$2 = 0xbf87988c "./willcore.exe"
(gdb) p argv[1]
$3 = 0x0
(gdb) list
1
2
3       #include <stdio.h>
4
5       int main(int argc, char **argv) {
6               char *tmp = 0;
7
8               *tmp = '0';
9
10
(gdb) p tmp
$4 = 0x0

Note: the above example shows how to produce a core file by de-referencing a null pointer in c which in its self can be useful to fore a core dump which is what I used for this tutorial.





Last Modified: 23 February 2017

Releated Posts


2017-03-01 - Shooting yourself in the head with threads
2013-03-01 - Linux - What and how to kill a zombie process
2013-02-16 - C - Some simple examples of using strcat
2013-02-14 - Linux - Getting sshfs to work
2012-12-12 - Linux - List / Copy group membership for users
2012-12-08 - Linux - ssh key authentication
2012-12-04 - Linux - sudo without a password
2012-11-03 - C - How to override malloc / free
2012-10-13 - Rasberry Pi - Alternative method to play video without omx gstreamer element
2012-10-10 - How to run tcpdump as root
2012-09-22 - Linux Programming - Using inotify for detecting file modifications
2012-08-09 - C++ - Check an IP Address is in a IP Mask
2012-07-13 - Linux - Killing all processes for a specific user
2012-06-16 - CPP - Using gperf
2012-04-05 - Using gdb to debug a core file
2012-03-15 - C - Is the stdin a tty
2012-03-13 - C - Converting from char / string to int using atoi
2012-03-08 - C - UDP Socket example
2012-02-20 - C - Get home dir location in linux
2012-02-17 - C - IP address validation
2012-02-15 - C - Get current ip address of an interface
2012-02-10 - Using asprintf instead of sprintf or snprintf
2012-01-31 - C - Example of how to overwrite argv
2012-01-30 - C - The string reverse
2012-01-27 - C - Palindrome
2012-01-26 - C - Example of using popen
2012-01-16 - Linux - Color Coding The Bash Prompt
2012-01-14 - Linux - Automatically set the DISPLAY environment variable in SSH connection
2012-01-06 - Adding extra swap space to linux
2011-12-28 - C - gethostbyname example
2011-12-11 - C - Linux get mac address from interface