Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RECOMMENDATIONS? Looking for a core dump book or course

2 views
Skip to first unread message

S Claus

unread,
Feb 7, 2009, 8:56:20 PM2/7/09
to
Hi all

I am looking for a book or course (or even a website) from where to
learn the skills to analyze Unix/Linux core dumps.

Any recommendations would be appreciated.

Thanks

Ian Collins

unread,
Feb 7, 2009, 9:49:22 PM2/7/09
to
S Claus wrote:
> Hi all
>
> I am looking for a book or course (or even a website) from where to
> learn the skills to analyze Unix/Linux core dumps.
>
Core dumps or crash dumps? Core dumps are simply debugged with your
favourite debugger.

--
Ian Collins

S Claus

unread,
Feb 8, 2009, 1:56:11 AM2/8/09
to

Thanks for pointing that out Ian.

There we see how much I have to learn:-P

Actually I think I thought that core dumps would look like crash dumps
-or the other way around- in any case that it would require the same
skills for both. So in my mind I had indeed mixed them.

But I take from your reply that they do not look the same - crash
dumps require more skills to analyze than core dumps?

cheers

S Claus

unread,
Feb 8, 2009, 2:06:55 AM2/8/09
to
As an addendum I wanted to say that I would be interested of hearing
of recommendations of books about both crash dump and core dump
analysis.

Thanks in advance

Ian Collins

unread,
Feb 8, 2009, 4:24:21 AM2/8/09
to
S Claus wrote:
> On Feb 8, 10:49 am, Ian Collins <ian-n...@hotmail.com> wrote:
>> S Claus wrote:
>>> Hi all
>>> I am looking for a book or course (or even a website) from where to
>>> learn the skills to analyze Unix/Linux core dumps.
>> Core dumps or crash dumps? Core dumps are simply debugged with your
>> favourite debugger.
>>
Please don't quote sigs, thanks.

>
> Thanks for pointing that out Ian.
>
> There we see how much I have to learn:-P
>
> Actually I think I thought that core dumps would look like crash dumps
> -or the other way around- in any case that it would require the same
> skills for both. So in my mind I had indeed mixed them.
>
> But I take from your reply that they do not look the same - crash
> dumps require more skills to analyze than core dumps?

Oh yes, a core dump is produced when an application crashes, so if you
have the source, they are relatively straightforward to analyses.

A crash dump is produced when the kernel panics, so you have to have
some understanding of the kernel (and it's debugger if it differs form
application's). Crash dumps can be huge (I forced one today that was
over 4GB) and are best analysed with specialised tools.

--
Ian Collins

Scott Lurndal

unread,
Feb 9, 2009, 4:55:07 PM2/9/09
to

Fundamentally, they are the same. The OS is simply a more complicated
program and thus more difficult to analyze post-crash (and requires
skill-sets that include multithreaded programming, multiprocessor
synchronization and low-level hardware familiarity).

Both typically use the ELF container to store the state and memory contents
at the time the program/system crashed.

scott

Bin Chen

unread,
Feb 10, 2009, 8:48:02 AM2/10/09
to

You can firstly study the gdb basics. Coredump is a file that contains
all the information that when the application is dead. So you can
think the core dump make your program alive again, so using gdb is
very straightforward, just think it is an alive process...

---------------------------
Media File Security V1.0, make your private media files easily
secured. http://www.abaitech.com

0 new messages