Do a google search and you find references, in 2003, that its too hard
to do. Maybe thats true.
And Linus wonders who on earth uses it, and maybe it should be withdrawn?
Well, heres a cool trick if you do kernel level work:
$ gdb /bin/ls /proc/kcore
....
(gdb) x/x 0x12345678
See whats happening?
We use any arbitrary binary to allow gdb to run, e.g. /bin/ls. We
tell gdb that we are using the "core" file for the currently running
kernel.
Once inside gdb, we can peek the active kernel memory, e.g. looking
at instructions or data corresponding to the item of interest.
This is useful whilst debugging, say DTrace, to validate what
an FBT probe has done to the target locations.
So, if anyone says, lets remove it, please reference this article and
show a good use case.
(You dont need gdb to do this - dd and hd tools can be used
to seek around in /dev/kmem, assuming you can get them to work, with
the right arguments, but you cannot disassemble memory via normal tools
and you need something in an ELF or core file format to use the
standard ELF/binutils).
Post created by CRiSP v11.0.16a-b6552
No comments:
Post a Comment