[minicoredumper] gdb corrupt stack
John Ogness
john.ogness at linutronix.de
Tue Jul 11 15:48:01 CEST 2017
Hi Marco,
On 2017-07-11, Marco.Felsch at preh.de <Marco.Felsch at preh.de> wrote:
> I've tried to obtain the stack pointer with the use of ptrace(2)
> equally to strace(1). But there are some pitfalls because the tracee
> is in the 'core dump' state.
>
> My approach was:
> ptrace(PTRACE_SEIZE, pid, NULL, PTRACE_O_TRACEEXIT)
> ptrace(PTRACE_CONT, pid, NULL, SIGCONT)
> waitpid(pid, &status, (WCONTINUED | __WALL))
>
> After some research I found out that there were some patches in 2012
> to support ptrace(2) in a 'core dump' state. But these never applied
> to the kernel.
>
> A other solution is to obtain the stack pointer from the ELF-Header.
> Are you agree with this approach?
Sure. This is how gdb gets it. We just need to get the program counter
for the process. Reading it from the core file (i.e. ELF-Header) is
probably cleaner than a ptrace anyway.
Thanks for your work on this!
John Ogness
More information about the minicoredumper
mailing list