[minicoredumper] gdb corrupt stack
John Ogness
john.ogness at linutronix.de
Tue Jul 11 15:56:05 CEST 2017
On 2017-07-11, John Ogness <john.ogness at linutronix.de> wrote:
>> I've tried to obtain the stack pointer with the use of ptrace(2)
>> equally to strace(1). But there are some pitfalls because the tracee
>> is in the 'core dump' state.
>>
>> My approach was:
>> ptrace(PTRACE_SEIZE, pid, NULL, PTRACE_O_TRACEEXIT)
>> ptrace(PTRACE_CONT, pid, NULL, SIGCONT)
>> waitpid(pid, &status, (WCONTINUED | __WALL))
>>
>> After some research I found out that there were some patches in 2012
>> to support ptrace(2) in a 'core dump' state. But these never applied
>> to the kernel.
>>
>> A other solution is to obtain the stack pointer from the ELF-Header.
>> Are you agree with this approach?
>
> Sure. This is how gdb gets it. We just need to get the program counter
> for the process.
Sorry, that is wrong. I forgot we are looking for the stack pointer, not
the program counter. Is this information available in the ELF header?
I noticed that this information is also located in /proc/PID/maps. This
might be a more compatible way to access it.
John Ogness
More information about the minicoredumper
mailing list