53 controlled by the coreadm(1M) command. In addition, the library has the
54 ability to understand and interpret core dumps generated by Linux kernel
55 and can provide a subset of its functionality on such core files,
56 provided the original binary is also present.
57
58 Not all functions in the libproc library are valid for core files. In
59 general, none of the commands which manipulate the current state of a
60 process or thread or that try to force system calls on a victim process
61 will work. Furthermore several of the information and iteration
62 interfaces are limited based on the data that is available in the core
63 file. For example, if the core file is of a process that omits the frame
64 pointer, the ability to iterate the stack will be limited.
65
66 Use the Pgrab_core() or Pfgrab_core() function to open a core file. Use
67 the Pgrab_file() function to open an ELF object file. This is useful for
68 obtaining information stored in ELF headers and sections.
69
70 Debug Information
71 Many of the operations in the library rely on debug information being
72 present in a process and its associated libraries. The library leverages
73 symbol table information, CTF data (CTF(4)) sections, and frame unwinding
74 information based on the use of an ABI defined frame pointer, e.g. %ebp
75 and %rbp on x86 systems.
76
77 Some software providers strip programs of this information or build their
78 executables such that the information will not be present in a core dump.
79 To deal with this fact, the library is able to consume information that
80 is not present in the core file or the running process. It can both
81 consume it from the underlying executable and it also supports finding it
82 from related ELF objects that are linked to it via the .gnu_debuglink and
83 the .note.gnu.build-id ELF sections.
84
85 Iteration Interfaces
86 The libproc library provides the ability to iterate over the following
87 aspects of a process or core file:
88
89 o Active threads
90
91 o Active and zombie threads
92
93 o All non-system processes
|
53 controlled by the coreadm(1M) command. In addition, the library has the
54 ability to understand and interpret core dumps generated by Linux kernel
55 and can provide a subset of its functionality on such core files,
56 provided the original binary is also present.
57
58 Not all functions in the libproc library are valid for core files. In
59 general, none of the commands which manipulate the current state of a
60 process or thread or that try to force system calls on a victim process
61 will work. Furthermore several of the information and iteration
62 interfaces are limited based on the data that is available in the core
63 file. For example, if the core file is of a process that omits the frame
64 pointer, the ability to iterate the stack will be limited.
65
66 Use the Pgrab_core() or Pfgrab_core() function to open a core file. Use
67 the Pgrab_file() function to open an ELF object file. This is useful for
68 obtaining information stored in ELF headers and sections.
69
70 Debug Information
71 Many of the operations in the library rely on debug information being
72 present in a process and its associated libraries. The library leverages
73 symbol table information, CTF data (ctf(4)) sections, and frame unwinding
74 information based on the use of an ABI defined frame pointer, e.g. %ebp
75 and %rbp on x86 systems.
76
77 Some software providers strip programs of this information or build their
78 executables such that the information will not be present in a core dump.
79 To deal with this fact, the library is able to consume information that
80 is not present in the core file or the running process. It can both
81 consume it from the underlying executable and it also supports finding it
82 from related ELF objects that are linked to it via the .gnu_debuglink and
83 the .note.gnu.build-id ELF sections.
84
85 Iteration Interfaces
86 The libproc library provides the ability to iterate over the following
87 aspects of a process or core file:
88
89 o Active threads
90
91 o Active and zombie threads
92
93 o All non-system processes
|