Date: Wed, 28 Feb 2001 13:23:39 -0600 From: Mike Meyer <mwm@mired.org> To: Ken Marx <kmarx@bigshed.com> Cc: questions@freebsd.org Subject: Re: kernel core image Message-ID: <15005.20539.369292.710746@guru.mired.org> In-Reply-To: <200102281833.KAA04495@ankimo.bigshed.com> References: <15004.44760.531860.628224@guru.mired.org> <200102281833.KAA04495@ankimo.bigshed.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ken Marx <kmarx@bigshed.com> types: > Thanks. I'm asking for a work colleague. I think he > wants to take snapshots of a production system, so > shutdown/crashing the box aren't an option. > Not sure about this actually. Ah, I see. You want to do vivisect it, but not kill it. Could be difficult. If being able to run a debugger on it will do, you can use gdb. Make sure your kernel is built with symbols (but you don't have to run that one). You can then use "gdb -k", using /dev/mem as the core file. The symbol file will be the debug version of the kernel. The exec file will either be /kernel, or /dev/kmem. That may even give you the ability to get your copy. But be warned that it will be inconsistent unless you use DDB. > I thought of the copying /dev/kmem but that flavor > of device access doesn't seem to be supported: > # cp /dev/kmem /usr/tmp/kmem.img > cp: /dev/kmem: Bad address Did you read the man page on /dev/kmem? You have to figure out what is and is not actually in the kernel memory map, and only read those areas. Rather, you have to write code to catch the bad address signals, and deal with them in some manner. Or you might try copying /dev/mem instead of /dev/kmem. Come to think of it, you might be able to use the kernel code that <mike > === Mike Meyer wrote something like: > > Ken Marx <kmarx@bigshed.com> types: > > > Is there a way to get a copy of a running kernel core image? > > > > If you've compiled with the DDB option, invoking the debugger and > > using the "panic" command will do the trick. Of course, you might be > > better off using the debugger to find the information you want, then > > continuing or shutting the system down smoothly. > > > > If you just want a copy of the kernel virtual memory space, it's > > /dev/kmem. But be carefull with it - it includes the I/O address > > space, so you can royally hose your system playing with it. > > > > <mike > > -- > > Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ > > Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. > > > > > -- > Ken Marx, kmarx@bigshed.com > I agree. Clearly this group should solidify our knowledge base and move quickly > to capitalize on the global partner business unit. > - http://cgi.bigshed.com/~kmarx/cgi-bin/speak.cgi > -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15005.20539.369292.710746>