Linux Symposium

Core Dump Analysis

Mark Brown

Core dumps are snapshots of a running program saved to disk after the abnormal termination of a program. They are typically not well understood by users and their internals are shrouded in mystery.

This session will teach the attendees how to decode core dumps from scratch with binutils (readelf, objdump, etc.) and how to debug them from a high-level perspective with gdb. We will examine ELF headers, program headers, sections of binary executables, shared libraries, core files, and learn how to customize core dump output for particular postmortem scenarios.

Policies   |   Media Archives