How to make a core dump?

From: Alexander Morozov (amorozov_at_pisem.net)
Date: 09/04/04

  • Next message: Kurt Seifried: "Re: redhat patch problem?"
    Date: Sat, 4 Sep 2004 13:49:24 +0400
    To: focus-linux@securityfocus.com
    
    

    Hello everyone,
    recently my friend have found a malcious program running on his
    web-server. After some actions i thought it would be helpful to make
    its core dump, but i couldn't figure out how to do this. The only
    thing that came to mind was attaching to it with gdb, stopping
    it and dumping regions of memory manually (using memory map in
    /proc/pid/mem). It went fine, i copied all segments but it would be much
    better to have standart core dump, to be able to use usual programms on
    it later. I remember, that several years ago default behaviour of a
    program running under linux was dumping itself on SIGSEGV.
    And I wonder, how was this fullfilled, was it feature of glibc to catch
    SIGV and write a dump? Or was it made by the kernel?

    Alexander Morozov


  • Next message: Kurt Seifried: "Re: redhat patch problem?"