一、作用
- 查看linux 镜像加载到内存后,代码的情况
- 查看linux 驱动加载到内存后,代码的情况
- 使用
objdump -d /proc/kcore > log.txt
失败的情况
二、安装crash
- 使用命令下载:
Centos/Redhat: yum install crash -y Ubuntu: apt-get install crash -y
- 使用 crash 源码安装:
root:~/Desktop$ git clone https://github.com/crash-utility/crash.git ... root:~/Desktop$ cd crash/ root:~/Desktop/crash$ make -j8 ... root:~/Desktop/crash$ make install ...
三、下载安装相应版本的 debug-info(dbgsym)
-
Centos:
1.下载:
kernel-debuginfo-$(uname -r).rpm
kernel-debug-debuginfo-$(uname -r).rpm
kernel-debugindo-common-$(uname -r).rpm
下载网址:http://debuginfo.centos.org
可以直接使用命令下载:
wget http://debuginfo.centos.org/7/x86_64/file_name
2.安装:yum install *.rpm -y
安装完成后会生成,/usr/lib/debug/lib/modules/$(uname -r)/vmlinux
-
Ubuntu:
1.下载:
linux-image-unsigned-$(uname -r)-dbgsym.ddeb
下载网址:http://ddebs.ubuntu.com/pool/main/l/linux/
2.安装:sudo dpkg -i *.ddeb
安装完成后会生成,/usr/lib/debug/boot/vmlinux-$(uname -r)
3.可以直接通过命令下载
参考ubuntu文档 How to use linux-crashdump to capture a kernel oops/panic 进行安装:# 添加 debuginfo 包源仓库 $ sudo tee /etc/apt/sources.list.d/ddebs.list << EOF deb http://ddebs.ubuntu.com/ $(lsb_release -cs) main restricted universe multiverse deb http://ddebs.ubuntu.com/ $(lsb_release -cs)-security main restricted universe multiverse deb http://ddebs.ubuntu.com/ $(lsb_release -cs)-updates main restricted universe multiverse deb http://ddebs.ubuntu.com/ $(lsb_release -cs)-proposed main restricted universe multiverse EOF $ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ECDCAD72428D7C01 $ sudo apt-get update $ sudo apt-get install linux-image-$(uname -r)-dbgsym
4.部分内核没有dbgsym包,可自行下载源码编译带
debuginfo
的vmlinux
,替换原来的内核
编译的gcc和当前内核的版本要一致
下载ubuntu
当前内核的源码# 去掉/etc/apt/sources.list文件中关于deb-src的注释,下载当前内核源码 $ sudo vim /etc/apt/sources.list $ sudo apt-get update $ sudo apt-get source linux-image-unsigned-$(uname -r)
编译
可以参考Ubuntu BuildYourOwnKernel中使用debian/rules的方式进行内核编译和打包。也可以使用以下的简便方式来进行编译安装:# 下载依赖包 $ sudo apt-get build-dep linux linux-image-$(uname -r) $ sudo apt-get install libncurses-dev gawk flex bison openssl libssl-dev dkms libelf-dev libudev-dev libpci-dev libiberty-dev autoconf # 内核添加调试信息 Kernel hacking ---> Compile-time checks and compiler options ---> [*] Compile the kernel with debug info $ make menuconfig $ make bzImage modules $ make INSTALL_MOD_STRIP=1 modules_install $ sudo mkinitramfs /lib/modules/$(uname -r) -o /boot/initrd.img-$(uname -r) $ sudo cp arch/x86/boot/bzImage /boot/vmlinuz-$(uname -r) $ sudo cp System.map /boot/System.map-$(uname -r) $ sudo update-grub2
https://blog.csdn.net/qq_42931917/article/details/108236139
https://www.ebpf.top/post/ubuntu_kdump_crash/
Linux Kdump 机制详解
四、使用
-
启动:
# ubuntu 可能需要:crash /usr/lib/debug/boot/vmlinux-$(uname -r) [root@localhost crypto]# crash / crash vmlinux_path(with debug info) System.map_path ... KERNEL: /usr/lib/debug/lib/modules/3.10.0-1062.12.1.el7.x86_64/vmlinux DUMPFILE: /dev/crash CPUS: 1 DATE: Fri Apr 1 16:04:05 2022 UPTIME: 1 days, 05:41:03 LOAD AVERAGE: 0.16, 0.05, 0.06 TASKS: 329 NODENAME: localhost.localdomain RELEASE: 3.10.0-1062.12.1.el7.x86_64 VERSION: #1 SMP Tue Feb 4 23:02:59 UTC 2020 MACHINE: x86_64 (3200 Mhz) MEMORY: 15.9 GB PID: 21863 COMMAND: "crash" TASK: ffff88d5fe8bd230 [THREAD_INFO: ffff88d9ac650000] CPU: 0 STATE: TASK_RUNNING (ACTIVE) crash>
-
查看相应地址的反汇编代码:
crash> dis 0xffffffffc01702f0 0xffffffffc01702f0 <crc_pcl>: push %rbx 0xffffffffc01702f1 <crc_pcl+1>: push %rdi 0xffffffffc01702f2 <crc_pcl+2>: push %rsi 0xffffffffc01702f3 <crc_pcl+3>: mov %rdx,%r8 0xffffffffc01702f6 <crc_pcl+6>: mov %rdi,%rcx 0xffffffffc01702f9 <crc_pcl+9>: neg %rdi ...
具体用法可以使用:help [function] 命令