From owner-freebsd-hackers Fri Sep 15 10: 1:35 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from androcles.com (androcles.com [204.57.240.10]) by hub.freebsd.org (Postfix) with ESMTP id 832BF37B423 for ; Fri, 15 Sep 2000 10:01:32 -0700 (PDT) Received: (from dhh@localhost) by androcles.com (8.9.3/8.9.3) id KAA87283; Fri, 15 Sep 2000 10:01:23 -0700 (PDT) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit MIME-Version: 1.0 In-Reply-To: <20000915142543.A3697@lflat.vas.mobilix.dk> Date: Fri, 15 Sep 2000 10:01:23 -0700 (PDT) From: "Duane H. Hesser" To: Vadim Belman Subject: RE: Live debugging of a process being hung in a syscall. Cc: freebsd-hackers@FreeBSD.ORG Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "The Coroner's Toolkit" from Venema and Farmer includes a tool which paws through /proc and writes process memory for all processes running on the system to record files (intended for post-mortem analysis after a breakin). Sounds like this tool would do what you want. The toolkit can be found at http://www.fish.com/forensics/ or http://www.porcupine.org/forensics/ On 15-Sep-00 Vadim Belman wrote: > It seem like I got a NFS-related bug here where a httpd process > hung in a uninterruptable wait (a disk operation, most likely). In order to > locate the problem I need the process' stack trace first. > > gdb doesn't attach to the process for obvious reasons. Making a > crashdump doesn't inspire me at all. > > The question is: is there a way of working with /proc entries? I.e. > is it possible to get all what I need from, say, /proc//mem? > > -- > /Voland Vadim Belman > E-mail: voland@lflat.org > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > -------------- Duane H. Hesser dhh@androcles.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message