From owner-freebsd-questions Wed Feb 28 11:23:45 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 668DA37B718 for ; Wed, 28 Feb 2001 11:23:40 -0800 (PST) (envelope-from mwm@mired.org) Received: (qmail 41478 invoked by uid 100); 28 Feb 2001 19:23:39 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15005.20539.369292.710746@guru.mired.org> Date: Wed, 28 Feb 2001 13:23:39 -0600 To: Ken Marx Cc: questions@freebsd.org Subject: Re: kernel core image In-Reply-To: <200102281833.KAA04495@ankimo.bigshed.com> References: <15004.44760.531860.628224@guru.mired.org> <200102281833.KAA04495@ankimo.bigshed.com> X-Mailer: VM 6.89 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ken Marx types: > Thanks. I'm asking for a work colleague. I think he > wants to take snapshots of a production system, so > shutdown/crashing the box aren't an option. > Not sure about this actually. Ah, I see. You want to do vivisect it, but not kill it. Could be difficult. If being able to run a debugger on it will do, you can use gdb. Make sure your kernel is built with symbols (but you don't have to run that one). You can then use "gdb -k", using /dev/mem as the core file. The symbol file will be the debug version of the kernel. The exec file will either be /kernel, or /dev/kmem. That may even give you the ability to get your copy. But be warned that it will be inconsistent unless you use DDB. > I thought of the copying /dev/kmem but that flavor > of device access doesn't seem to be supported: > # cp /dev/kmem /usr/tmp/kmem.img > cp: /dev/kmem: Bad address Did you read the man page on /dev/kmem? You have to figure out what is and is not actually in the kernel memory map, and only read those areas. Rather, you have to write code to catch the bad address signals, and deal with them in some manner. Or you might try copying /dev/mem instead of /dev/kmem. Come to think of it, you might be able to use the kernel code that === Mike Meyer wrote something like: > > Ken Marx types: > > > Is there a way to get a copy of a running kernel core image? > > > > If you've compiled with the DDB option, invoking the debugger and > > using the "panic" command will do the trick. Of course, you might be > > better off using the debugger to find the information you want, then > > continuing or shutting the system down smoothly. > > > > If you just want a copy of the kernel virtual memory space, it's > > /dev/kmem. But be carefull with it - it includes the I/O address > > space, so you can royally hose your system playing with it. > > > > > -- > > Mike Meyer http://www.mired.org/home/mwm/ > > Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. > > > > > -- > Ken Marx, kmarx@bigshed.com > I agree. Clearly this group should solidify our knowledge base and move quickly > to capitalize on the global partner business unit. > - http://cgi.bigshed.com/~kmarx/cgi-bin/speak.cgi > -- Mike Meyer http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message