Date: Fri, 15 Sep 2000 10:01:23 -0700 (PDT) From: "Duane H. Hesser" <dhh@androcles.com> To: Vadim Belman <voland@lflat.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: RE: Live debugging of a process being hung in a syscall. Message-ID: <XFMail.000915100123.dhh@androcles.com> In-Reply-To: <20000915142543.A3697@lflat.vas.mobilix.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
"The Coroner's Toolkit" from Venema and Farmer includes a tool which paws through /proc and writes process memory for all processes running on the system to record files (intended for post-mortem analysis after a breakin). Sounds like this tool would do what you want. The toolkit can be found at http://www.fish.com/forensics/ or http://www.porcupine.org/forensics/ On 15-Sep-00 Vadim Belman wrote: > It seem like I got a NFS-related bug here where a httpd process > hung in a uninterruptable wait (a disk operation, most likely). In order to > locate the problem I need the process' stack trace first. > > gdb doesn't attach to the process for obvious reasons. Making a > crashdump doesn't inspire me at all. > > The question is: is there a way of working with /proc entries? I.e. > is it possible to get all what I need from, say, /proc/<PID>/mem? > > -- > /Voland Vadim Belman > E-mail: voland@lflat.org > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > -------------- Duane H. Hesser dhh@androcles.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.000915100123.dhh>