{"id":304,"date":"2018-11-04T15:52:58","date_gmt":"2018-11-04T15:52:58","guid":{"rendered":"http:\/\/malwrforensics.com\/en\/?p=304"},"modified":"2018-11-04T15:52:58","modified_gmt":"2018-11-04T15:52:58","slug":"gdb-core-dump-analysis-useful-commands","status":"publish","type":"post","link":"https:\/\/malwrforensics.com\/en\/2018\/11\/04\/gdb-core-dump-analysis-useful-commands\/","title":{"rendered":"gdb core dump analysis useful commands"},"content":{"rendered":"<p>Let&#8217;s assume you have a program that just crashed and you have a core dump. You can enable core dumps by using the <em>ulimit -c unlimited<\/em> command.<\/p>\n<p>If you want to analyze what happened, here are some steps you can follow:<\/p>\n<p><span style=\"color: #808080;\">\/\/This will switch the disassembly listing to intel format.<\/span><\/p>\n<p>(gdb) <strong>set disassembly-flavor intel<\/strong><\/p>\n<p><span style=\"color: #808080;\">\/\/To view the stack trace and see where the program crashed.<\/span><\/p>\n<p>(gdb) <strong>bt full<\/strong><\/p>\n<p><span style=\"color: #808080;\">\/\/To disassemble the instructions around the address where the crash happened.<\/span><\/p>\n<p>(gdb) <strong>disas 0x<\/strong><em>&lt;addr&gt;<\/em><\/p>\n<p><span style=\"color: #808080;\">\/\/To view register values<\/span><\/p>\n<p>(gdb) <strong>i r<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Enjoy \ud83d\ude42<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let&#8217;s assume you have a program that just crashed and you have a core dump. You can enable core dumps by using the ulimit -c unlimited command. If you want to analyze what happened, here are some steps you can follow: \/\/This will switch the disassembly listing to intel format. (gdb) set disassembly-flavor intel \/\/To [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[101,102,100,11],"class_list":["post-304","post","type-post","status-publish","format-standard","hentry","category-security","tag-core-dump","tag-debugging","tag-gdb","tag-linux"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[]}},"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":""},"post_excerpt_stackable_v2":"<p>Let&#8217;s assume you have a program that just crashed and you have a core dump. You can enable core dumps by using the ulimit -c unlimited command. If you want to analyze what happened, here are some steps you can follow: \/\/This will switch the disassembly listing to intel format. (gdb) set disassembly-flavor intel \/\/To view the stack trace and see where the program crashed. (gdb) bt full \/\/To disassemble the instructions around the address where the crash happened. (gdb) disas 0x&lt;addr&gt; \/\/To view register values (gdb) i r &nbsp; Enjoy \ud83d\ude42 &nbsp;<\/p>\n","category_list_v2":"<a href=\"https:\/\/malwrforensics.com\/en\/category\/security\/\" rel=\"category tag\">Security<\/a>","author_info_v2":{"name":"malwrforensics","url":"https:\/\/malwrforensics.com\/en\/author\/u_malwrforensics\/"},"comments_num_v2":"0 comments","_links":{"self":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/comments?post=304"}],"version-history":[{"count":1,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/304\/revisions"}],"predecessor-version":[{"id":305,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/304\/revisions\/305"}],"wp:attachment":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/media?parent=304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/categories?post=304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/tags?post=304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}