查找内存泄漏的一个思路 ---- GDB调试汇编分析
使用GDB检测内存泄漏
https://blog.csdn.net/zoomdy/article/details/51594228
https://blog.csdn.net/yatusiter/article/details/51122757
利用gdb在汇编指令级调试C程序
https://blog.csdn.net/boyxiaolong/article/details/22761991
GDB调试汇编分析
https://www.cnblogs.com/20145205y/p/6132211.html
Dump a linux process's memory to file
Asked 10 years ago
Active 5 months ago
Viewed 152k times
64
44
Is it possible to dump the current memory allocated for a process (by PID) to a file? Or read it somehow?
share improve this question follow
asked Aug 24 '10 at 17:44
99122 gold badges1111 silver badges1414 bronze badges
-
You can use my proof-of-concept script that reads
/proc/$pid/mem. – Gilles 'SO- stop being evil' Jan 15 '14 at 9:18 -
1
You might also want to read superuser.com/questions/236390/… and use gcore instead. – Simon A. Eugster Apr 7 '14 at 20:05
9 Answers
54
I'm not sure how you dump all the memory to a file without doing this repeatedly (if anyone knows an automated way to get gdb to do this please let me know), but the following works for any one batch of memory assuming you know the pid:
$ cat /proc/[pid]/maps
This will be in the format (example):
00400000-00421000 r-xp 00000000 08:01 592398 /usr/libexec/dovecot/pop3-login
00621000-00622000 rw-p 00021000 08:01 592398 /usr/libexec/dovecot/pop3-login
00622000-0066a000 rw-p 00622000 00:00 0 [heap]
3e73200000-3e7321c000 r-xp 00000000 08:01 229378 /lib64/ld-2.5.so
3e7341b000-3e7341c000 r--p 0001b000 08:01 229378 /lib64/ld-2.5.so
Pick one batch of memory (so for example 00621000-00622000) then use gdb as root to attach to the process and dump that memory:
$ gdb --pid [pid]
(gdb) dump memory /root/output 0x00621000 0x00622000
Then analyse /root/output with the strings command, less you want the PuTTY all over your screen.
share improve this answer follow
6,5551313 gold badges4646 silver badges6767 bronze badges
answered Aug 24 '10 at 18:39
5,57511 gold badge1717 silver badges2222 bronze badges
-
2
Is there a way of doing this in just bash/sh without gdb? – Programming4life Mar 25 '17 at 5:35
-
3
60
I've made a script that accomplishes this task.
The idea commes from James Lawrie's answer and this post: http://www.linuxforums.org/forum/programming-scripting/52375-reading-memory-other-processes.html#post287195
#!/bin/bash
grep rw-p /proc/$1/maps \
| sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' \
| while read start stop; do \
gdb --batch --pid $1 -ex \
"dump memory $1-$start-$stop.dump 0x$start 0x$stop"; \
done
put this in a file (eg. "dump-all-memory-of-pid.sh") and make it executable
usage: ./dump-all-memory-of-pid.sh [pid]
The output is printed to files with the names: pid-startaddress-stopaddress.dump
Dependencies: gdb
share improve this answer follow
10333 bronze badges
answered Jul 18 '12 at 17:38
71355 silver badges77 bronze badges
-
2
Awesome! Just used it to discover which script a mysterious bash instance was running. – Tobia Jul 26 '16 at 17:02
-
1
Why are you only grepping for and dumpying ranges with
rw-ppermissions? – mxmlnkn Aug 4 '19 at 18:45 -
1
@mxmlnkn That's data (
rw-p), the other ranges are for code (r-xp). If you want a dump of both, then go ahead and exchangegrepfor e.g.cat. – A. Nilsson Aug 5 '19 at 14:55
42
try
gcore $pid
where $pid is the actual number of the pid; for more info see: info gcore
may take some time for the dump to happen, and some memory may not be readable, but is good enough... be aware also that it can create big files, I just created a 2GB file that way..
share improve this answer follow
answered Mar 9 '13 at 19:06
67177 silver badges1313 bronze badges
-
1
Is
gcoredumping a sparse file? – CMCDragonkai Jul 30 '16 at 7:02 -
@CMCDragonkai use
gcore -a PID– e2-e4 May 21 at 5:30
6
Pure bash solution:
procdump()
(
cat /proc/$1/maps | grep "rw-p" | awk '{print $1}' | ( IFS="-"
while read a b; do
dd if=/proc/$1/mem bs=$( getconf PAGESIZE ) iflag=skip_bytes,count_bytes \
skip=$(( 0x$a )) count=$(( 0x$b - 0x$a )) of="$1_mem_$a.bin"
done )
)
Usage: procdump PID
for a cleaner dump filter out *.so memory mapped shared libraries and empty memory ranges:
procdump()
(
cat /proc/$1/maps | grep -Fv ".so" | grep " 0 " | awk '{print $1}' | ( IFS="-"
while read a b; do
dd if=/proc/$1/mem bs=$( getconf PAGESIZE ) iflag=skip_bytes,count_bytes \
skip=$(( 0x$a )) count=$(( 0x$b - 0x$a )) of="$1_mem_$a.bin"
done )
)
share improve this answer follow
38533 silver badges1111 bronze badges
answered Jun 5 '19 at 12:03
18111 silver badge55 bronze badges
-
So, from what I understand, the idea behind the cleaner dump is that only in-memory files have a size attached to the memory region in contrast to actual application memory, which has size 0 (as the size actually used size is unknown by the OS). – mxmlnkn Aug 4 '19 at 19:04
-
1
One issue I have with this script is that the blocksize of 1 leads to a bandwidth of unacceptably slow ~30kB/s compared to using a blocksize equal to the page size (4096 for me) for which I get ~100MB/s! See here.
getconf PAGESIZEis used to get the page size and then the addresses and counts are divided by it. – mxmlnkn Aug 4 '19 at 19:30 -
@mxmlnkn that was lazy of me, feel free to correct my answer. – Zibri Mar 6 at 0:06
-
Ok, will do. Note also that the count calculation is wrong because it is done with bd-ad but bd and ad are calculated only thereafter in the first bash snippet. – mxmlnkn Mar 6 at 12:03
3
man proc says :
/proc/[pid]/mem This file can be used to access the pages of a process's memory through open(2), read(2), and lseek(2).
Maybe it can help you
share improve this answer follow
answered Aug 24 '10 at 17:58
6,09311 gold badge1717 silver badges2323 bronze badges
-
2
That's not sufficient, reading another process needs a combination of /proc/<pid>/{mem,*maps}, ptrace, and some signal handling to avoid hanging the target process. – Tobu Mar 19 '13 at 10:57
-
2
@Tobu Indeed. I wrote a proof-of-concept script. – Gilles 'SO- stop being evil' Jan 15 '14 at 9:18
3
I made my own program to dump the entire process memory as well, it's in C so it can be cross-compiled to Android, which is what I needed.
You can also specify IP address and tcp port. Source code here.
share improve this answer follow
1
answered Dec 27 '15 at 14:55
14122 bronze badges
1
Tool to dump process to standard output, pcat/memdump:
- http://manpages.ubuntu.com/manpages/gutsy/man1/pcat.1.html
- http://www.porcupine.org/forensics/tct.html
share improve this answer follow
answered Feb 4 '13 at 21:27
1922 bronze badges
-
This one is obsolete (removed at maintainer's request); I installed the old package anyway and it failed with "Input/output error; did you use GCC with another machine's header files?". – Tobu Mar 19 '13 at 11:14
0
You can now use procdump from SysInternals suite on Linux:
https://github.com/Microsoft/ProcDump-for-Linux
share improve this answer follow
answered Dec 7 '17 at 7:09
1
0
If you want to dump a separate memory segment of the running process without creating huge core file (say with gcore), you can use a small tool from here. There is also one-liner in README if you wish to dump all readable segments into separate files.
share improve this answer follow
answered Jul 23 '19 at 8:33
34922 silver badges55 bronze badges
Highly active question. Earn 10 reputation in order to answer this question. The reputation requirement helps protect this question from spam and non-answer activity.