OS X: Generate core dump without bringing down the process?
I know how to generate a core dump on OS X when a process crashes, but what I really need to do is attach to a process, generate a core dump, then resume that process (without killing it).
A long time ago (maybe a year and a half ago) I had C code that would do this... It used the OS X kernel libraries to connect to a process, read all of its thread states and memory, and write that into a Mach-O file on disk. This worked great (and it's exactly what I'm looking for), but now I can't seem to find that code for the life of me. I seem to recall that code was开发者_开发百科 related somewhat to the OS X system internals book, but that's just a vague recollection.
Does anyone know the code I'm talking about and could point me at it? If not does anyone know a good way of doing this preferably with some example code?
Edit: Here is the answer.
Information: http://osxbook.com/book/bonus/chapter8/core/
Program that will do it for you: http://osxbook.com/book/bonus/chapter8/core/download/gcore-1.3.tar.gz
I believe you are looking for this information
Specifically:
/* UNIX Third Edition, circa early 1973 */
/* ken/sig.c */
core()
{
int s, *ip;
extern schar;
/* u is the user area */
u.u_error = 0; /* reset error code to "no error" */
u.u_dirp = "core"; /* file name to search for */
ip = namei(&schar, 1); /* do search; schar means it's a kernel string */
if (ip == NULL) { /* failed to find */
if (u.u_error) /* because of some error */
return(0); /* so bail out */
ip = maknode(0666); /* didn't exist; so create it */
}
if (!access(ip, IWRITE)) { /* check "write" permission; 0 means OK */
itrunc(ip); /* truncate the core file */
/* first we write the user area */
u.u_offset[0] = 0; /* offset for I/O */
u.u_offset[1] = 0; /* offset for I/O */
u.u_base = &u; /* base address for I/O (user area itself) */
u.u_count = USIZE*64; /* bytes remaining for I/O; USIZE=8 */
u.u_segflg = 1; /* specify kernel address space */
writei(ip); /* do the write */
/*
* u_procp points to the process structure
* p_size is the size of the process's swappable image (x 64 bytes) */
*/
s = u.u_procp->p_size - USIZE; /* compute size left to write */
/*
* This sets up software prototype segmentation registers to implement
* text(=0 here), data(=s here), and stack(=0 here) sizes specified.
*/
estabur(0, s, 0);
u.u_base = 0; /* base address for I/O (start of space) */
u.u_count = s*64; /* s is in units of 64 bytes, so adjust */
u.u_segflg = 0; /* specify user address space */
writei(ip); /* do the write */
}
iput(ip); /* decrement inode reference count */
return(u.u_error==0); /* done */
}
精彩评论