How to dump memory to a file in gdb (osx)? Need to rescue my work
I need to know how I can dump memory in Safari.app, to a file.
I've entered gdb attach 6741 (my safari PID).
Now what?
I tried searching for help on gdb on google, but I couldn't find anything that told me what to do, even when searching for "how to dump memory in gdb" :(
I tried "help dump", it gave me a bunch of commands, but none of them worked. The closest I came was:
(gdb) dump memory ~/safaridump.bin 0
Missing stop address.
So whats the stop address? I don't know? How am I meant to know the stop address? I tried searching on google for ""missing stop address" gdb", it didn't help. I have no idea how I get the stop address.
I tried this:
(gdb) dump memory ~/safaridump.bin 0 0xffffffff
That didn't work either.
I got this:
gdb stack crawl at point of internal error:
0 gdb-i386-apple-darwin 0x0012fd8f internal_vproblem + 316
1 gdb-i386-apple-darwin 0x0012ffd3 internal_verror + 43
2 gdb-i386-apple-darwin 0x00130008 align_down + 0
3 gdb-i386-apple-darwin 0x00130a21 xstrvprintf + 0
4 gdb-i386-apple-darwin 0x00130c25 xmalloc + 40
5 gdb-i386-apple-darwin 0x000045d6 dump_memory_to_file + 241
6 gdb-i386-apple-darwin 0x0012dd3d execute_command + 713
7 gdb-i386-apple-darwin 0x0008815d command_handler + 213
8 gdb-i386-apple-darwin 0x000891af command_line_handler + 1120
9 gdb-i386-apple-darwin 0x001c2486 rl_callback_read_char + 137
10 gdb-i386-apple-darwin 0x000882ed rl_callback_read_char_wrapper + 18
11 gdb-i386-apple-darwin 0x000874b7 handle_file_event + 349
12 gdb-i386-apple-darwin 0x00086e7e process_event + 131
13 gdb-i386-apple-darwin 0x00087c38 gdb_do_one_event + 1178
14 gdb-i386-apple-darwin 0x00081bfd catch_errors + 78
/SourceCache/gdb/gdb-1346/src/gdb/utils.c:1208: internal-error: virtual memory exhausted.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
Quit this debugging session? (y or n) n
I really don't get this. All I want, is my memory in Safari, written to a file.
It's really important to me. I spent about 2 hours typing my poor heart out in Safari, writing some really important information down. And then the stupid website I was writing to, didn't accept my post, because I had taken so long writing it, that I had "signed out". By the time I had signed back in, my post was lost.
I really want this writing back. All I want is the memory from Safari, so I can search through it's contents for a few keywords to see if I can get my writing back.
Any ideas anyone?
At the very least, even if I Don't get my writing back, I'll learn something about gdb. Which could come in handy in my software development ;)
Thanks if you can help! It would mean so much to me. I'm going to leave Safari and gdb running, until I get an answer. Im not gonna let this go until I find out that I can or can't get my writing back.
If anyone wants to give more general answers about how to recover lost work... thats a good thing. Such as programs to search my entire hard disk for specific strings that might have been in VRAM before the work was lost.
...
http://www.mail-archive.com/use-revolution@lists.runrev.com/msg22978.html This page says that kill -9 doesn't generate a core dump. Despite what this page says http://developer.apple.com/mac/library/technotes/tn2004/tn2124.html#SECCOREDUMPS , this command "kill -ABRT (PID HERE)", will not create a core dump.
ls -la /cores
total 0
drwxrwxr-t@ 2 root admin 68 23 Jun 07:19 .
drwxrwxr-t 38 root admin 1360 14 Dec 16:06 ..
5 Answers
Hey everyone, I found how to generate a coredump on OSX!
http://osxbook.com/book/bonus/chapter8/core/
There is a downloadable program there, in source form. I downloaded it, compiled it, and, hooray! It worked! It generated an almost 1GB core dump!
Whether or not the information is in there doesn't quite matter now. I learnt how to generate coredumps on OSX, which is definitely could be a handy skill as a software developer ;) You never know when a core dump could come in handy.
I can just imagine a few years time I'm doing an important job, and I need a core dump to figure out whats going on, and this "gcore" app is what I needed. Even if it pays off once... this is a good thing.
boytheoSafari saves form data for all forms (unless you turned it off, or the site marks the form as not-to-be-saved), in an encrypted database file.
You can find the password for the file in your login keychain, and the file is at ~/Library/Safari/Form Values, so theoretically, you could extract the data from the file, and see if what you typed is in there.
However, I've had a hack, and I can't work out what format the file is, or how it's encrypted, so I don't know how to actually get at the contents, I'm sure someone does though :)
JamesYou could always turn logging on in GDB set logging on
Then, everything you do is printed to the log file (usually gdb.txt). So you can just start printing memory using the x command, and everything will go to the log file as well as the screen.
alesplinSee if OSX has a pmap command, it will show you the mapped memory of any running process. This is usually read from /proc in linux systems. Next, if you're searching for a particular information, you can use the gdb find command. Type help find in gdb for more instructions.
ychaoucheI know, old thread...
gdb has a built in command to dump a core image of the current process/program.
generate-core-file [filename]
gcore [filename]
both commands do the same, the filename is optional, defaults to 'core.<process_ip>'
Huh! looks like there's even a utility installed (with gdb) named 'gcore' to dump a currently running program too. Of course, easier to pause the process with gdb, then dump it.
Finding new things every day! ... but gdb has the function built-in... just so's ya know..
lornixUser contributions licensed under CC BY-SA 3.0