尝试将 /proc/kallsyms 添加到 gdb 以进行 vmlinux 调试:`/proc/kallsyms':无法读取符号:文件格式无法识别
Posted
技术标签:
【中文标题】尝试将 /proc/kallsyms 添加到 gdb 以进行 vmlinux 调试:`/proc/kallsyms\':无法读取符号:文件格式无法识别【英文标题】:Trying to add /proc/kallsyms into gdb for vmlinux debugging :`/proc/kallsyms': can't read symbols: File format not recognized尝试将 /proc/kallsyms 添加到 gdb 以进行 vmlinux 调试:`/proc/kallsyms':无法读取符号:文件格式无法识别 【发布时间】:2021-01-03 18:20:44 【问题描述】:我正在尝试通过使用 extract-vmlinux 提取 vmlinux 来调试正在运行的内核,这是我的步骤列表
-
使用 ~/script/extract-vmlinux 从 vmlinuz 中提取 vmlinux
./extract-vmlinux bzImage > vmlinux
objdump -DS vmlinux |less
Disassembly of section .text:
ffffffff80200000 <.text>:
ffffffff80200000: 48 8d 25 f1 3f 40 01 lea 0x1403ff1(%rip),%rsp # 0xffffffff81603ff8
ffffffff80200007: e8 9d 01 00 00 callq 0xffffffff802001a9
ffffffff8020000c: 48 8d 2d ed ff ff ff lea -0x13(%rip),%rbp # 0xffffffff80200000
ffffffff80200013: 48 81 ed 00 00 20 00 sub $0x200000,%rbp
ffffffff8020001a: f7 c5 ff ff 1f 00 test $0x1fffff,%ebp
ffffffff80200020: 0f 85 8f 02 00 00 jne 0xffffffff802002b5
ffffffff80200026: 48 8d 05 d3 ff ff ff lea -0x2d(%rip),%rax # 0xffffffff80200000
ffffffff8020002d: 48 c1 e8 2e shr $0x2e,%rax
ffffffff80200031: 0f 85 7e 02 00 00 jne 0xffffffff802002b5
ffffffff80200037: 48 01 2d ba ef 60 01 add %rbp,0x160efba(%rip) # 0xffffffff8180eff8
ffffffff8020003e: 48 01 2d ab bf 40 01 add %rbp,0x140bfab(%rip) # 0xffffffff8160bff0
ffffffff80200045: 48 01 2d ac bf 40 01 add %rbp,0x140bfac(%rip) # 0xffffffff8160bff8
ffffffff8020004c: 48 01 2d 7d df 40 01 add %rbp,0x140df7d(%rip) # 0xffffffff8160dfd0
ffffffff80200053: 48 8d 3d a6 ff ff ff lea -0x5a(%rip),%rdi # 0xffffffff80200000
ffffffff8020005a: 48 8d 1d 9f df 60 01 lea 0x160df9f(%rip),%rbx # 0xffffffff8180e000
ffffffff80200061: 48 89 f8 mov %rdi,%rax
ffffffff80200064: 48 c1 e8 27 shr $0x27,%rax
ffffffff80200068: 48 8d 93 63 10 00 00 lea 0x1063(%rbx),%rdx
ffffffff8020006f: 48 89 14 c3 mov %rdx,(%rbx,%rax,8)
ffffffff80200073: 48 89 54 c3 08 mov %rdx,0x8(%rbx,%rax,8)
2) Used this vmlinux to load into gdb and use /proc/kcore has core file
gdb ./vmlinux /proc/kcore
GNU gdb (GDB) 8.0.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-poky-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./vmlinux...(no debugging symbols found)...done.
[New process 1]
Core was generated by `BOOT_IMAGE=/junos-evo-install-acx-x86-64-20.4I20200915151620-EVO_raghuh/bzImage'.
#0 0x0000000000000000 in ?? ()
(gdb)
(gdb) add-symbol-file /proc/kallsyms 0xffffffff80200000
add symbol table from file "/proc/kallsyms" at
.text_addr = 0xffffffff80200000
(y or n) y
`/proc/kallsyms': can't read symbols: File format not recognized.
(gdb)
我已经在多个系统上尝试过,我得到了这个 `/proc/kallsyms':无法读取符号:文件格式无法识别。错误
这里有什么问题?
【问题讨论】:
【参考方案1】:
'/proc/kallsyms': can't read symbols: File format not recognized.
/proc/kallsyms 是一个文本文件,描述了所有代码的加载位置。
当然 GDB 不能从中添加符号——它不是ELF 文件。
看起来你的内核跳转到了NULL 指针。你可能会从where 命令的输出中得到一些关于它是如何到达那里的线索。
【讨论】:
以上是关于尝试将 /proc/kallsyms 添加到 gdb 以进行 vmlinux 调试:`/proc/kallsyms':无法读取符号:文件格式无法识别的主要内容,如果未能解决你的问题,请参考以下文章