问题描述
核心转储上的Wikipedia页面说
The Wikipedia page on Core dump says
a.out in older versions of Unix,
ELF in modern Linux, System V, Solaris, and BSD systems,
Mach-O in OS X, etc.
这是否意味着核心转储本身可以执行?如果没有,为什么不呢?
Does this mean a core dump is executable by itself? If not, why not?
由于@ WumpusQ.Wumbley在评论中提到了coredump_filter
,也许上面的问题应该是:可以生成一个核心转储,使其可以独立执行吗?
Since @WumpusQ.Wumbley mentions a coredump_filter
in a comment, perhaps the above question should be: can a core dump be produced such that it is executable by itself?
推荐答案
在较旧的unix变体中,默认情况下在核心转储中包括文本和数据,但也以a.out格式给出,而不是ELF.当今的默认行为(肯定是Linux,对于BSD变体,Solaris等不是100%肯定)是使ELF格式的核心转储没有文本部分,但是该行为可以更改.
但是,没有任何帮助,在任何情况下都无法直接执行核心转储.这样做的原因是,一个简单的核心文件缺少两件事.一个是入口点,另一个是将CPU状态恢复到发生转储时或即将发生转储之前的状态的代码(默认情况下,文本部分也缺失).
在AIX中,曾经有一个名为undump的实用程序,但是我不知道发生了什么.据我所知,它在任何标准Linux发行版中都不存在.如上所述(@WumpusQ),也尝试过上述注释中提到的Linux类似项目,但是该项目尚未完成,也无法将CPU状态还原到原始状态.但是,在某些特定的调试情况下,它仍然足够好.
还值得一提的是,还有其他不能执行的ELF格式的文件,它们也不是核心文件.例如目标文件(编译器输出)和.so(共享对象)文件.在运行外部地址之前,它们需要一个链接阶段.
In older unix variants it was the default to include the text as well as data in the core dump but it was also given in the a.out format and not ELF. Today's default behavior (in Linux for sure, not 100% sure about BSD variants, Solaris etc.) is to have the core dump in ELF format without the text sections but that behavior can be changed.
However, a core dump cannot be executed directly in any case without some help. The reason for that is that there are two things missing from a simple core file. One is the entry point, the other is code to restore the CPU state to the state at or just before the dump occurred (by default also the text sections are missing).
In AIX there used to be a utility called undump but I have no idea what happened to it. It doesn't exist in any standard Linux distribution I know of. As mentioned above (@WumpusQ) there's also an attempt at a similar project for Linux mentioned in above comments, however this project is not complete and doesn't restore the CPU state to the original state. It is, however, still good enough in some specific debugging cases.
It is also worth mentioning that there exist other ELF formatted files that cannot be executes as well which are not core files. Such as object files (compiler output) and .so (shared object) files. Those require a linking stage before being run to resolve external addresses.
这篇关于核心转储本身可以执行吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!