自上次发表Infinitely listen to jabber events?
以来,我感动了一点现在我得到了一个正确的核心转储(似乎所有以前都不正确)并且我可以进行回溯,但我无法加载此回溯的符号
所以,我的工作是
lldb
target create -d -c ~/Downloads/core-xnu-2050.48.12-10.41.20.195-71371911 /Volumes/KernelDebugKit/mach_kernel
bt
(lldb) bt
* thread #1: tid = 0x0000, 0xffffff8009abcecb, stop reason = signal SIGSTOP
* frame #0: 0xffffff8009abcecb
frame #1: 0xffffff8009a1d636
frame #2: 0xffffff8009d4e45f
frame #3: 0xffffff8009d4cf7d
frame #4: 0xffffff8009d9e585
frame #5: 0xffffff8009d59942
frame #6: 0xffffff8009d58ebd
frame #7: 0xffffff7f8b28c299
frame #8: 0xffffff8009d48dc1
frame #9: 0xffffff8009afc6ee
frame #10: 0xffffff8009b103ee
frame #11: 0xffffff8009b02bc9
frame #12: 0xffffff8009b03394
frame #13: 0xffffff8009de97ba
但没有符号(虽然我从KernelDebugKit / mach_kernel加载了一个)。此外,当我尝试运行 paniclog 时,我得到了以下输出
(lldb) paniclog
************ LLDB found an exception ************
There has been an uncaught exception. A possible cause could be that remote connection has been disconnected.
However, it is recommended that you report the exception to lldb/kernel debugging team about it.
************ Please run 'xnudebug debug enable' to start collecting logs. ************
Traceback (most recent call last):
File "/Volumes/KernelDebugKit/mach_kernel.dSYM/Contents/Resources/Python/lldbmacros/xnu.py", line 107, in _internal_command_function
obj(cmd_args=stream.target_cmd_args)
File "/Volumes/KernelDebugKit/mach_kernel.dSYM/Contents/Resources/Python/lldbmacros/xnu.py", line 527, in ShowPanicLog
panic_buf_end = unsigned(kern.globals.debug_buf_ptr)
File "/Volumes/KernelDebugKit/mach_kernel.dSYM/Contents/Resources/Python/lldbmacros/core/cvalue.py", line 345, in unsigned
return val._GetValueAsUnsigned()
File "/Volumes/KernelDebugKit/mach_kernel.dSYM/Contents/Resources/Python/lldbmacros/core/cvalue.py", line 295, in _GetValueAsUnsigned
raise ValueError("Failed to read unsigned data. "+ str(self._sbval19k84obscure747) +"(type =" + str(self._sbval19k84obscure747_type) + ") Error description: " + serr.GetCString())
ValueError: Failed to read unsigned data. (char *) debug_buf_ptr = <mach_kernel[0xffffff8000801170] can't be resolved, mach_kernel in not currently loaded>
(type =char *) Error description: could not resolve value
(lldb)
那么,这是分析这种类型转储的正确方法吗?文章或其他什么? =)
答案 0 :(得分:4)
您使用的是什么版本的lldb?这看起来应该可以工作 - Xcode 5.x的lldb绝对可以使用,早期的版本可能没有(我不记得确切的内核核心文件调试支持何时完成 - 但我认为Xcode 5的lldb是它的开始)。
当lldb开始检查核心文件时,它会在核心文件中搜索内核二进制文件。如果找到一个,它会从“用户调试”切换到“内核调试”模式(具体来说 - 它选择DynamicLoader和Platform插件进行内核调试)。
一旦你检查到你正在使用最近的lldb(例如lldb-310.2.x用于最新的Xcode 5.x更新),你可以尝试直接在核心文件上运行lldb,而不必将内核二进制文件指定为测试 -
% lldb -c core-xnu-blahblahwhatever--53821b67
Kernel UUID: 9FEA8EDC-B629-3ED2-A1A3-6521A1885953
Load Address: 0xffffff802c400000
当您看到Kernel UUID:和Load Address:行时,它会告诉您lldb在核心文件中找到了内核映像。您还可以使用platform status命令确认选择了哪个平台:
(lldb) pla sta
Platform: darwin-kernel
Connected: no
Debug session type: Mac OS X kernel debugging
Kext directories: [ 0] "/System/Library/Extensions"
Kext directories: [ 1] "/Library/Extensions"
Kext directories: [ 2] "/Applications/Xcode.app/Contents/Symbols"
Total number of kexts indexed: 818
(lldb)
当然你不能在没有内核二进制文件的情况下进行真正的内核调试 - 只需一个快速提示,你可以在命令行中指定核心文件和二进制文件,
% lldb -c core-xnu-blahblahwhatever--53821b67 /Volumes/KernelDebugKit/mach_kernel
你的回溯中的地址看起来像内核核心文件会话,但由于某种原因,你使用的lldb并没有在那里找到内核。