How do I view CoreDump file?

Solution 1:

Coredump.gz is the (compressed) memory accessible by the program that crashed. It is a binary file. Coredumps are a treasure trove, with all sorts of private data to be mined.

Coredumps can be viewed by running 'gdb':

gdb --core=mycoredump

Of course, you will still need the debug packages associated with this core.

You can, then, generate a stacktrace by:

(gdb) bt

to generate a stacktrace of the current thread -- without parameter resolution --, or

(gdb) thread apply all bt full

to generate a stacktrace of all threads in the coredump, with parameter resolution.

stacktrace and full stacktraces show the control flow within a program. For Python, the top of the stacktrace shows the oldest call, with the most recent at the bottom; for pretty much everything else, the top is the most recent call, and the bottom the oldest.

A full stacktrace will not only show the flow, but also the parameter's values. This is where we usually find private data -- for example, say you see a function called "validatePassword" with a parameter called "Password", and a value of "MySecretPassword"...

Stacktraces are usually only helpful if the debug packages are installed (so that the stack frames can be resolved into something we can easily read). Analysis of a stacktrace will require one to have the sources that were used to build this specific program instance.