strings command
This is a discussion on strings command within the AIX Operating System forums, part of the Unix Operating Systems category; --> Hi, I was wondering if you can help me interpret the results from a core file using the strings ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-05-2008, 09:13 AM
| ||||
| ||||
 strings command Hi, I was wondering if you can help me interpret the results from a core file using the strings command. I basically would like to know if I can work out what program was running for the core dump to happen. Here is a sample of a core file: $ strings core uvsh 4uvsh 0/.uvlibs/libodbc.so (/usr/lib/libcrypt.a shr.o `/usr/lib/libc.a shr.o opt/ud60/bin:/opt/uv/bin:/usr/vac/bin:/usr/local/bin:/home/proddev/cfp:/opt/redb ack/server/redback/rgw/bin:/prodDev/scripts LC__FASTMSG=true IMQCONFIGSRV=/etc/IMNSearch CGI_DIRECTORY=/var/docsearch/cgi-bin EDITOR=vi LOGNAME=cfp MAIL=/usr/spool/mail/cfp LOCPATH=/usr/lib/nls/loc PS1=${LOGNAME}@${HOSTNAME} ${PWD} $ USER=cfp DOCUMENT_SERVER_MACHINE_NAME=localhost AUTHSTATE=compat UDTHOME=/opt/ud60 RBHOME=/opt/redback/server/redback DEFAULT_BROWSER=netscape SHELL=/usr/bin/ksh ODMDIR=/etc/objrepos DOCUMENT_SERVER_PORT=49213 UDTBIN=/opt/ud60/bin HOME=/home/proddev/cfp TERM=ansi MAILMSG=[YOU HAVE NEW MAIL] PWD=/prodDev/uv/Devel2.6 DOCUMENT_DIRECTORY=/usr/docsearch/html TZ=AEST-10AEDT-11:00:00,M10.5.0,M3.5.0 UVHOME=/opt/uv A__z=! LOGNAME UV_USERNO=-411 WHO=P2000.DEV BELL= FLAVOR=-1 msg/%L/%N.cat:/usr/lib/nls/msg/en_US/%N.cat PLE_LEN=4 EXPBLKSIZE=64 MAX_OBJ_SIZE=307200 MIN_MEMORY_TEMP=256 GRP_FREE_BLK=5 SHM_FIL_CNT=2048 SPLIT_LOAD=60 MERGE_LOAD=40 KEYDATA_SPLIT_LOAD=95 KEYDATA_MERGE_LOAD=40 MAX_FLENGTH=1073740800 PART_TBL=/opt/ud60/parttbl EFS_LCKTIME=0 TSTIMEOUT=60 NFA_CONVERT_CHAR=0 JRNL_MAX_PROCS=1 JRNL_MAX_FILES=400 MAX_OPEN_FILE=500 MAX_OPEN_SEQF=150 MAX_OPEN_OSF=100 MAX_DSFILES=1000 MAX_CAPT_LEVEL=2 MAX_RETN_LEVEL=2 COMPACTOR_POLICY=1 VARMEM (H"" DHBD $H"D BH$! "H(D Ch-28 BH"$ /source/uv/tact7.2/TSOURCE7.2/B-OBJ.O /source/uv/tact7.2/TSOURCE7.2/B-OBJ.O/SR6 890001 `BH"$ INIT pts/60 14;1H [23;1H 0n%tqwC 0n6$ 0n6$ /bin/csh 4in/sh /dev/pts/60 NOT_SU/ [%p1%{1}%+%dG [%i%p1%d;%p2%dH [%p1%dL [%p1% p2%{ %t7;%;%?/ t4;%;%?%p3%t7;%; ;%;% LOGIN.INIT x%?%p/ +c\C TANZ-OBJ.O ANZ-OBJ.O/LOGIN.INIT :00:00 H%tqwC >0}w pts/60 pts/60 dgladding.#####.com.au x.ANZFM /../tactdg pts/ pts/60 dgladding..###.##.au "2$ 0.0. =\0 = PB""( B""$ :00:00 % """ """B B"(B 'p""( B""" %@61DD *`"""$ +0"""$ _=/opt/uv/bin/uv LANG=C LOGIN=dg IMQCONFIGCL=/etc/IMNSearch/dbcshelp PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/opt/ud60/bin:/opt/uv/b in:/usr/vac/bin:/usr/local/bin:/home/profserv/dg:/opt/redback/server/redback/rgw /bin:. LC__FASTMSG=true IMQCONFIGSRV=/etc/IMNSearch CGI_DIRECTORY=/var/docsearch/cgi-bin EDITOR=vi LOGNAME=dg MAIL=/usr/spool/mail/dg LOCPATH=/usr/lib/nls/loc PS1=$PWD $ USER=dg DOCUMENT_SERVER_MACHINE_NAME=localhost AUTHSTATE=compat UDTHOME=/opt/ud60 RBHOME=/opt/redback/server/redback DEFAULT_BROWSER=netscape SHELL=/usr/bin/ksh ODMDIR=/etc/objrepos DOCUMENT_SERVER_PORT=49213 UDTBIN=/opt/ud60/bin HOME=/home/profserv/dg TERM=ansi MAILMSG=[YOU HAVE NEW MAIL] PWD=/tact/TACT.ANZFM DOCUMENT_DIRECTORY=/usr/docsearch/html TZ=AEST-10AEDT-11:00:00,M10.5.0,M3.5.0 UVHOME=/opt/uv A__z=! LOGNAME Much Appreciated : )      |
|
01-05-2008, 09:13 AM
| |||
| |||
| Re: strings command "connect" <pamato@ultradata.com.au> writes: > I basically would like to know if I can work out what program was running > for the core dump to happen. Most likely this one: /opt/uv/bin/uv Here you'll find some more info (and more answers): http://groups.google.com/group/comp....979a728a0b21a8 Cheers, -- In order to understand recursion you must first understand recursion. Remove /-nsp/ for email. |
|
01-05-2008, 09:13 AM
| |||
| |||
| Re: strings command Agreed, I always use the following command as a first check when encountering a core file: strings core | grep ^_= The caret (^) ensuring the _= is at the beginning of a line. Simple, usually effective and easy to remember. Cheers, Nick. Wales. |
|
01-05-2008, 09:13 AM
| |||
| |||
| Re: strings command Following is more effective: On the right side of the output, you can see this is from awk. # lquerypv -h /full/path/to/core 6b0 64 000006B0 7FFFFFFF FFFFFFFF 7FFFFFFF FFFFFFFF |................| 000006C0 00000000 000007D0 7FFFFFFF FFFFFFFF |................| 000006D0 00120000 49549BF8 00000000 00000004 |....IT..........| 000006E0 61776B00 00000000 00000000 00000000 |awk.............| 000006F0 00000000 00000000 00000000 00000000 |................| 00000700 00000000 00000000 00000000 0000004B |...............K| 00000710 00000000 00000029 00000000 0000004B |.......).......K| |
|
01-05-2008, 09:13 AM
| |||
| |||
| Re: strings command "connect" <pamato@ultradata.com.au> writes: >Hi, >I was wondering if you can help me interpret the results from a core file >using the strings command. Run the "file" command on it. # cat prog.c cat: 0652-050 Cannot open prog.c. # cat core.c #include <stdio.h> main(){ char *c; strcpy(c,"core dump"); } # cc -o prog core.c # ./prog Segmentation fault (core dumped) # file core core: AIX core file fulldump 32-bit, prog -Mike |
Linear Mode
