"The Coroner's Toolkit" from Venema and Farmer includes a tool which
paws through /proc and writes process memory for all processes running
on the system to record files (intended for post-mortem analysis after
a breakin). Sounds like this tool would do what you want.
The toolkit can be found at
http://www.fish.com/forensics/
or
http://www.porcupine.org/forensics/
On 15-Sep-00 Vadim Belman wrote:
> It seem like I got a NFS-related bug here where a httpd process
> hung in a uninterruptable wait (a disk operation, most likely). In order to
> locate the problem I need the process' stack trace first.
>
> gdb doesn't attach to the process for obvious reasons. Making a
> crashdump doesn't inspire me at all.
>
> The question is: is there a way of working with /proc entries? I.e.
> is it possible to get all what I need from, say, /proc/<PID>/mem?
>
> --
> /Voland Vadim Belman
> E-mail: [EMAIL PROTECTED]
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
>
--------------
Duane H. Hesser
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
