Issue
I've got some core dump files generated in my system, but the suffix for these core files only has a timestamp, no process ID information.
So it there any process ID related information inside a core file, so that I can know it from gdb or other tools?
Solution
So it there any process id related information inside core files
Definitely.
In the core file, there is a set of ELF notes. The note you are looking for is of type NT_PRPSINFO, and it contains (among other things) pr_pid that you want:
typedef struct prpsinfo { /* Information about process */
unsigned char pr_state; /* Numeric process state */
char pr_sname; /* Char for pr_state */
unsigned char pr_zomb; /* Zombie */
signed char pr_nice; /* Nice val */
unsigned long pr_flag; /* Flags */
uint32_t pr_uid; /* User ID */
uint32_t pr_gid; /* Group ID */
pid_t pr_pid; /* Process ID */
pid_t pr_ppid; /* Parent's process ID */
pid_t pr_pgrp; /* Group ID */
pid_t pr_sid; /* Session ID */
char pr_fname[16]; /* Filename of executable */
char pr_psargs[80]; /* Initial part of arg list */
} prpsinfo;
The question is: which tool(s) can find and decode this note. Try eu-readelf from elfutils.
Answered By - Employed Russian Answer Checked By - Pedro (WPSolving Volunteer)