lsmod - Show status of modules in the Linux kernel.
lsmod is a trivial program which nicely formats the contents of the /proc/odules, showing what kernel modules are currently loaded.
dmesg - examine or control the kernel ring buffer.
The kernel buffer is a data structure used for keeping the log messages of the kernel and the kernel modules. It’s a ring buffer with a fixed size. Once it’s full, new messages overwrite the oldest messages. During boot, the kernel saves the messages into the kernel buffer.
lsscsi - Uses information in sysfs (Linux kernel series 2.6 and later) to list SCSI devices (or hosts) currently attached to the system.
This is due to kernel hardening in Linux; you can disable this behavior by echo 0 > /proc/sys/kernel/yama/ptrace_scope or by modifying it in /etc/sysctl.d/10-ptrace.conf.
By default, when a program forks, gdb will continue to debug the parent process and the child process will run unimpeded.
If you want to follow the child process instead of the parent process, use the command set follow-fork-mode.
set follow-fork-mode mode Set the debugger response to a program call of fork or vfork. A call to fork or vfork creates a new process. The mode argument can be: parent The original process is debugged after a fork. The child process runs unimpeded. This is the default. child The new process is debugged after a fork. The parent process runs unimpeded. ask gdb 会提示让你选择 parent 还是 child 。
show follow-fork-mode Display the current debugger response to a fork or vfork call. On Linux, if you want to debug both the parent and child processes, use the command set detach-on-fork.
set detach-on-fork mode Tells gdb whether to detach one of the processes after a fork, or retain debugger control over them both. on The child process (or parent process, depending on the value of follow-fork-mode) will be detached and allowed to run independently. This is the default. off Both processes will be held under the control of gdb. One process (child or parent, depending on the value of follow-fork-mode) is debugged as usual, while the other is held suspended.
show detach-on-fork Show whether detach-on-fork mode is on/off.
If you issue a run command to gdb after an exec call executes, the new target restarts. To restart the parent process, use the file command with the parent executable name as its argument. By default, after an exec call executes, gdb discards the symbols of the previous executable image. You can change this behaviour with the set follow-exec-mode command.
set follow-exec-mode mode Set debugger response to a program call of exec. An exec call replaces the program image of a process. follow-exec-mode can be:
new gdb creates a new inferior and rebinds the process to this new inferior. The program the process was running before the exec call can be restarted afterwards by restarting the original inferior. For example:
1 2 3 4 5 6 7 8 9 10 11
(gdb) info inferiors (gdb) info inferior Id Description Executable * 1 <null> prog1 (gdb) run process 12020 is executing new program: prog2 Program exited normally. (gdb) info inferiors Id Description Executable * 2 <null> prog2 1 <null> prog1
same gdb keeps the process bound to the same inferior. The new executable image replaces the previous executable loaded in the inferior. Restarting the inferior after the exec call, with e.g., the run command, restarts the executable the process was running after the exec call. This is the default mode. For example:
1 2 3 4 5 6 7 8 9
(gdb) info inferiors Id Description Executable * 1 <null> prog1 (gdb) run process 12020 is executing new program: prog2 Program exited normally. (gdb) info inferiors Id Description Executable * 1 <null> prog2
%c - Core file size soft resource limit of crashing process (since Linux 2.6.24). %p - insert pid into filename 添加pid %u - insert current uid into filename 添加当前uid %g - insert current gid into filename 添加当前gid %s - insert signal that caused the coredump into the filename 添加导致产生core的信号 %t - insert UNIX time that the coredump occurred into filename 添加core文件生成时的unix时间 %h - insert hostname where the coredump happened into filename 添加主机名 %e - insert coredumping executable name into filename 添加命令名
If the first character of the pattern is a '|', the kernel will treat the rest of the pattern as a command to run. The core dump will be written to the standard input of that program instead of to a file.
Apport的拦截组件默认是关闭的:
Apport itself is running at all times because it collects crash data for whoopsie (see ErrorTracker). However, the crash interception component is still disabled. To enable it permanently, do:
1
sudo nano /etc/apport/crashdb.conf
… and add a hash symbol # in the beginning of the following line:
'problem_types': ['Bug', 'Package'],
To disable crash reporting just remove the hash symbol.