There is possibility to run crash on live system, this has some drawbacks though:
- not all its features are available (e.g. inspecting stacks of tasks),
- crash may be intrusive (e.g.
wr), i.e. danger for production systems,
- time window for live session may be limited.
For userspace programs there is
gcore utility (based on ptrace) that can take a coredump of a running program for deferred analysis.
Explore possibilities of implementing live dumping for kernel and attempt a live dump implementation.
No Hackers yet
This project is part of:
Hack Week 18