https://lwn.net/Articles/335942/
https://linux.die.net/man/1/pahole
pahole属于dwarves。这个命令可以局部dump内存,不需要整个dump。或者实时使用crash命令。
先找到proc_inode_cache的内存地址:
sudo cat /proc/kallsyms | grep proc_inode_cache
显示结果例子:
ffffffff81e6d3c0 D proc_inode_cache
第一行是符号的地址;
然后使用命令
pahole -C proc_inode_cache -o dump.bin /proc/kcore ffffffff81e6d3c0
Here, pahole is instructed to dump the proc_inode_cache structure (-C proc_inode_cache) into a file called dump.bin (-o dump.bin), using the system’s core file (/proc/kcore) and starting at the address of the symbol (ffffffff81e6d3c0).
You can then examine the contents of the dump.bin file using a hex editor or other tools that can parse binary files.
Note that dumping memory using pahole requires root privileges, as it accesses the system’s core file. Also, be careful when manipulating memory directly, as it can cause system instability or crashes if done incorrectly.