问题
I am working on a c++ application. I got some core files from the client which he says are generated now but is not willing to say how are they generated and what he has done from generating them.
I doubt he is wrong and may be he gave me the dump which were generated long time ago.
Is there any way where I can get the actual creation time of the file?
I doubt the files may be created in some other servers and he has transferred them. Anyone pls help.
If its not in the core file, may be Unix has some way to know the actual creation time of the file in current server or some other server.
Pls help.
回答1:
The creation time of the core file does not appear in the core(4) format in Solaris.
However, there are a couple of things you can do by looking at the NOTES section of the core (libelf to the rescue?). See core(4) for details.
First find the NOTES segment name (probably note0 or (more likely) note1, no leading dot) with objdump -x core
Process start time
The NT_PSINFO entry contains a psinfo_t (see <sys/procfs.h>) which has a member pr_start. This is the start time of the process.
Zonename
Similarly, the zonename where the core was generated is in the NT_ZONENAME entry.
Since this is char * a quick and dirty way to do this, without parsing the segment, is just to dump'n'grep it:
objdump -s -j note1 core | grep ...
(elfdump -n... sounds useful but I couldn't get this to work).
来源:https://stackoverflow.com/questions/10739334/get-the-creation-time-from-core-dump