drgn (pronounced "dragon") is a debugger-as-a-library. In contrast to existing debuggers like GDB which focus on breakpoint-based debugging, drgn excels in live introspection. drgn exposes the types and variables in a program for easy, expressive scripting in Python. For example, you can debug the Linux kernel:
>>> from drgn.helpers.linux import list_for_each_entry
>>> for mod in list_for_each_entry('struct module',
... prog['modules'].address_of_(),
... 'list'):
... if mod.refcnt.counter > 10:
... print(mod.name)
...
(char [56])"snd"
(char [56])"evdev"
(char [56])"i915"
drgn was developed for debugging the Linux kernel (as an alternative to the crash utility), but it can also debug userspace programs written in C. C++ support is planned.
Documentation can be found at drgn.readthedocs.io.
Install the following dependencies:
- Python 3.6 or newer
- elfutils development libraries (libelf and libdw)
- GNU autotools (autoconf, automake, and libtool) and pkgconf
Then, run:
$ git clone https://github.com/osandov/drgn.git
$ cd drgn
$ python3 setup.py build
$ sudo python3 setup.py install
See the installation documentation for more details.
To debug the running kernel, run sudo drgn -k
. To debug a running program,
run sudo drgn -p $PID
. To debug a core dump (either a kernel vmcore or a
userspace core dump), run drgn -c $PATH
. The program must have debugging
symbols available.
Then, you can access variables in the program with prog['name']
, access
structure members with .
, use various predefined helpers, and more:
$ sudo drgn -k
>>> prog['init_task'].comm
(char [16])"swapper/0"
>>> d_path(fget(find_task(prog, 1), 0).f_path.address_of_())
b'/dev/null'
>>> max(task.stime for task in for_each_task(prog))
(u64)4192109975952
>>> sum(disk.gendisk.part0.nr_sects for disk in for_each_disk(prog))
(sector_t)999705952
See the user guide for more information.
Copyright 2018-2019 Omar Sandoval
drgn is licensed under the GPLv3 or later.