Question:

Hello everyone,
recently my friend have found a malcious program running on his
web-server. After some actions i thought it would be helpful to make
its core dump, but i couldn't figure out how to do this. The only
thing that came to mind was attaching to it with gdb, stopping
it and dumping regions of memory manually (using memory map in
/proc/pid/mem). It went fine, i copied all segments but it would be much
better to have standart core dump, to be able to use usual programms on
it later. I remember, that several years ago default behaviour of a
program running under linux was dumping itself on SIGSEGV.
And I wonder, how was this fullfilled, was it feature of glibc to catch
SIGV and write a dump? Or was it made by the kernel?

The following is for sun solaris. For other OS, such
as Linux or other Unix, there must be similar
commands.

# dumpadm
to define the dump device and savecore directory. Make
sure the save core directory has enough space to save
the image of the memory.