Linux Core Dumps: From glibc malloc to eye catchers

Presented at ToorCon San Diego 17 (2015), Oct. 25, 2015, 1 p.m. (20 minutes)

Techniques learned in the field to investigate Linux core dumps. Walking glibc malloc arenas, symbols, virtual memory layout, per-core arenas and virtual memory inflation, and hunting for leaks Neo style by looking through hex dumps for eye catchers. Good for those that might investigate a crash or memory leak, or just looking to learn about virtual memory layouts.


  • Kevin Grigorenko
    Kevin Grigorenko is a software engineer on the IBM SWAT team, which provides worldwide, on-site and remote problem determination for critical situations such as down websites and other computer infrastructure problems. Kevin has traveled to over 100 customers, most in the Fortune 500, in North America, Europe, and Asia. Kevin has a Bachelor of Science in Computer Science from Rutgers University. He is a quick learner and well versed in most modern computer technologies and programming languages. He has also worked at Microsoft.