A Python library for creating Linux kdump crash dump files

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sdimitro93 from gravatar.com sdimitro93

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Tags kdump , vmcore , linux , crash , elf , coredump
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

kdumpling logo

kdumpling

CI Codecov Documentation PyPI version Python versions License: MIT

A Python library for creating Linux kdump crash dump files.

Overview

kdumpling allows you to synthesize valid ELF64 vmcore files from raw memory data and vmcoreinfo values. This is useful for:

  • Testing crash dump analysis tools (like drgn, crash)
  • Creating synthetic crash dumps for debugging
  • Educational purposes for understanding Linux kernel crash dump formats

Installation

pip install kdumpling

Quick Start

from kdumpling import KdumpBuilder

# Create a builder for x86_64 architecture
builder = KdumpBuilder(arch='x86_64')

# Set the vmcoreinfo metadata
builder.set_vmcoreinfo("""OSRELEASE=5.14.0
PAGESIZE=4096
SYMBOL(swapper_pg_dir)=ffffffff82a00000
""")

# Add memory segments
builder.add_memory_segment(phys_addr=0x100000, data=b'\x00' * 4096)

# Add CPU register state (optional)
builder.add_cpu_context(
    cpu_id=0,
    registers={'RIP': 0xffffffff81000000, 'RSP': 0xffff888000000000},
    pid=1
)

# Check stats before writing
print(builder.stats)
# Dump Statistics:
#   Architecture: x86_64
#   Memory Segments: 1
#   CPU Contexts: 1
#   Total Memory: 4.0 KB (4096 bytes)
#   ...

# Write the vmcore file
builder.write("output.vmcore")

Features

  • Multi-architecture support: x86_64, aarch64/arm64, s390x, ppc64/ppc64le, riscv64
  • Fluent API: Chain method calls for concise code
  • CPU context support: Include register state for debugging tools
  • Memory from multiple sources: bytes, file paths, or file-like objects
  • Statistics API: Inspect dump properties before writing
  • Validated: Tested with pyelftools, drgn, and libkdumpfile

Supported Architectures

Architecture Endianness Description
x86_64 Little 64-bit x86 (AMD64/Intel 64)
aarch64 / arm64 Little 64-bit ARM
s390x Big IBM Z series
ppc64le Little 64-bit PowerPC (little endian)
ppc64 Big 64-bit PowerPC (big endian)
riscv64 Little 64-bit RISC-V

Validating with drgn

import drgn

prog = drgn.Program()
prog.set_core_dump("output.vmcore")
print(f"Platform: {prog.platform}")  # Platform(<Architecture.X86_64: 1>, ...)
print(f"Flags: {prog.flags}")        # ProgramFlags.IS_LINUX_KERNEL

API Reference

KdumpBuilder

builder = KdumpBuilder(arch='x86_64')

# Set vmcoreinfo metadata
builder.set_vmcoreinfo("OSRELEASE=5.14.0\n...")

# Add memory segments
builder.add_memory_segment(phys_addr=0x100000, data=b'...')
builder.add_memory_segment(phys_addr=0x200000, data="/path/to/file")

# Add CPU context
builder.add_cpu_context(cpu_id=0, registers={'RIP': 0x...}, pid=1)

# Get statistics
stats = builder.stats
print(stats.num_memory_segments)
print(stats.total_memory_size_human)

# Write to file
builder.write("output.vmcore")

DumpStats

stats = builder.stats

stats.architecture          # 'x86_64'
stats.num_memory_segments   # Number of PT_LOAD segments
stats.num_cpu_contexts      # Number of NT_PRSTATUS notes
stats.total_memory_size     # Total memory in bytes
stats.vmcoreinfo_size       # VMCOREINFO size in bytes
stats.estimated_file_size   # Estimated output file size
stats.memory_segments       # List of (phys_addr, size) tuples

# Human-readable sizes
stats.total_memory_size_human     # "4.0 MB"
stats.estimated_file_size_human   # "4.0 MB"

Development

# Clone the repository
git clone https://github.com/sdimitro/kdumpling.git
cd kdumpling

# Install development dependencies
pip install -e ".[dev]"

# Run tests
pytest

# Run linter
ruff check .

# Run type checker
mypy kdumpling

License

MIT License - see LICENSE for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sdimitro93 from gravatar.com sdimitro93

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Tags kdump , vmcore , linux , crash , elf , coredump
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.4.0

0.3.0

0.2.5

This version

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kdumpling-0.2.0.tar.gz (30.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kdumpling-0.2.0-py3-none-any.whl (21.5 kB view details)

Uploaded Python 3

File details

Details for the file kdumpling-0.2.0.tar.gz.

File metadata

  • Download URL: kdumpling-0.2.0.tar.gz
  • Upload date:
  • Size: 30.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for kdumpling-0.2.0.tar.gz
Algorithm Hash digest
SHA256 99a01541996fde7b813ec43d22c02d43379f3bd06048acc7da5b5a6900aeaf58
MD5 d5a71869dcadf044da33d66a525776de
BLAKE2b-256 cbbfd2ca2189541bf27ee0359e83207f962dd3961384a122426461f033e473c2

See more details on using hashes here.

Provenance

The following attestation bundles were made for kdumpling-0.2.0.tar.gz:

Publisher: release.yml on sdimitro/kdumpling

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file kdumpling-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: kdumpling-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 21.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for kdumpling-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fdbac3fec9c87cda58a1d0f7bcebd7eb4395d0ecafe2cbafde3f5a2c0bd18390
MD5 249d474ebc4e302f260a14e4c672538b
BLAKE2b-256 0d174ba52790cc6d89a188ae2af4b7e5ffdf5d321e1d9d3e764e04a45f2671ec

See more details on using hashes here.

Provenance

The following attestation bundles were made for kdumpling-0.2.0-py3-none-any.whl:

Publisher: release.yml on sdimitro/kdumpling

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page