A Python library for creating Linux kdump crash dump files

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sdimitro93 from gravatar.com sdimitro93

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Tags kdump , vmcore , linux , crash , elf , coredump
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

kdumpling logo

kdumpling

CI Codecov Documentation PyPI version Python versions License: MIT

A Python library for creating Linux kdump crash dump files.

Overview

kdumpling allows you to synthesize valid ELF64 vmcore files from raw memory data and vmcoreinfo values. This is useful for:

  • Testing crash dump analysis tools (like drgn, crash)
  • Creating synthetic crash dumps for debugging
  • Educational purposes for understanding Linux kernel crash dump formats

Installation

pip install kdumpling

Quick Start

from kdumpling import KdumpBuilder

# Create a builder for x86_64 architecture
builder = KdumpBuilder(arch='x86_64')

# Set the vmcoreinfo metadata
builder.set_vmcoreinfo("""OSRELEASE=5.14.0
PAGESIZE=4096
SYMBOL(swapper_pg_dir)=ffffffff82a00000
""")

# Add memory segments
builder.add_memory_segment(phys_addr=0x100000, data=b'\x00' * 4096)

# Add CPU register state (optional)
builder.add_cpu_context(
    cpu_id=0,
    registers={'RIP': 0xffffffff81000000, 'RSP': 0xffff888000000000},
    pid=1
)

# Check stats before writing
print(builder.stats)
# Dump Statistics:
#   Architecture: x86_64
#   Memory Segments: 1
#   CPU Contexts: 1
#   Total Memory: 4.0 KB (4096 bytes)
#   ...

# Write the vmcore file
builder.write("output.vmcore")

Features

  • Multi-architecture support: x86_64, aarch64/arm64, s390x, ppc64/ppc64le, riscv64
  • Fluent API: Chain method calls for concise code
  • CPU context support: Include register state for debugging tools
  • Memory from multiple sources: bytes, file paths, or file-like objects
  • Statistics API: Inspect dump properties before writing
  • Validated: Tested with pyelftools, drgn, and libkdumpfile

Supported Architectures

Architecture Endianness Description
x86_64 Little 64-bit x86 (AMD64/Intel 64)
aarch64 / arm64 Little 64-bit ARM
s390x Big IBM Z series
ppc64le Little 64-bit PowerPC (little endian)
ppc64 Big 64-bit PowerPC (big endian)
riscv64 Little 64-bit RISC-V

Validating with drgn

import drgn

prog = drgn.Program()
prog.set_core_dump("output.vmcore")
print(f"Platform: {prog.platform}")  # Platform(<Architecture.X86_64: 1>, ...)
print(f"Flags: {prog.flags}")        # ProgramFlags.IS_LINUX_KERNEL

API Reference

KdumpBuilder

builder = KdumpBuilder(arch='x86_64')

# Set vmcoreinfo metadata
builder.set_vmcoreinfo("OSRELEASE=5.14.0\n...")

# Add memory segments
builder.add_memory_segment(phys_addr=0x100000, data=b'...')
builder.add_memory_segment(phys_addr=0x200000, data="/path/to/file")

# Add CPU context
builder.add_cpu_context(cpu_id=0, registers={'RIP': 0x...}, pid=1)

# Get statistics
stats = builder.stats
print(stats.num_memory_segments)
print(stats.total_memory_size_human)

# Write to file
builder.write("output.vmcore")

DumpStats

stats = builder.stats

stats.architecture          # 'x86_64'
stats.num_memory_segments   # Number of PT_LOAD segments
stats.num_cpu_contexts      # Number of NT_PRSTATUS notes
stats.total_memory_size     # Total memory in bytes
stats.vmcoreinfo_size       # VMCOREINFO size in bytes
stats.estimated_file_size   # Estimated output file size
stats.memory_segments       # List of (phys_addr, size) tuples

# Human-readable sizes
stats.total_memory_size_human     # "4.0 MB"
stats.estimated_file_size_human   # "4.0 MB"

Development

# Clone the repository
git clone https://github.com/sdimitro/kdumpling.git
cd kdumpling

# Install development dependencies
pip install -e ".[dev]"

# Run tests
pytest

# Run linter
ruff check .

# Run type checker
mypy kdumpling

License

MIT License - see LICENSE for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sdimitro93 from gravatar.com sdimitro93

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Tags kdump , vmcore , linux , crash , elf , coredump
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.4.0

This version

0.3.0

0.2.5

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kdumpling-0.3.0.tar.gz (30.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kdumpling-0.3.0-py3-none-any.whl (21.4 kB view details)

Uploaded Python 3

File details

Details for the file kdumpling-0.3.0.tar.gz.

File metadata

  • Download URL: kdumpling-0.3.0.tar.gz
  • Upload date:
  • Size: 30.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for kdumpling-0.3.0.tar.gz
Algorithm Hash digest
SHA256 0e6fa608542755335a460502f790d38f58c85137fc1f7cb8fed1dd96751f526e
MD5 94a05fd1a3b27d5bafbebeff780d7149
BLAKE2b-256 9e3d4b04fa11a8467cd6dc2e388d70d33c5a321ff88194a6074fb522e3e2b470

See more details on using hashes here.

Provenance

The following attestation bundles were made for kdumpling-0.3.0.tar.gz:

Publisher: release.yml on sdimitro/kdumpling

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file kdumpling-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: kdumpling-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 21.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for kdumpling-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 89b9d0bac60b5b28276fa0e8eb50da81d502de1fda64f6dc655c998e79a05b32
MD5 ea5c55aa939f452e813872fce6bc7226
BLAKE2b-256 763df950f14de4018a647d8001e34332c5ed2f004445fa8e5458067a399e6ca9

See more details on using hashes here.

Provenance

The following attestation bundles were made for kdumpling-0.3.0-py3-none-any.whl:

Publisher: release.yml on sdimitro/kdumpling

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page