You can examine the control structures, active tables, memory images of a live or crashed system kernel and other information about the operation of the kernel by using the mdb utility.
See Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
For example, to change to the default directory:
# cd /var/crash
If you are unsure of the location of the crash dump, use the dumpadm command to determine where the system has been configured to store kernel crash dump files. The following sample output shows that the default directory location has not been changed:
# /usr/sbin/dumpadm
Dump content: kernel with ZFS metadata
Dump device: /dev/zvol/dsk/rpool/dump (dedicated)
Savecore directory: /var/crash
Savecore enabled: yes
Save compressed: on
# /usr/bin/mdb [-k] crashdump-file
Specifies kernel debugging mode by assuming the file is an operating system crash dump file.
Specifies the operating system crash dump file.
For example:
# /usr/bin/mdb -K vmcore.0
The command can also be specified as follows:
# /usr/bin/mdb -k 0
> ::status . . . > ::system . . .
To use the ::system dcmd command when examining a kernel crash dump, the core file must be a kernel crash dump, and the –k option must have been specified when starting the mdb utility.
> $quit
This example shows sample output from the mdb utility, which includes system information and identifies the tunables that are set in the /etc/system file of the system.
# cd /var/crash # /usr/bin/mdb -k unix.0 Loading modules: [ unix krtld genunix ip nfs ipc ptm ] > ::status debugging crash dump /dev/mem (64-bit) from ozlo operating system: 5.10 Generic sun4v > ::system set ufs_ninode=0x9c40 [0t40000] set ncsize=0x4e20 [0t20000] set pt_cnt=0x400 [0t1024] > $q