A kernel debugger in Python: drgn

I am the main developer of PyKdump and would like to provide several comments:

1. While we can execute crash and gdb commands and get results as text, this is not how PyKdump is intended to be used. API is built directly on crash/GDB internals so that we do not process text information but rather use direct API. The performance is quite nice - typically traversing a list of structures and dereferencing some fields of these structures can be done at about 100,000 structs per second rate.

2. Just like with your tool, the main reason for PyKdump is writing programs. At this moment we already have many programs (1st pass analysis, NFS analysis, hangs analysis etc.) - about 24,000 lines of Python code.

See e.g https://sourceforge.net/p/pykdump/code/ci/master/tree/pro... for an example of how code looks like.

3. The tools are written so that they work with different distributions (I work in HPE and we have to analyze vmcores from SLES, RHEL and Ubuntu). This needs significant effort as kernel structures change all the time - but our tools work for anything from 2.6.18 kernels to 5.0 kernels.

4. While programs/libraries can be located as separate files on your host, everything including the framework and programs can be packaged in a single file that is both .so and ZIP. It does not depend on anything except GLIBC so it is portable between different hosts/distributions. I build new binary versions regularly and upload them to https://sourceforge.net/projects/pykdump/files/mpykdump-x...

5. Current version of PyKdump is based on Python-3.7.3

Alex