-----Original Message----- If you cannot get the vmlinux compiled with -g option, you cannot use the crash utility. (but if you can build a vmlinux from the same source and config as the running kernel, you might be able to use crash with it and System.map or /proc/kallsyms? I've not tried this though..) If you want only to dump a kernel virtual address, you might be able to use /proc/kcore. For example, to dump ffffffffad200100, which is linux_banner on a machine btw, determine which segment the address is in, # readelf -l /proc/kcore Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align ... LOAD 0x00007fffaca02000 0xffffffffaca00000 0x0000000c7a000000 0x000000000169b000 0x000000000169b000 RWE 1000 ... calculate the offset from its start address, # echo $((0xffffffffad200100 - 0xffffffffaca00000)) 8388864 and dump the file offset in /proc/kcore. # dd if=/proc/kcore bs=1 skip=$((0x00007fffaca02000 + 8388864)) count=16 2>/dev/null Linux version 3. Thanks, Kazu