Method 4: Using the devsw subcommand

Edit online

If the kernel extension is a device driver, use the KDB devsw subcommand to locate the desired address.

The devsw subcommand lists all of the function addresses for the device driver that are in the dev switch table. Usually, the config subroutine is the load point routine. For example,

MAJ#010  OPEN            CLOSE           READ            WRITE
         0123DE04        0123DC04        0123DB20        0123DA3C
         IOCTL           STRATEGY        TTY             SELECT
         0123D090        01244DF0        00000000        00059774
         CONFIG          PRINT           DUMP            MPX
         0123E8C8        00059774        00059774        00059774
         REVOKE          DSDPTR          SELPTR          OPTS
         00059774        00000000        00000000        00000002
Note: The default prompt is KDB(0)>.

To set a breakpoint, complete the following:

  1. Display the device switch table for the first entry by typing the following: 
    devsw 1

    The KDB kernel debugger devsw command displays data similar to the following: 

    Slot address 50006040
MAJ#001  OPEN            CLOSE           READ            WRITE
         .syopen         .nulldev        .syread         .sywrite
         IOCTL           STRATEGY        TTY             SELECT
         .syioctl        .nodev          00000000        .syselect
         CONFIG          PRINT           DUMP            MPX
         .nodev          .nodev          .nodev          .nodev
         REVOKE          DSDPTR          SELPTR          OPTS
         .nodev          00000000        00000000        00000012
    Note: Because the demonstration program is not a device driver, this example uses the addresses of the first device driver in the device switch table and is not related in any way to the demonstration program.
  2. Set a breakpoint at an offset of 0x20 from the beginning of the open routine for the first device driver in the device switch table by typing the following: 
    b .syopen+20

    KDB kernel debugger displays the location of the break.

  3. Clear all breakpoints by typing the following: 
    ca
  4. Turn off symbolic name translation by typing the following: 
    ns
  5. With symbolic name translation turned off, display the device switch table for the first device driver by typing the following: 
    devsw 1

    The output is similar to the following:

    Slot address 50006040
MAJ#001  OPEN            CLOSE           READ            WRITE
         00208858        00059750        002086D4        0020854C
         IOCTL           STRATEGY        TTY             SELECT
         00208290        00059774        00000000        00208224
         CONFIG          PRINT           DUMP            MPX
  6. Set a break at an offset of 0x20 from the beginning of the open routine for the first device driver in the device switch table by typing the following: 
    b 00208858+20

    This sets the same break that was set at the beginning of this example. KDB displays the location of the break.

  7. Toggle symbolic name translation on by typing the following: 
    ns
  8. Clear all breaks by typing the following: 
    ca
  9. Exit the KDB kernel debugger and let the system resume normal operations by typing the following: 
    g