Method 3: Using the map file

Edit online

This method demonstrates a way to access global data using the map file, but without using the TOC. The address of the data for the demokext_j variable is calculated.

Unlike the procedure outlined in Method 2: Using the TOC and map file, this method can be used at any time. This method requires the map file and the address at which the kernel extension was loaded.

Note: Because this method depends on how a kernel extension is loaded, this method might quit working if the procedure for loading a kernel extension is changed.

This method relies on the assumption that the address of a global variable can be found by using the following formula:

Addr of variable = Addr of the last function before the variable in the map +
                   Length of the function +
                   Offset of the variable

The following is a part of the map file for the demokext kernel extension:

20       000005B8 000028  2 GL SD S17   <.fp_write>               glink.s(/usr/lib/glink.o)
21       000005B8           GL LD S18   .fp_write
22       000005E0 000028  2 GL SD S19   <.fp_open>                glink.s(/usr/lib/glink.o)
23       000005E0           GL LD S20   .fp_open
24       00000000 0000F9  3 RW SD S21   <_$STATIC>                demokext.c(demokext.o)
25     E 000000FC 000004  2 RW SD S22   demokext_j                demokext.c(demokext.o)
26   *   00000100 00000C  2 DS SD S23   demokext                  demokext.c(demokext.o)
27       0000010C 000000  2 T0 SD S24   <TOC>
28       0000010C 000004  2 TC SD S25   <_$STATIC>
29       00000110 000004  2 TC SD S26   <_system_configuration>

The last function in the .text section is at lines 22 and 23. The offset of this function from the map is 0x000005E0 (line 22, column 2). The length of the function is 0x000028 (Line 22, column 3). The offset of the demokext_j variable is 0x000000FC (line 25, column 2). So the offset from the load point value to the demokext_j variable is:

0x000005E0 + 0x000028 + 0x000000FC = 0x00000704

Adding this offset to the load point value of the demokext kernel extension provides the address of the data for the demokext_j variable. Assuming a load point value of 0x01304040, this indicates that the data for the demokext_j variable is located at:

0x01304040 + 0x00000704 = 0x01304744

To view global data, complete the following:

  1. Activate KDB kernel debugger. Use the appropriate key sequence for your configuration. When this step is complete, you should see a KDB prompt.
  2. Display the data for the demokext_j variable by typing the following: 
    dw demokext+704

    The 704 value is calculated from the map using the procedure listed above. This offset is then added to the load point of the demokext routine. The value for the demokext_j variable should now be 0x00000065. The data displayed should be similar to the following: 

    demokext_j+000000: 00000065 01304040 01304754 00000000  ...e.0@@.0GT....
    Note: There are numerous ways to find this address. For other methods, see Setting breakpoints.
  3. Exit the KDB kernel debugger by typing g on the command line and pressing Enter. The prompt changes to a dollar sign ($).
  4. Bring the demo program to the foreground by typingfg and pressing Enter. The prompt changes to ./demo.
  5. Type 0 and press Enter to unload the demokext kernel extension and exit.