Method 2: Using the TOC and map file

Edit online

Method 2 demonstrates accessing global data using the TOC and the map file. This method requires that the system is stopped in the KDB kernel debugger within a procedure of the kernel extension to be debugged. The address of the data for the demokext_j variable is calculated.

Before you can locate the address of global data using the address of the TOC and the map file, the system must be stopped in the KDB kernel debugger within a routine of the kernel extension you want to debug. To do this, set a breakpoint within the kernel extension. For more information about setting a breakpoint, see Setting breakpoints.

When the KDB kernel debugger is invoked, general purpose register number 2 points to the address of the TOC. From the map file, the offset from the start of the table of contents (TOC) to the desired TOC entry can be calculated. Knowing this offset, and knowing the address at which the TOC starts, allows the address of the TOC entry for the desired global variable to be calculated. Then, the address of the TOC entry for the desired variable can be examined to determine the address of the data.

For example, assume that the KDB kernel debugger was invoked because of a breakpoint at line 67 of the demokext routine, and that the value for general purpose register number 2 is 0x01304754.

To find the address of the demokext_j variable, complete the following:

  1. Calculate the offset from the beginning of the TOC to the TOC entry for the demokext_j variable. From the map file, the TOC starts at 0x0000010C and the TOC entry for the demokext_j variable is at 0x00000114. Therefore, the offset from the beginning of the TOC to the entry of interest is: 
    0x00000114 - 0x0000010C = 0x00000008
  2. Calculate the address of the TOC entry for the demokext_j variable. This is the current value of general purpose register 2 plus the offset calculated in the preceding step. The calculation is as follows: 
    0x01304754 + 0x00000008 = 0x0130475C
  3. Display the data at 0x0130475C. The data displayed is the address of the data for demokext_j.

To view and modify global data, do the following:

  1. At the KDB(0) prompt, set a break at line 67 of the demokext routine by typing the following: 
    b demokext+e0
    Note: Breaking at this location ensures that the KDB kernel debugger is invoked while within the demokext routines.
  2. Obtain the value of General Purpose Register 2. You need that to determine the address of the TOC.
  3. Exit the KDB kernel debugger by typing g on the command line.
  4. Bring the demo program to the foreground and choose a selection. Choosing a selection causes the demokext routine to be called for configuration. Because a break was set, this causes the KDB kernel debugger to be invoked.
    Note: The prompt changes to a dollar sign ($).
  5. Bring the demo program to the foreground by typing the following: 
    fg
    Note: The prompt changes to ./demo.
  6. Enter a value of 1 to select the option to increment the counters within the demokext kernel extension. This causes a break at line 67 of the demokext kernel extension and the prompt changes to KDB(0).
  7. Display the general purpose registers by typing the following: 
    dr
    The data displayed should be similar to the following: 
    r0  : 0130411C  r1  : 2FF3B210  r2  : 01304754  r3  : 01304744  r4  : 0047B180
r5  : 0047B230  r6  : 000005FB  r7  : 000DD300  r8  : 000005FB  r9  : 000DD300
r10 : 00000000  r11 : 00000000  r12 : 013042F4  r13 : DEADBEEF  r14 : 00000001
r15 : 2FF22D80  r16 : 2FF22D88  r17 : 00000000  r18 : DEADBEEF  r19 : DEADBEEF
r20 : DEADBEEF  r21 : DEADBEEF  r22 : DEADBEEF  r23 : DEADBEEF  r24 : 2FF3B6E0
r25 : 2FF3B400  r26 : 10000574  r27 : 22222484  r28 : E3001E30  r29 : E6001800
r30 : 01304744  r31 : 01304648
    Using the map, the offset to the TOC entry for the demokext_j variable from the start of the TOC was 0x00000008. Adding this offset to the value displayed for r2 indicates that the TOC entry of interest is at: 0x0130475C.
    Note: The KDB kernel debugger can be used to perform the addition. In this case, the subcommand to use is hcal @r2+8. For more information about the hcal subcommand, see hcal and dcal subcommands.
  8. Display the TOC entry for the demokext_j variable by typing the following: 
    dw 0130475C
    This entry contains the address of the data for the demokext_j variable. The data displayed should be similar to the following: 
    TOC+000008: 01304744 000BCB34 00242E94 001E0518  .0GD...4.$......
    The value for the first word displayed is the address of the data for the demokext_j variable.
  9. Display the data for the demokext_j variable by typing the following: 
    dw 01304744
    The displayed data should indicate that the value for the demokext_j variable is still 0x0000064. This was set earlier because the breakpoint set was in the demokext routine prior to incrementing the demokext_j variable. The data displayed should be similar to the following: 
    demokext_j+000000: 00000064 01304040 01304754 00000000  ...d.0@@.0GT....
  10. Clear all breakpoints with the following command: 
    ca
  11. Exit the kernel debugger by typing g on the command line.
    Note: When you exit, the demo program is in the foreground and a prompt for the next option is displayed. The kernel extension is going to run and increment the demokext_j variable. Next time it should have a value of 0x00000065.
  12. Type the Ctrl+Z key sequence to stop the demo program. At this point, the prompt changes to a dollar sign ($).
  13. Place the demo program in the background by typing the following: 
    bg