Method 3 involves using the kmid pointer.
To locate the address of the entry point for a kernel extension, use
the value of the kmid pointer returned by the sysconfig(SYS_KLOAD) subroutine
when the kernel extension is loaded. The kmid pointer
points to the address of the load point routine.
To get the address of the load point, print
the kmid value during the sysconfig call
from the configuration method. For example, use the demo.c module.
Then start the KDB kernel debugger and display the value pointed to
by the kmid pointer.
Note: The default prompt
is KDB(0)>.
- Display the memory at the address returned as the kmid pointer
from the sysconfig subroutine, by typing the following:
dw 1304748
KDB kernel debugger responds
with something similar to:
demokext+000000: 01304040 01304754 00000000 01304648 .0@@.0GT.....0FH
The
first word of data displayed is the address of the first instruction
of the demokext routine. The data displayed is
at the location demokext+000000. This corresponds
to line 26 of the map presented earlier. However, demokext+000000 and .demokext+000000 are
not the same address. The location .demokext+000000 corresponds
to line 10 of the map and is the address of the first instruction
for the demokext routine.
- Set the break at the location indicated from the previous
command added to the offset to get to line 67 using the following
command:
b 01304040+e0
KDB kernel
debugger responds with an indication of the address at which the breakpoint
is set.
- Clear all breakpoints by typing the following: