Page 1 Kernel Debugger Reference (kdebug.dwp) May 30, 2009 Internal commands: ? Display internal command help BC n/* Clear breakpoint n, * clears all BD n/* Disable breakpoint n BE n/* Enable breakpoint n BL List breakpoints BPn addr cnt cmd Set/change breakpoint n BR Set debug register breakpoint BS Show time-stamped breakpoint trace BT addr Set time-stamped breakpoint trace C addr1 cnt addr2 Compare cnt bytes of memory at addr1 with addr2 D addr Ln Dump Ln memory elements at addr A ASCII B Bytes D Double-words W Words DG seg Ln Dump Ln valid global descriptors starting at seg A Include invalid DI seg Ln Dump Ln valid interrupt descriptors starting at seg A Include invalid DL seg Ln Dump valid local descriptors A Include invalid DP addr Ln Dump Ln page table entries at addr A Both page table and directory entries (default) D Page directory entries only DT addr Dump Task State Segment at addr DX Dump 80286 Loadall buffer E addr Enter memory data at addr F addr Ln val Fill Ln bytes at addr with val G =saddr bpaddr,... Go from saddr with temporary BPs at bpaddr,... S Record high-resolution time interval T Remove KDB trap vector handlers temporarily H expr1 expr2 Evaluate expr1 + expr2 and expr1 - expr2 I addr Input from 16-bit I/O port at addr J expr cmd Execute command(s) if expr true K ss:esp cs:eip Display stack S Force 16 bit stack frame B Force 32 bit stack frame L List... A mapname List absolute symbol definitions in mapname M mapname List active maps or status of specified map G mapname List groups in all maps or specified map N addr/sym List symbols near address or default address S addr List symbols in group that encloses addr or CS:EIP M addr Ln dest Move memory data O Output to 16-bit I/O port P =saddr cnt Trace over procedures starting at saddr for count instructions N Suppress register display T Temporarily remove debugger trap handlers Q Quit the Dump Formatter R reg/flag Display/Alter register or F EF MSW CR0 RT Toggle terse/verbose S addr Ln val,... Search memory value list or "string" Page 2 Kernel Debugger Reference (kdebug.dwp) May 30, 2009 T =saddr cnt Trace into procedures from addr for count instructions X Trace into unsafe code N Suppress register display T Trace through debugger trap vector handlers T =saddr bpaddr Trace from saddr until bpaddr reached A Trace all instructions C Count instructions S With special counting U addr Ln Unassemble Ln instructions at addr V int/* Trap Vector commands... L List active KDB trap and interrupt vectors S (set) Active KDB exception handlers for ring 2/3 traps T (trap) Activate KDB exception handlers for all rings C (clear) Restore system exception handler R Apply to real-mode exceptions only V Apply to V86-mode exceptions only P Apply to protect-mode exceptions only F Apply to fatal exceptions only U Intercept process fatal exceptions before process terminated N Beep on exception W map/sym-file/* Add/remove symbol map A Add map L List loaded modules (deprecated, .LM is better) R Remove map Y Set Kernel Debugger options Z Run default command ZL List default command ZS "cmd;..." Set default command, quote if contains white REXX Interface %rexxscriptname Run named script Per slot PS <;cmd> ..... are any valid parameters where @TCB, @PTDA and @TSD are substituted with their corresponding linear addresses @DISP is the scheduler's ESP relative to the TSD N.B @DISP is only defined when page table entries are present for TSD Run chain RUNCHAIN link(,) stopvalue() chain() exec() print() address df 'CMD' Page 3 Kernel Debugger Reference (kdebug.dwp) May 30, 2009 External commands: .? Display external command help .A Display the SAS structure .B speed port Set speed and port (COMx), default is COM1 9600t .C Display the Common ABIOS Data Area .D tbl addr Display tbl at addr, default is ds:0 SFT System File Table VPB Volume Parameter Block DPB Drive Parameter Block CDS Current Directory Structure KSEM Kernel Semaphore. DEV Device driver header REQ Device driver request packet MFT Master File Table entry BUF File system I/O buffer BPB BIOS Parameter Block SEM32 32-bit semaphore. MUXQ Mutex semaphore wait queue OPENQ 32-bit semaphore open queue .DL */#/procnum Display spin locks .DP */#/procnum Display SMP per processor info .DP num Select processor context (0..n) .H Display Dump File Header .I Swap in Storage (KDB) T Swap in TSD B addr Reinstate BPs D addr Allow page in request by daemon .I Swap in Storage (KDB) T Swap in TSD B slot D slot .I Display Dump State (DF) .K[SB] slot Display Ring 3 stack for slot .LM hmte/addr/name Format Loader structures (MTE, OTE, STE) "basename" !drivername O All objects I Installable File System Driver modules L Dynamic Link Library modules P Physical Device Drivers modules V Virtual Device Drivers modules X Executable modules (.EXE) .MA maddr/har/laddr Ln Format Memory Arena records (VMAR) A Match all contexts (implies M option) B In-use (busy) records C Chained memory structures. F Free arena records. H Follow the arena hash chain pointer L Follow the arena forward (left) chain pointer M Search for VMARs (in all contexts) that enclose maddr or current CS:EIP R Follow the arena backward (right) chain pointer .MC hco/laddr Ln Format Memory Context Records (VMCO) B In-use (busy) alias records C Chained context records F Free alias records Page 4 Kernel Debugger Reference (kdebug.dwp) May 30, 2009 .MK hob Ln Format Memory Lock Information Records (VMLI) .ML hal/laddr Ln Format Memory Alias Records (VMAL) B In-use (busy) alias records C Chained memory structures F Free alias records .MO maddr Format Memory Object Records (VMOB) V Verbose display M Search for pseudo-object matching maddr .MO hob/laddr Ln Format Memory Object Records (VMOB) V Verbose display B In-use (busy) object records C Chained memory structures F Free object records M Search for pseudo-object matching maddr N Normal object records only. P Include pseudo-object records S Select objects whose memory management semaphore is busy or wanted. .MP frame/laddr Ln Format Memory Page Frame Tables B In-use (busy) Page Frame Structures F Display free Page Frame Structures I Display idle Page Frame Structures L Follow left (forward) chain pointer R Follow right (backward) chain pointer .MV vpid/laddr Ln Format Memory Virtual Frame Tables B In-use (busy) Virtual Page Structures F Free Page Frame Structures L Follow left (forward) chain pointer R Follow right (backward) chain pointer .N Display Dump Header Information .O Override default behavior .P */#/slot Display Process and Thread Status Information * = current # = default (.S) B Blocked processes Q Scheduler Thread Queuing information U Process and Thread User Space Information .R */#/slot Display ring 2/3 registers .REBOOT Reboot system under test .S */#/slot Set/display default thread slot (i.e. #) S Set ESP, EBP, SS, CS and EIP registers to match Dispatcher .SYSDUMP Force System Dump and Restart the System .T Format System Trace Buffer Page 5 Kernel Debugger Reference (kdebug.dwp) May 30, 2009 Precedence of operators, separators and built-in functions: 1. ( ) 2. | : 3. & # % %% _ ! NOT SEG OFF BY WO DW POI PORT WPORT 4. * / MOD 5. + - 6. > < >= <= 7. == != 8. AND XOR OR 9. && || Arithmetic operators: * Multiplication / Integer division MOD Modulo or remainder operator + Addition - Subtraction AND Bitwise AND XOR Bitwise exclusive OR OR Bitwise OR NOT Bitwise ones complement _ Bitwise Twos complement (underscore) Boolean operators: > Greater than < Less than >= Greater than or equals == Logical equality != Logical inequality && Logical AND || Logical OR ! Logical negation Built-in functions that operate on a single expression operand: SEG Returns the segment or selector portion of an address that resolves to either a &segment:offset or #selector:offset form. OFF Returns the offset of an address the resolves to either a &segment:offset or #selector:offset form. BY Returns one byte from an address location. WO Returns one word from an address location. DW Returns one double word from an address location. POI Returns double word far pointer (selector:offset or segment:offset address) from addressed location. The low order word treated as the offset. The high order word is treated as a selector or segment based, depending on the default addressing mode. PORT Returns one byte from an 8-bit I/O port address. WPROT Returns one word from a 16-bit I/O port address. Page 6 Kernel Debugger Reference (kdebug.dwp) May 30, 2009 Address element separators: & Segment prefix # Selector prefix % Linear address prefix %% Physical address prefix : A segment/offset address separator. | Thread slot number qualifier. Address formats: Real &segment:offset Protected #selector:offset (16:16, 0:32) Linear %dword Physical %%dword Numeric values: nnnnnnY Binary number nnnnnn. nnnnnnO Octal number nnnnnn. nnnnnnQ Alternative notation for octal number nnnnnn, nnnnnnT Decimal number nnnnnn. nnnnnnH Hexadecimal number nnnnnn. Built-in register mnemonics: 16-bit registers ax, bx, cx, dx, si, di, bp, ip, pc 32-bit registers eax, ebx, ecx, edx, esi, edi, ebp, eip Segment registers cs, ds, es, fs, gs, ss Flag registers flg, eflg Control registers cr0, cr2, cr3 GDTR registers gdtb, gdtl IDTR registers idtb, idtl Task control registers tr, ldtr, msw Debug registers dr0, dr1, dr2, dr3, dr4, dr5, dr6 Test registers tr6, tr7 Page 7 Kernel Debugger Reference (kdebug.dwp) May 30, 2009 Command prompts: > Suspended in real mode. # Suspended in protect mode with paging disabled. - Suspended in V86 mode with paging disabled. ## Suspended in protect mode with paging enabled. -- Suspended in V86 mode with paging enabled. Key responses: Ctrl-C Unless the system is in a disabled state, at any time, will immediately suspend normal system execution and switch to command mode. r-key If held down at system initialization time will switch to command mode shortly after the OS2KRNL has entered real-mode for the first time. At this time no symbols have been loaded, paging has never been enabled and the KDB.INI file has not been processed. p-key If held down at system initialization time will switch to command mode shortly after the OS2KRNL has entered protect-mode for the first time. No symbols have been loaded, paging is disabled and KDB.INI has not been processed. Space-bar If held down at system initialization time will switch to command mode shortly after the OS2KRNL has entered protect-mode and is fully initialized. OS2KRNL symbols have been loaded and paging is enabled but KDB.INI has not been processed.