kdbx - Analyzes running kernels and dump files
/usr/bin/kdbx [-dbx dbx-path] -k [dbx-flags] object-file
[core-file]
The kdbx debugger is a crash analysis and kernel debugging
tool; it is an interactive program that serves as a frontend
to the dbx debugger. The kdbx debugger is extensible,
customizable, and insensitive to changes of offsets and
sizes of fields in structures. The only dependencies on
kernel header files are for bit definitions in flag
fields.
The kdbx debugger lets you examine either the running kernel
or dump files created by the savecore command. In
either case, you examine an object file and a core file.
For running systems, these files are usually /vmunix and
/dev/mem, respectively. Dump files created by savecore
are saved in the directory specified by the
/sbin/init.d/savecore script. By default, the directory is
/var/adm/crash.
The kdbx debugger has facilities for interpreting various
symbols and data structures. It can format and display
the symbols and data structures in the following ways: In
a predefined form as specified in the modules that currently
accompany the kdbx debugger As defined in userwritten
source code modules according to a standardized
format for the contents of the kdbx modules
All dbx commands are available through kdbx using the dbx
flag to kdbx.
Defaults [Toc] [Back]
If you do not specify a core file, kdbx uses the dbx
default of /dev/mem. Therefore, you can use kdbx with
/vmunix as its only argument to examine an active system.
In general, kdbx assumes that addresses are specified in
hexadecimal in commands that perform input or output.
When you begin a debugging session, kdbx executes the commands
in the system initialization file /var/kdbx/SYSTEM.kdbxrc.
The initialization file contains setup commands
and alias definitions. The Aliases section lists the
aliases defined in this file. You can further customize
the kdbx environment by adding commands and aliases to one
of the following initialization files: Contains customized
commands and alias definitions for a particular system.
Contains customized commands and alias definitions for a
specific user. Contains customized commands and alias
definitions for a specific project. This file must reside
in the current working directory when kdbx is invoked.
Invocation [Toc] [Back]
To use kdbx to examine a running system, issue the following
kdbx command: # kdbx -k /vmunix /dev/mem dbx version
3.11.1 Type 'help' for help.
stopped at [thread_block:1403 ,0xfffffc000032e3c0]
Source not available (kdbx)
To use kdbx to examine an object file and core file created
by the savecore utility, issue a kdbx command like
the following one: # kdbx -k /usr/adm/crash/vmunix.1
/usr/adm/crash/dev/vmcore.1 dbx version 3.11.1 Type 'help'
for help.
stopped at [thread_block:1403 ,0xfffffc000032e3c0]
Source not available (kdbx)
In this case, the version number in the bounds file is
one.
Commands [Toc] [Back]
The kdbx debugger provides the following commands: Sets or
displays aliases. If you specify the alias command without
arguments, kdbx displays all aliases. If you specify
only the variable name, the command displays the alias for
name, if one exists. If you specify both name and commandstring,
name is established as an alias for commandstring.
Sets the context to user's aliases or extension's
aliases. This command is used only by extensions. Dumps,
in hexadecimal, the contents of the core file starting at
start-address and ending before end-address. Passes the
variable command-string to dbx. Specifying dbx is
optional; if the command is not recognized by kdbx, it is
passed to dbx automatically. See the dbx(1) reference
page for a complete description of the dbx commands. Displays
help text. Executes an extension and gives it control
of the kdbx session until it quits. The variable
extension specifies the named extension file and passes it
arguments as specified by the arg variables. Valid proc
flags are as follows: Causes I/O to and from the extension
to be displayed on the screen. Used in conjunction with
the dbx debugger for debugging extensions. The file inpipe
takes output from the dbx session and directs it as
input to the kdbx session. The file out-pipe takes output
from the kdbx session and directs it as input to the dbx
session. Causes the output of the procedure to be sent to
the invoker of the procedure without interpretation as
kdbx commands. Used by extensions that execute other
extensions to receive the output from the called extension
instead of the user receiving it. Causes kdbx to talk to
the subprocess through a tty line instead of pipes. If
you also specify the -pipe flag, proc ignores it. Displays
string on the terminal. If this command is used by
an extension, the extension receives no output. Exits the
current command loop. If the current command loop is the
top level loop that the user is using, kdbx exits. Otherwise,
control is given to the next lowest loop. Reads and
interprets files as kdbx commands in the context of the
current aliases. The -x flag causes commands to be displayed
as they are executed. Removes an alias, if any,
from name.
Predefined kdbx Aliases [Toc] [Back]
The following aliases are defined in the kdbx startup file
/var/kdbx/system.kdbxrc:
-------------------------------------------------------------------
Alias Definition
-------------------------------------------------------------------
arp "proc" arp
array_action "proc" array_action
buf "proc" buf
buf_action list_action "struct buf *" b_forw buf buf
callout_action list_action "struct callout *" c_next 0 callout
cast "proc" cast
convert "proc" convert
config "proc" config
dis "proc" dis
echo "proc" echo
export "proc" export
fields "proc" fields
file "proc" file
h help
inpcb_action list_action "struct inpcb *" inp_next
list_action "proc" list_action
mount_action list_action "struct mount *" m_next rootfs rootfs
mount "proc" mount
namecache "proc" namecache
ofile "proc" ofile
paddr "proc" paddr
pcb "proc" pcb
pr "proc"
printf "proc" printf
proc "proc" proc
procaddr "proc" procaddr
procp "proc" -pipe /tmp/pipein /tmp/pipeout
procpd "proc" -debug -pipe /tmp/pipein /tmp/pipeout
proc_action list_action "struct proc *" p_nxt 0 allproc
ps "dbx" kps
sh "proc" -print_output -tty
socket "proc" socket
sum "proc" sum
swap "proc" swap
task "proc" task
thread "proc" thread
u "proc" u
ucred "proc" ucred
unaliasall "proc" unaliasall
vnode "proc" vnode
-------------------------------------------------------------------
Extensions [Toc] [Back]
For extensions that display addresses as part of their
output, some use a shorthand notation for the upper
32-bits of an address to keep the output readable. The
following table lists the notation for each address type.
-----------------------------------------------------------
Notation Address Type Replaces Example
-----------------------------------------------------------
v virtual ffffffff v0x902416f0
k kseg fffffc00 k0x363076f4
u user space 00000000 u0x86406200
? Unrecognized or random ?0x0033aa24
type
-----------------------------------------------------------
The extensions available to kdbx are as follows: Displays
the contents of the address resolution protocol (arp)
table. If you specify the optional hyphen (-), arp displays
the entire arp table; otherwise, arp displays those
entries that have nonzero at_iaddr.s_addr and at_flags
fields. Performs a command action on each element of an
array. This extension allows you to step through any array
in the operating system kernel and display specific components
or values as described in the list of command flags.
The arguments to the array_action extension are as follows:
The type of address of the array element. The number
of elements in the array. The address of the array. A
variable name or a number can be used to specify
start_address. The more common syntax or notation used to
refer to the start_address is usually of the form &arrayname[0].
Valid flags for the array_action extension are
as follows: If you specify the -head flag, kdbx displays
the next argument as the table header. If you specify the
-size flag, kdbx uses the next argument as the array element
size. Otherwise, kdbx calculates the size from the
element type. If you specify the -cond flag, kdbx uses
the next argument as a filter. The dbx debugger evaluates
the condition for each array element, and if it evaluates
to TRUE, takes the action on the array element. The same
substitutions that are applied to the command are applied
to the condition. The name of the kdbx or dbx command
that is to be performed on each element of the array.
Note that the kdbx debugger includes several
aliases, such as file_action, that might be easier
to use than directly using the array_action extension.
Substitutions similar to printf can be performed on
the command for each array element. The possible
substitutions are as follows:
%a Address of element
%c Cast of address to pointer to array element
%i Index of element within the array
%s Size of element
%t Type of pointer to element
Displays the buffer table. If no arguments are
specified, the buffers on the hash list are displayed.
If addresses are specified, the buffers at those
addresses are displayed. If you specify the -free
flag, kdbx displays all the buffers on the free
list. If you specify the -all flag, kdbx displays
buffers on the hash list first, followed by buffers
on the free list. Displays the callout table.
Forces dbx to display a piece of memory as a given
type. This extension is equivalent to dbx print
*((type)address). Displays the configuration of
the machine. Converts numbers from one base to
another. The -in and -out flags specify the input
and output bases, respectively. If you omit -in,
kdbx infers the input base from the arguments. The
arguments can be either numbers or variables. Displays
CPU use statistics on a per-CPU basis. If you
specify -update, kdbx updates the display every n
seconds. Disassembles some number of instructions
as specified in the num-instructions instructions
starting at start-address. If you omit the number
of instructions, kdbx disassembles one instruction.
Displays the exported entries that are mounted
remotely. Displays the file table. If no
addresses are specified, all file entries with
nonzero reference counts are displayed. Otherwise,
the file entries at the specified addresses are
displayed. Displays the udb and tcb tables. If no
arguments are specified, both tables are displayed.
If you specify either -udp or -tcp, kdbx displays
the corresponding table.
If addresses are specified, -udp and -tcp are
ignored and the entries at the specified addresses
are displayed. Performs some command on each element
of a linked list. This extension makes it
possible to walk through any linked list in the
operating system kernel and display particular components
while walking through the linked list. The
arguments to the list_action extension are as follows:
The type of address of an element in the
specified list. The name of the field that points
to the next element. The value of the next field
that terminates the list. If the list is NULL-terminated,
the value of end-addr is 0. If the list
is circular, the value of end-addr is equal to
start-addr. The address of a list. The address
can be specified as a variable name or a number.
Valid flags for the list_action extension are as
follows: If you specify the -head header flag, kdbx
displays the header argument as the table header.
If you specify -cond, the next arg is used as a
filter. The dbx debugger evaluates the condition
for each list element, and if it evaluates to true,
takes the action on the list element. The same
substitutions that are applied to the command are
applied to the condition. The kdbx or dbx command
to perform on each element of the list.
Note that kdbx includes several aliases, such as
file_action, that might be easier to use than
directly using the list_action extension.
Substitutions similar to printf substitutions are
performed on the command for each element. The
possible substitutions are as follows:
%a Address of element
%c Cast of address to pointer to list element
%i Index of element within the list
%n Name of next field
%t Type of pointer to element
Displays the static lock type information contained
in the lockinfo structures. This extension is
available only when the lockmode system attribute
is set to four. The -class flag allows you to display
information about a particular class of locks.
Displays statistics about locks recorded in the
lockstats structure. These statistics are dynamic.
This extension is available only when the lockmode
system attribute is set to four.
Statistics displayed include information about the
number of instances of a particular lock type, the
number of times processes tried to get a lock type,
the number of times processes tried and failed to
get a particular lock type and the amount of time
spent waiting for locks.
The flags for the lockstats extension are as follows:
Displays the lockstats structures of the
specified lock type Displays the lockstats structures
associated with the specified CPU Displays
the reads, sleeps attributes, and summary of time
spent waiting or number of misses Displays summary
data for all CPUs and all lock types Displays summary
data for all CPUs Updates the display every n
seconds Displays the mount table. The -s flag outputs
a short form of the table. If addresses are
specified, the mount entries at the specified
addresses are displayed. Displays the per-processor
namecache entries on the system. If no flags
are specified, namecache entries on the primary cpu
are displayed. The flags for the namecache extension
are as follows: Displays the list of flags,
usage information, and tips. Displays the list of
flags and usage information. Displays the namecache
entries of the global negative namecache
list. Displays the namecache entries, including
negative namecache entries. Displays the namecache
entries on the specified cpu. Displays the namecache
entries with the specified vpid. Displays
the namecache entries under the directory with the
specified dvpid. Displays the namecache entries
with the specified name.
For example, to see all the negative entries on
processor 1: kdbx> namecache -v 0 -p 1 -all
To see all the entries with the filename Makefile
on processor 2: kdbx> namecache -p 2 -n Makefile
Displays the state of the network interfaces. The
optional flags for the netstat extension are as
follows: Displays the IP and link-level addresses.
Displays timer information. Displays network
addresses in numeric formal. Displays the number
of dropped packets. Displays the files opened by
processes. If no arguments are specified, the
extension displays the files opened by each process.
If you specify either -proc address or -pid
pid, kdbx displays the open files of the given process.
The -v flag displays more information about
the open files. Converts a range of memory to symbolic
references. The argument address is the
starting address. The argument number-of-longwords
is the number of words to dump out. Displays the
process control block for a given thread at the
specified address. For integer and floating-point
registers, only nonzero contents are displayed.
Formats one argument at a time to work around the
dbx debugger's command length limitation. It also
implements the %s string substitution, which the
dbx printf command does not. The argument formatstring
specifies a character string combining literal
characters with conversion specifications.
Displays the process table. If addresses are specified,
the proc structures at the specified
addresses are displayed. Otherwise, all proc structures
are displayed. Converts the specified
address to a procedure name. Displays the route
and Address Resolution Protocol (ARP) tables. The
optional flags for the route extension are as follows:
Print addresses of data structures Print verbose
route or ARP tables. Display network
addresses in numeric format. Display route information
on all Resource Affinity Domains (RADs).
Display ARP tables. Displays the files that are
sockets with nonzero reference counts in the file
table. Displays a summary of the system. Displays
a summary of swap space. Displays the task structures
associated with the specified addresses. If
no addresses are specified, all tasks are displayed.
Displays information about the threads
associated with the specified addresses. If no
addresses are specified, all threads are displayed.
Displays the stack trace of one or more threads.
If you specify thread_address, the extension displays
the stack trace of the specified thread. If
you omit the argument and all the flags, trace displays
the stack trace of all threads. You can
specify the following flags: Display the stack
trace of the active thread on each CPU. Display
the stack trace of all kernel threads. Display the
stack trace of all user threads. Display all ucred
structures referenced by the buf structures. Display
all references to a given ucred structure.
Check the reference count of a particular ucred
structure. Check the reference count of all ucred
structures (mismatch marked by *). Displays a u
structure at the address proc-addr. Displays or
checks references to ucred structures. If no flags
are specified, this extension displays all references
to ucred structures on the system. Possible
flags are as follows: Display all ucred structures
referenced by the proc structures. Display all
ucred structures referenced by the uthread structures.
Display all ucred structures referenced by
the file structures. Display all ucred structures
referenced by the buf structures. Display all references
to a given ucred structure. Check the reference
count of a particular ucred structure.
Check the reference count of all ucred structures
(mismatch marked by *). Removes all aliases
including the predefined aliases described in the
Predefined kdbx Aliases section. Displays the
vnode table. If no arguments are specified, all
ACTIVE vnodes on the system are displayed. ACTIVE
means nonzero usecount or nonzero holdcnt. Possible
flags are listed as follows: Display INACTIVE
(both usecount and holdcnt are zeros) entries in
the vnode table. Display ALL (both ACTIVE and
INACTIVE) entries in the vnode table. Display all
UFS vnodes. Display all NFS vnodes. Display all
CDFS vnodes. Display vnode entries of a mounted
file system. Display vnode entries of a particular
user. Display vnode entries of a particular group.
Display related inode/rnode/cdnode information
(used with -ufs, -nfs, or -cdfs only).
Commands: dbx(1), savecore(8)
Kernel Debugging
Programmer's Guide
kdbx(8)
[ Back ] |
