The d (display bytes), dw (display words), and dd (display double words) subcommands can be used to dump memory areas starting at a specified effective address. Access is done in real mode.
The dp (display bytes), dpw (display words), and dpd (display double words) subcommands can be used to dump memory areas starting at a specified real address.
d symbol | EffectiveAddress [count]
dw symbol | EffectiveAddress [count]
dd symbol | EffectiveAddress [count]
dp symbol | PhysicalAddress [count]
dpw symbol | PhysicalAddress [count]
dpd symbol | PhysicalAddress [count]
Aliases:
The display memory subcommands allow read or write access in virtual or real mode, using either an effective address or a real address as input:
The count argument can be used to specify the amount of data to be displayed. If no count is specified, 16 bytes of data is displayed.
Any of the display subcommands can be continued from the last address displayed by using the Enter key.
KDB(0)> d utsname 40 print utsname byte per byte utsname+000000: 4149 5820 0000 0000 0000 0000 0000 0000 AIX............. utsname+000010: 0000 0000 0000 0000 0000 0000 0000 0000 ................ utsname+000020: 3030 3030 3030 3030 4130 3030 0000 0000 00000000A000.... utsname+000030: 0000 0000 0000 0000 0000 0000 0000 0000 ................ KDB(0)> <CR/LF> repeat last command utsname+000040: 3100 0000 0000 0000 0000 0000 0000 0000 1............... utsname+000050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ utsname+000060: 3400 0000 0000 0000 0000 0000 0000 0000 4............... utsname+000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................ KDB(0)> <CR/LF> repeat last command utsname+000080: 3030 3030 3030 3030 4130 3030 0000 0000 00000000A000.... utsname+000090: 0000 0000 0000 0000 0000 0000 0000 0000 ................ xutsname+000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ devcnt+000000: 0000 0100 0000 0000 0001 239C 0001 23A8 ..........#...#. KDB(0)> dw utsname 10 print utsname word per word utsname+000000: 41495820 00000000 00000000 00000000 AIX............. utsname+000010: 00000000 00000000 00000000 00000000 ................ utsname+000020: 30303030 30303030 41303030 00000000 00000000A000.... utsname+000030: 00000000 00000000 00000000 00000000 ................ KDB(0)> tr utsname find utsname physical address Physical Address = 00027E98 KDB(0)> dp 00027E98 40 print utsname using physical address 00027E98: 4149 5820 0000 0000 0000 0000 0000 0000 AIX............. 00027EA8: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00027EB8: 3030 3030 3030 3030 4130 3030 0000 0000 00000000A000.... 00027EC8: 0000 0000 0000 0000 0000 0000 0000 0000 ................ KDB(0)> dpw 00027E98 print utsname using physical address 00027E98: 41495820 00000000 00000000 00000000 AIX............. KDB(0)>
The ddvb, ddvh, ddvw and ddvd subcommands can be used to access these areas in translated mode, using an effective address already mapped. On a 64-bit machine, double words correctly aligned are accessed (ddvd) in a single load (ld) instruction.
The ddpb, ddph, ddpw and ddpd subcommands can be used to access these areas in translated mode, using a physical address that will be mapped. On a 64-bit machine, double words correctly aligned are accessed (ddpd) in a single load (ld) instruction. DBAT interface is used to translate this address in cache inhibited mode.
ddvb EffectiveAddress [count]
ddvh EffectiveAddress [count]
ddvw EffectiveAddress [count]
ddvd EffectiveAddress [count]
ddpd PhysicalAddress [count]
ddph PhysicalAddress [count]
ddpw PhysicalAddress [count]
Aliases:
I/O space memory (Direct Store Segment (T=1)) can not be accessed when translation is disabled. bat mapped areas must also be accessed with translation enabled, else cache controls are ignored.
Access can be done in bytes, half words, words or double words.
KDB(0)> tr fff19610 show current mapping BAT mapping for FFF19610 DBAT0 FFC0003A FFC0005F bepi 7FE0 brpn 7FE0 bl 001F v 1 wim 3 ks 1 kp 0 pp 2 s 0 eaddr = FFC00000, paddr = FFC00000 size = 4096 KBytes KDB(0)> ddvb fff19610 10 print 10 bytes using data relocate mode enable FFF19610: 0041 96B0 6666 CEEA 0041 A0B0 0041 AAB0 .A..ff...A...A.. KDB(0)> ddvw fff19610 4 print 4 words using data relocate mode enable FFF19610: 004196B0 76763346 0041A0B0 0041AAB0 KDB(0)>
KDB(0)> ddpw 80000cfc print one word at physical address 80000cfc 80000CFC: D0000080 Read is done in relocated mode, cache inhibited KDB(0)>
The display code subcommands, dc and dpc are used to decode instructions. The address argument for the dc subcommand is an effective address. The address argument for the dpc subcommand is a physical address.
dc symbol | EffectiveAddress [count]
dpc PhysicalAddress [count]
Aliases:
KDB(0)> set 4 power_pc_syntax is true KDB(0)> dc resume_pc 10 prints 10 instructions .resume_pc+000000 lbz r0,3454(0) 3454=Trconflag .resume_pc+000004 mfsprg r15,0 .resume_pc+000008 cmpi cr0,r0,0 .resume_pc+00000C lwz toc,4208(0) toc=TOC,4208=g_toc .resume_pc+000010 lwz r30,4C(r15) .resume_pc+000014 lwz r14,40(r15) .resume_pc+000018 lwz r31,8(r30) .resume_pc+00001C bne- cr0.eq,<.resume_pc+0001BC> .resume_pc+000020 lha r28,2(r30) .resume_pc+000024 lwz r29,0(r14) KDB(0)> dc mttb 5 prints mttb function .mttb+000000 li r0,0 .mttb+000004 mttbl X r0 X shows that these instructions .mttb+000008 mttbu X r3 are not supported by the current architecture .mttb+00000C mttbl X r4 POWER PC 601 processor .mttb+000010 blr KDB(0)> set 4 set toggle for POWER family RS syntax power_pc_syntax is false KDB(0)> dc resume_pc 10 prints 10 instructions .resume_pc+000000 lbz r0,3454(0) 3454=Trconflag .resume_pc+000004 mfspr r15,110 .resume_pc+000008 cmpi cr0,r0,0 .resume_pc+00000C l toc,4208(0) toc=TOC,4208=g_toc .resume_pc+000010 l r30,4C(r15) .resume_pc+000014 l r14,40(r15) .resume_pc+000018 l r31,8(r30) .resume_pc+00001C bne cr0.eq,<.resume_pc+0001BC> .resume_pc+000020 lha r28,2(r30) .resume_pc+000024 l r29,0(r14) KDB(4)> dc scdisk_pm_handler .scdisk_pm_handler+000000 stmw r26,FFFFFFE8(stkp) KDB(4)> tr scdisk_pm_handler Physical Address = 1D7CA1C0 KDB(4)> dpc 1D7CA1C0 1D7CA1C0 stmw r26,FFFFFFE8(stkp)
The di subcommand is used to decode the given hexadecimal instruction word. The hexadecimal instruction word displays the actual instruction, with the opcode and the operands, of the given hexadecimal instruction. That is, the di subcommand accepts a user input hexadecimal instruction word and decodes it into the actual instruction word in the form of the opcode and the operands.
di hexadecimal_instruction
KDB(0)> di 7Ce6212e stwx r7,r6,r4 KDB(0)>
The display registers subcommand can be used to display general purpose, segment, special, or floating point registers. Individual registers can also be displayed. The current context is used to locate the values to display. The switch subcommand can be used to change context to other threads. For more information see sw Subcommand.
dr [gp | sr | sp | fp | reg_name]
If no argument is given, the general purpose registers are displayed. If an invalid register name is specified, a list of all of the register names is displayed.
For BAT registers, the dbat and ibat subcommands must be used. FOr more information, see bat/Block Address Translation Subcommands.
KDB(0)> dr ? print usage is not a valid register name Usage: dr [sp|sr|gp|fp|<reg. name>] sp reg. name: iar msr cr lr ctr xer mq tid asr ............. dsisr dar dec sdr0 sdr1 srr0 srr1 dabr rtcu rtcl ............. tbu tbl sprg0 sprg1 sprg2 sprg3 pir fpecr ear pvr ............. hid0 hid1 iabr dmiss imiss dcmp icmp hash1 hash2 rpa ............. buscsr l2cr l2sr mmcr0 mmcr1 pmc1 pmc2 pmc3 pmc4 pmc5 ............. pmc6 pmc7 pmc8 sia sda sr reg. name: s0 s1 s2 s3 s4 s5 s6 s7 s8 s9 ............. s10 s11 s12 s13 s14 s15 gp reg. name: r0 r1 r2 r3 r4 r5 r6 r7 r8 r9 ............. r10 r11 r12 r13 r14 r15 r16 r17 r18 r19 ............. r20 r21 r22 r23 r24 r25 r26 r27 r28 r29 ............. r30 r31 fp reg. name: f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 ............. f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 ............. f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 ............. f30 f31 fpscr KDB(0)> dr print general purpose registers r0 : 00003730 r1 : 2FEDFF88 r2 : 00211B6C r3 : 00000000 r4 : 00000003 r5 : 007FFFFF r6 : 0002F930 r7 : 2FEAFFFC r8 : 00000009 r9 : 20019CC8 r10 : 00000008 r11 : 00040B40 r12 : 0009B700 r13 : 2003FC60 r14 : DEADBEEF r15 : 00000000 r16 : DEADBEEF r17 : 2003FD28 r18 : 00000000 r19 : 20009168 r20 : 2003FD38 r21 : 2FEAFF3C r22 : 00000001 r23 : 2003F700 r24 : 2FEE02E0 r25 : 2FEE0000 r26 : D0005454 r27 : 2A820846 r28 : E3000E00 r29 : E60008C0 r30 : 00353A6C r31 : 00000511 KDB(0)> dr sp print special registers iar : 10001C48 msr : 0000F030 cr : 28202884 lr : 100DAF18 ctr : 100DA1D4 xer : 00000003 mq : 00000DF4 dsisr : 42000000 dar : 394A8000 dec : 007DDC00 sdr1 : 00380007 srr0 : 10001C48 srr1 : 0000F030 dabr : 00000000 rtcu : 2DC05E64 rtcl : 2E993E00 sprg0 : 000A5740 sprg1 : 00000000 sprg2 : 00000000 sprg3 : 00000000 pid : 00000000 fpecr : 00000000 ear : 00000000 pvr : 00010001 hid0 : 8101FBC1 hid1 : 00004000 iabr : 00000000 KDB(0)> dr sr print segment registers s0 : 60000000 s1 : 60001377 s2 : 60001BDE s3 : 60001B7D s4 : 6000143D s5 : 60001F3D s6 : 600005C9 s7 : 007FFFFF s8 : 007FFFFF s9 : 007FFFFF s10 : 007FFFFF s11 : 007FFFFF s12 : 007FFFFF s13 : 60000A0A s14 : 007FFFFF s15 : 600011D2 KDB(0)> dr fp print floating point registers f0 : C027C28F5C28F5C3 f1 : 000333335999999A f2 : 3FE3333333333333 f3 : 3FC9999999999999 f4 : 7FF0000000000000 f5 : 00100000C0000000 f6 : 4000000000000000 f7 : 000000009A068000 f8 : 7FF8000000000000 f9 : 00000000BA411000 f10 : 0000000000000000 f11 : 0000000000000000 f12 : 0000000000000000 f13 : 0000000000000000 f14 : 0000000000000000 f15 : 0000000000000000 f16 : 0000000000000000 f17 : 0000000000000000 f18 : 0000000000000000 f19 : 0000000000000000 f20 : 0000000000000000 f21 : 0000000000000000 f22 : 0000000000000000 f23 : 0000000000000000 f24 : 0000000000000000 f25 : 0000000000000000 f26 : 0000000000000000 f27 : 0000000000000000 f28 : 0000000000000000 f29 : 0000000000000000 f30 : 0000000000000000 f31 : 0000000000000000 fpscr : BA411000 KDB(0)> dr ctr print CTR register ctr : 100DA1D4 100DA1D4 cmpi cr0,r3,E7 r3=2FEAB008 KDB(0)> dr msr print MSR register msr : 0000F030 bit set: EE PR FP ME IR DR KDB(0)> dr cr cr : 28202884 bits set in CR0 : EQ ..............................CR1 : LT ..............................CR2 : EQ ..............................CR4 : EQ ..............................CR5 : LT ..............................CR6 : LT ..............................CR7 : GT KDB(0)> dr xer print XER register xer : 00000003 comparison byte: 0 length: 3 KDB(0)> dr iar print IAR register iar : 10001C48 10001C48 stw r12,4(stkp) r12=28202884,4(stkp)=2FEAAFD4 KDB(0)> set 11 enable 64 bits display on 620 machine 64_bit is true KDB(0)> dr display 620 general purpose registers r0 : 0000000000244CF0 r1 : 0000000000259EB4 r2 : 000000000025A110 r3 : 00000000000A4B60 r4 : 0000000000000001 r5 : 0000000000000001 r6 : 00000000000000F0 r7 : 0000000000001090 r8 : 000000000018DAD0 r9 : 000000000015AB20 r10 : 000000000018D9D0 r11 : 0000000000000000 r12 : 000000000023F05C r13 : 00000000000001C8 r14 : 00000000000000BC r15 : 0000000000000040 r16 : 0000000000000040 r17 : 00000000080300F0 r18 : 0000000000000000 r19 : 0000000000000000 r20 : 0000000000225A48 r21 : 0000000001FF3E00 r22 : 00000000002259D0 r23 : 000000000025A12C r24 : 0000000000000001 r25 : 0000000000000001 r26 : 0000000001FF42E0 r27 : 0000000000000000 r28 : 0000000001FF4A64 r29 : 0000000001FF4000 r30 : 00000000000034CC r31 : 0000000001FF4A64 KDB(0)> dr sp display 620 special registers iar : 000000000023F288 msr : 0000000000021080 cr : 42000440 lr : 0000000000245738 ctr : 0000000000000000 xer : 00000000 mq : 00000000 asr : 0000000000000000 dsisr : 42000000 dar : 00000000000000EC dec : C3528E2F sdr1 : 01EC0000 srr0 : 000000000023F288 srr1 : 0000000000021080 dabr : 0000000000000000 tbu : 00000002 tbl : AF33287B sprg0 : 00000000000A4C00 sprg1 : 0000000000000040 sprg2 : 0000000000000000 sprg3 : 0000000000000000 pir : 0000000000000000 ear : 00000000 pvr : 00140201 hid0 : 7001C080 iabr : 0000000000000000 buscsr : 00000000008DC800 l2cr : 000000000000421A l2sr : 0000000000000000 mmcr0 : 00000000 pmc1 : 00000000 pmc2 : 00000000 sia : 0000000000000000 sda : 0000000000000000 KDB(0)>
KDB(0)> ddpw 80000cfc print one word at physical address 80000cfc 80000CFC: D0000080 Read is done in relocated mode, cache inhibited KDB(0)>
The find and findp subcommands can be used to search for a specific pattern in memory. The find subcommand requires an effective address for the address argument, whereas the findp subcommand requires a real address.
find symbol | EffectiveAddress pattern [mask | delta]
findp PhysicalAddress pattern [mask | delta]
The pattern that is searched for can either be an ASCII string, if the -s option is used, or a one word hex value. If the search is for an ASCII string the period (.) can be used to match any character.
A mask argument can be used if the search is for a hex value. The mask is used to eliminate bits from consideration. When checking for matches, the value from memory is ended with the mask and then compared to the specified pattern for matching. For example, a mask of 7fffffff would indicate that the high bit is not to be considered. If the specified pattern was 0000000d and the mask was 7fffffff the values 0000000d and 8000000d would both be considered matches.
An argument can also be specified to indicate the delta to be applied to determine the next address to be checked for a match. This allows ensuring that the matching pattern occur on specific boundaries. For example, if it is desired to find the pattern 0f0000ff aligned on a 64-byte boundary the following subcommand could be used:
find 0f0000ff ffffffff 40
The default delta is one byte for matching stings (-s option) and one word for matching a specified hex pattern.
The -s option can be used to enter string of characters. The period (.) is used to match any character.
If the find or findp subcommands find the specified pattern, the data and address are displayed. The search can then be continued starting from that point by using the Enter key.
KDB(0)> tpid print current thread SLOT NAME STATE TID PRI CPUID CPU FLAGS WCHAN thread+002F40 63*nfsd RUN 03F8F 03C 000 00000000 KDB(0)> find lock_pinned 03F8F 00ffffff 20 search TID in the lock area compare only 24 low bits, on cache aligned addresses (delta 0x20) lock_pinned+00D760: 00003F8F 00000000 00000005 00000000 KDB(0)> <CR/LF> repeat last command Invalid address E800F000, skip to (^C to interrupt) ............... E8800000 Invalid address E8840000, skip to (^C to interrupt) ............... E9000000 Invalid address E9012000, skip to (^C to interrupt) ............... F0000000 KDB(0)> findp 0 E819D200 search in physical memory 00F97C7C: E819D200 00000000 00000000 00000000 KDB(0)> <CR/LF> repeat last command 05C4FB18: E819D200 00000000 00000000 00000000 KDB(0)> <CR/LF> repeat last command 0F7550F0: E819D200 00000000 E60009C0 00000000 KDB(0)> <CR/LF> repeat last command 0F927EE8: E819D200 00000000 05E62D28 00000000 KDB(0)> <CR/LF> repeat last command 0FAE16E8: E819D200 00000000 05D3B528 00000000 KDB(0)> <CR/LF> repeat last command kdb_get_real_memory: Out of range address 1FFFFFFF KDB(0)>
KDB(0)>find -s 01A86260 pse search "pse" in pse text code 01A86ED4: 7073 655F 6B64 6200 8062 0518 8063 0000 pse_kdb..b...c.. KDB(0)> <CR/LF> repeat last command 01A92952: 7073 6562 7566 6361 6C6C 735F 696E 6974 psebufcalls_init KDB(0)> <CR/LF> repeat last command 01A939AE: 7073 655F 6275 6663 616C 6C00 0000 BF81 pse_bufcall..... KDB(0)> <CR/LF> repeat last command 01A94F5A: 7073 655F 7265 766F 6B65 BEA1 FFD4 7D80 pse_revoke....}. KDB(0)> <CR/LF> repeat last command 01A9547E: 7073 655F 7365 6C65 6374 BE41 FFC8 7D80 pse_select.A..}. KDB(0)> find -s 01A86260 pse_....._thread how to use '.' 01A9F586: 7073 655F 626C 6F63 6B5F 7468 7265 6164 pse_block_thread KDB(0)> <CR/LF> repeat last command 01A9F6EA: 7073 655F 736C 6565 705F 7468 7265 6164 pse_sleep_thread
The ext and extp subcommands can be used to display a specific area from a structure. If an array exists, it can be traversed displaying the specified area for each entry of the array. These subcommands can also be used to traverse a linked list displaying the specified area for each entry.
ext symbol EffectiveAddress delta [size | count]
extp
For the ext subcommand the Address argument specifies an effective address. For the extp subcommand the address argument specifies a physical address.
If the -p flag is not specified, these subcommands display the number of words indicated in the size argument. They then increment the address by the delta and display the data at that location. This procedure is repeated for the number of times indicated in the count argument.
If the -p flag is specified, these subcommands display the number of words indicated in the size argument. The next address from which data is to be displayed is then determined by using the value at the current address plus the offset indicated in the delta argument (for example, *(addr+delta)). This procedure is repeated for the number of times indicated in the count argument.
(0)> ext thread+7c 0000C0 1 20 extract scheduler information from threads thread+00007C: 00021001 .... thread+00013C: 00024800 ..H. thread+0001FC: 00007F01 .... thread+0002BC: 00017F01 .... thread+00037C: 00027F01 .... thread+00043C: 00037F01 .... thread+0004FC: 00021001 .... thread+0005BC: 00012402 ..$. thread+00067C: 00002502 ..%. thread+00073C: 00002502 ..%. thread+0007FC: 00002502 ..%. thread+0008BC: 00032502 ..%. thread+00097C: 00002502 ..%. thread+000A3C: 00033C00 ..<. ... KDB(0)> extp 0 4000000 4 100 extract memory using real address 00000000: 00000000 00000000 00000000 00000000 ................ 04000000: 00004001 00000000 00000000 00000000 ..@............. 08000000: 00008001 00000000 00000000 00000000 ................ 0C000000: D0071128 F010EA08 F010EA68 F010F028 ...(.......h...( 10000000: 00000000 00000000 00000000 00000000 ................ 14000000: 746C2E63 2C206C69 62636673 2C20626F tl.c, libcfs, bo 18000000: 20005924 0000031D 20001B04 20005924 .Y$.... ... .Y$ 1C000000: 000C000D 000E000F 00100011 00120013 ................ 20000000: kdb_get_real_memory: Out of range address 20000000
The -p option specifies that delta is offset of the field giving the next address. A list can be printed by this way.
(0)> ext -p proc+500 14 8 10 print siblings of a process
proc+000500: 07000000 00000303 00000000 00000000 ................
proc+000510: 00000000 E3000400 E3000500 00000000 ................
proc+000400: 07000000 00000303 00000000 00000000 ................
proc+000410: 00000000 E3000300 E3000400 00000000 ................
proc+000300: 07000000 00000303 00000000 00000000 ................
proc+000310: 00000000 E3000200 E3000300 00000000 ................
proc+000200: 07000000 00000303 00000000 00000000 ................
proc+000210: 00000000 00000000 E3000200 00000000 ................