Kernel Extensions and Device Support Programming Concepts

Modify Memory Subcommands

Note

Modify memory subcommands are specific to the KDB Kernel Debugger. They are not available in the kdb command.

m, mw, md, mp, mpw, and mpd Subcommands

The m (modify bytes), mw (modify words), and md (modify double words) subcommands can be used to modify memory starting at a specified effective address.

Note

These subcommands are only available within the KDB Kernel Debugger; they are not included in the kdb command.

Syntax

m symbol EffectiveAddress

mw symbol EffectiveAddress

md symbol EffectiveAddress

mp PhysicalAddress

mpw PhysicalAddress

mpd PhysicalAddress

Address - Specifies the starting address to be modified. This can either be a virtual (effective) or physical address. Symbols, hexadecimal values, or hexadecimal expressions can be used in specification of the address.

Read or write access can be in virtual or real mode, using an effective address or a real address as input:

m subcommands: real mode access with an effective address as argument.
mp subcommands: real mode access with a real address as argument.
mdv subcommands: virtual mode access with an effective address as argument.
mdp subcommands: virtual mode access with a real address as argument.

These subcommands are interactive; each modification is entered one by one. The first unexpected input stops modification. A period (.), for example, can be used as <eod>. The following example shows how to do a patch.

If a break point is set at the same address, use the mw subcommand to keep break point coherency.

Note

Symbolic expressions are not allowed as input.

Example

   KDB(0)> dc @iar print current instruction
   .open+000000    mflr    r0
   KDB(0)> mw @iar nop current instruction
   .open+000000:  7C0802A6  = 60000000
   .open+000004:  93E1FFFC  = . end of input
   KDB(0)> dc @iar print current instruction
   .open+000000     ori    r0,r0,0
   KDB(0)> m @iar restore current instruction byte per byte
   .open+000000:  60  = 7C
   .open+000001:  00  = 08
   .open+000002:  00  = 02
   .open+000003:  00  = A6
   .open+000004:  93  = . end of input
   KDB(0)> dc @iar print current instruction
   .open+000000    mflr    r0
   KDB(0)> tr @iar physical address of current instruction
   Physical Address = 001C5BA0
   KDB(0)> mwp 001C5BA0 modify with physical address
   001C5BA0:  7C0802A6  = <CR/LF>
   001C5BA4:  93E1FFFC  = <CR/LF>
   001C5BA8:  90010008  = <CR/LF>
   001C5BAC:  9421FF40  = 60000000
   001C5BB0:  83E211C4  = . end of input
   KDB(0)> dc @iar 5 print instructions
   .open+000000    mflr    r0
   .open+000004     stw    r31,FFFFFFFC(stkp)
   .open+000008     stw    r0,8(stkp)
   .open+00000C     ori    r0,r0,0
   .open+000010     lwz    r31,11C4(toc)       11C4(toc)=_open$$
   KDB(0)> mw open+c restore instruction
   .open+00000C:  60000000  = 9421FF40
   .open+000010:  83E211C4  = . end of input
   KDB(0)> dc open+c print instruction
   .open+00000C    stwu    stkp,FFFFFF40(stkp)
   KDB(0)>

mdvb, mdvh, mdvw, mdvd, mdpb, mdph, mdpw, mdpd Subcommands

The subcommands mdvb, mdvh, mdvw and mdvd can be used to access these areas in translated mode, using an effective address already mapped. On a 64-bit machine, double words correctly aligned are accessed (mdvd) in a single store instruction.

The subcommands mdpb, mdph, mdpw and mdpd can be used to access these areas in translated mode, using a physical address that will be mapped. On 64-bit machine, double words correctly aligned are accessed (mdpd) in a single store instruction. DBAT interface is used to translate this address in cache inhibited mode.

Note

These subcommands are only available within the KDB Kernel Debugger, they are not included in the kdb command.

Syntax

mdvb dev EffectiveAddress

mdvh dev EffectiveAddress

mdvw dev EffectiveAddress

mdvd dev EffectiveAddress

mdpb dev PhysicalAddress

mdph dev PhysicalAddress

mdpw dev PhysicalAddress

mdpd dev PhysicalAddress

Address - Specifies the address of the memory to modify. This can either be a virtual (effective) or physical address, dependent on the subcommand used. Symbols, hexadecimal values, or hexadecimal expressions can be used in specification of the address.

Aliases:

mdvb - miob
mdvh - mioh
mdvw - miow
mdvd - miod

These subcommands are available to write in I/O space memory. To avoid bad effects, memory is not read before, only the specified write is performed with translation enabled.

Access can be in bytes, half words, words or double words.

The Address attribute can be an effective address or a real address.

Note

The subcommands using effective addresses (mdv.) assume that mapping to real addresses is currently valid. No check is done by KDB. The subcommands using real addresses (mdp.) can be used to let KDB perform the mapping (attach and detach).

Example on PowerPC 601 RISC Microprocessor

Note

The PowerPC 601 RISC Microprocessor is only supported on AIX 5.1 and earlier.

   KDB(0)> tr FFF19610 print physical mapping
   BAT mapping for FFF19610
   DBAT0 FFC0003A FFC0005F
    bepi 7FE0 brpn 7FE0 bl 001F v 1 wim 3 ks 1 kp 0 pp 2 s 0
    eaddr = FFC00000, paddr = FFC00000 size = 4096 KBytes
   KDB(0)> mdvb fff19610 byte modify with data relocate enable
   FFF19610: ?? = 00
   FFF19611: ?? = 00
   FFF19612: ?? = . end of input
   KDB(0)> mdvw fff19610 word modify with data relocate enable
   FFF19610: ???????? = 004196B0
   FFF19614: ???????? = . end of input
   KDB(0)>

Example on a PCI machine

   KDB(0)> mdpw 80000cf8 change one word at physical address 80000cf8
   80000CF8: ???????? = 84000080
   80000CFC: ???????? = .Write is done in relocated mode, cache inhibited
   KDB(0)> ddpw 80000cfc print one word at physical address 80000cfc
   80000CFC: D2000000
   KDB(0)> mdpw 80000cfc change one word at physical address 80000cfc
   80000CFC: ???????? = d0000000
   80000D00: ???????? = .
   KDB(0)> mdpw 80000cf8 change one word at physical address 80000cf8
   80000CF8: ???????? = 8c000080
   80000CFC: ???????? = .
   KDB(0)> ddpw 80000cfc print one word at physical address 80000cfc
   80000CFC: D2000080

mr Subcommand

The mr subcommand can be used to modify general purpose, segment, special, or floating point registers.

Syntax

mr [gp | sr | sp | fp | reg_name]

gp - Modifies general purpose registers.
sr - Modifies segment registers.
sp - Modifies special purpose registers.
fp - Modifies floating point registers.
reg_name - Modifies a specific register, by name.

Individual registers can also be selected for modification by register name. The current thread context is used to locate the register values to be modified. The switch subcommand can be used to change context to other threads. When the register being modified is in the mst context, KDB alters the mst. When the register being modified is a special one, the register is altered immediately. Symbolic expressions are allowed as input.

If the gp, sr, sp, or fp options are used, modification of all of the registers in the group is allowed. The current value for a single register is shown and modification is allowed. Then the value for the next register is displayed for modification. Entry of an invalid character, such as a period (.), ends modification of the registers. If the value for a register is to be left unmodified, press the Enter key to continue to the next register for modification.

Example

   KDB(0)> dc @iar print current instruction
   .open+000000    mflr    r0
   KDB(0)> mr iar modify current instruction address
   iar : 001C5BA0 = @iar+4
   KDB(0)> dc @iar print current instruction
   .open+000004     stw    r31,FFFFFFFC(stkp)
   KDB(0)> mr iar restore current instruction address
   iar : 001C5BA4 = @iar-4
   KDB(0)> dc @iar print current instruction
   .open+000000    mflr    r0
   KDB(0)> mr sr modify first invalid segment register
   s0  : 00000000 = <CR/LF>
   s1  : 60000323 = <CR/LF>
   s2  : 20001E1E = <CR/LF>
   s3  : 007FFFFF = 0
   s4  : 007FFFFF = . end of input
   KDB(0)> dr s3 print segment register 3
   s3  : 00000000
   KDB(0)> mr s3 restore segment register 3
   s3  : 00000000 = 007FFFFF
   KDB(0)> mr f29 modify floating point register f29
   f29 : 0000000000000000 = 000333335999999A
   KDB(0)> dr f29
   f29 : 000333335999999A
   KDB(0)> u
   Uthread [2FF3B400]:
      save@......2FF3B400   fpr@.......2FF3B550
   ...
   KDB(0)> dd 2FF3B550 20
   __ublock+000150: C027C28F5C28F5C3 000333335999999A  .'..\(....33Y...
   __ublock+000160: 3FE3333333333333 3FC9999999999999  ?.333333?.......
   __ublock+000170: 7FF0000000000000 00100000C0000000  ................
   __ublock+000180: 4000000000000000 000000009A068000  @...............
   __ublock+000190: 7FF8000000000000 00000000BA411000  .............A..
   __ublock+0001A0: 0000000000000000 0000000000000000  ................
   __ublock+0001B0: 0000000000000000 0000000000000000  ................
   __ublock+0001C0: 0000000000000000 0000000000000000  ................
   __ublock+0001D0: 0000000000000000 0000000000000000  ................
   __ublock+0001E0: 0000000000000000 0000000000000000  ................
   __ublock+0001F0: 0000000000000000 0000000000000000  ................
   __ublock+000200: 0000000000000000 0000000000000000  ................
   __ublock+000210: 0000000000000000 0000000000000000  ................
   __ublock+000220: 0000000000000000 0000000000000000  ................
   __ublock+000230: 0000000000000000 000333335999999A  ..........33Y...
   __ublock+000240: 0000000000000000 0000000000000000  ................
   KDB(0)>