The subcommands lke and stbl can be used to display current state of loaded kernel extensions.
lke [?] [-l] [pslot | symbol | Address]
stbl [pslot | symbol | Address]
rmst [pslot | symbol | Address]
During boot phase, KDB is called to load extension symbol tables. A message is printed to indicated what happens. In the following example, /unix and one driver have symbol tables. If the kernel extension is stripped, the symbol table is not loaded in memory. The lke subcommand can be used to build a new symbol table with the traceback table.
A symbol table can be removed from KDB using the rmst subcommand. This subcommand requires that either a slot number or the effective address for the loader entry of the symbol table be specified.
A symbol name cache is managed inside KDB. The cache is filled with function names with lke slot, lke -a addr, and lke addr subcommands. This cache is a circular buffer, old entries will be removed by new ones when the cache is full.
If the lke subcommand is invoked without arguments a summary of the kernel loader entries is displayed. The lke subcommand arguments -l32 and -l64 can be used to list the loader entries for 32-bit and 64-bit shared libraries, respectively. Details can be viewed for individual loader entries by specifying the slot number, address of the loader entry (-a option), or an address within the text or data area for a loader entry.
The name lists currently contained in the name list cache area can be reviewed by using the -l option.
The symbol tables that are available to KDB can be listed with the stbl subcommand. If this subcommand is invoked without arguments a summary of all symbol tables is displayed. Details about a particular symbol table can be obtained by supplying a slot number or the effective address of the loader entry to the stbl subcommand.
... during boot phase no symbol [/etc/drivers/mddtu_load] no symbol [/etc/drivers/fd] Preserving 14280 bytes of symbol table [/etc/drivers/rsdd] no symbol [/etc/drivers/posixdd] no symbol [/etc/drivers/dtropendd] ... KDB(4)> stbl list symbol table entries LDRENTRY TEXT DATA TOC MODULE NAME 1 00000000 00000000 00000000 00207EF0 /unix 2 0B04C400 0156F0F0 015784F0 01578840 /etc/drivers/rsdd KDB(4)> rmst 2 ignore second entry KDB(4)> stbl list symbol table entries LDRENTRY TEXT DATA TOC MODULE NAME 1 00000000 00000000 00000000 00207EF0 /unix KDB(4)> stbl 1 list a symbol table entry LDRENTRY TEXT DATA TOC MODULE NAME 1 00000000 00000000 00000000 00207EF0 /unix st_desc addr.... 00153920 symoff.......... 002A9EB8 nb_sym.......... 0000551E ... (0)> lke ? help A KERNEXT FUNCTION NAME CACHE exists with 1024 entries max (circular buffer) Usage: lke <entry> to populate the cache Usage: lke -a <address> to populate the cache Usage: lke -l to list the cache (0)> lke list loaded kernel extensions ADDRESS FILE FILESIZE FLAGS MODULE NAME 1 055ADD00 014620C0 000076CC 00000262 /usr/lib/drivers/pse/psekdb 2 055AD780 05704000 000702D0 00000272 /usr/lib/drivers/nfs.ext 3 055AD880 05781000 00000D74 00000248 /unix 4 055AD380 01461D58 00000348 00000272 /usr/lib/drivers/nfs_kdes.ext 5 055AD800 056F7000 00000D20 00000248 /unix 6 055AD600 01455140 0000CC0C 00000262 /etc/drivers/ptydd 7 055AD500 01451400 00003D2C 00000272 /usr/lib/drivers/if_en 8 055AD580 05656000 00000D20 00000248 /unix 9 055AD400 055FB000 0004E038 00000272 /usr/lib/drivers/netinet ... 39 05518200 0135FA60 00006EFC 00000262 /etc/drivers/bscsidd 40 05518300 0135F5B8 0000049C 00000272 /etc/drivers/lsadd 41 05518180 04F7D000 00000CCC 00000248 /unix 42 05518280 0135E020 00001590 00000262 /etc/drivers/mca_ppc_busdd 43 04F61100 00326BF8 00000000 00000256 /unix 44 04F61158 04F62000 00000CCC 00000248 /unix (0)> lke 40 print slot 40 and process traceback table ADDRESS FILE FILESIZE FLAGS MODULE NAME 40 05518300 0135F5B8 0000049C 00000272 /etc/drivers/lsadd le_flags....... TEXT KERNELEX DATAINTEXT DATA DATAEXISTS le_next........ 05518180 le_fp.......... 00000000 le_filename.... 05518358 le_file........ 0135F5B8 le_filesize.... 0000049C le_data........ 0135F988 le_tid......... 00000000 le_datasize.... 000000CC le_usecount.... 00000008 le_loadcount... 00000001 le_ndepend..... 00000001 le_maxdepend... 00000001 le_ule......... 04F86000 le_deferred.... 00000000 le_exports..... 04F86000 le_de.......... 632E6100 le_searchlist.. C0000420 le_dlusecount.. 00000000 le_dlindex..... 0000622F le_lex......... 00000000 TOC@........... 0135FA10 <PROCESS TRACE BACKS> .lsa_pos_unlock 0135F6B4 .lsa_pos_lock 0135F6E4 .lsa_config 0135F738 .lockl.glink 0135F86C .pincode.glink 0135F894 .lock_alloc.glink 0135F8BC .simple_lock_init.glink 0135F8E4 .unpincode.glink 0135F90C .lock_free.glink 0135F934 .unlockl.glink 0135F95C (0)> lke -a 0135E51C using a kernext address as argument ADDRESS FILE FILESIZE FLAGS MODULE NAME 1 05518280 0135E020 00001590 00000262 /etc/drivers/mca_ppc_busdd le_flags....... TEXT DATAINTEXT DATA DATAEXISTS le_next........ 04F61100 le_fp.......... 00000000 le_filename.... 055182D8 le_file........ 0135E020 le_filesize.... 00001590 le_data........ 0135F380 le_tid......... 00000000 le_datasize.... 00000230 le_usecount.... 00000001 le_loadcount... 00000001 le_ndepend..... 00000001 le_maxdepend... 00000001 le_ule......... 00000000 le_deferred.... 00000000 le_exports..... 00000000 le_de.......... 6366672E le_searchlist.. C0000420 le_dlusecount.. 00000000 le_dlindex..... 00006C69 le_lex......... 00000000 TOC@........... 0135F4F8 <PROCESS TRACE BACKS> .mca_ppc_businit 0135E120 .complete_error 0135E38C .d_protect_ppc 0135E51C .d_move_ppc 0135E608 .d_bflush_ppc 0135E630 .d_cflush_ppc 0135E65C .d_complete_ppc 0135E688 .d_master_ppc 0135E7B4 .d_slave_ppc 0135E974 .d_unmask_ppc 0135EBA4 .d_mask_ppc 0135EC40 .d_clear_ppc 0135ECD8 .d_init_ppc 0135ED8C .vm_att.glink 0135EF88 .lock_alloc.glink 0135EFB0 .simple_lock_init.glink 0135EFD8 .vm_det.glink 0135F000 .pincode.glink 0135F028 .bcopy 0135F060 .copystr 0135F238 .errsave.glink 0135F2E0 .xmemdma_ppc.glink 0135F308 .xmemqra.glink 0135F330 .xmemacc.glink 0135F358 (0)> lke -l list current name cache KERNEXT FUNCTION NAME CACHE .lsa_pos_unlock 0135F6B4 .lsa_pos_lock 0135F6E4 .lsa_config 0135F738 .lockl.glink 0135F86C .pincode.glink 0135F894 .lock_alloc.glink 0135F8BC .simple_lock_init.glink 0135F8E4 .unpincode.glink 0135F90C .lock_free.glink 0135F934 .unlockl.glink 0135F95C .mca_ppc_businit 0135E120 .complete_error 0135E38C .d_protect_ppc 0135E51C .d_move_ppc 0135E608 .d_bflush_ppc 0135E630 .d_cflush_ppc 0135E65C .d_complete_ppc 0135E688 .d_master_ppc 0135E7B4 .d_slave_ppc 0135E974 .d_unmask_ppc 0135EBA4 .d_mask_ppc 0135EC40 .d_clear_ppc 0135ECD8 .d_init_ppc 0135ED8C .vm_att.glink 0135EF88 .lock_alloc.glink 0135EFB0 .simple_lock_init.glink 0135EFD8 .vm_det.glink 0135F000 .pincode.glink 0135F028 .bcopy 0135F060 .copystr 0135F238 .errsave.glink 0135F2E0 .xmemdma_ppc.glink 0135F308 .xmemqra.glink 0135F330 .xmemacc.glink 0135F358 00 KERNEXT FUNCTION range [0135F6B4 0135F974] 10 entries 01 KERNEXT FUNCTION range [0135E120 0135F370] 24 entries (0)> dc .lsa_ if name is not unique Ambiguous: [kernext function name cache] 0135F6B4 .lsa_pos_unlock 0135F6E4 .lsa_pos_lock 0135F738 .lsa_config (0)> expected symbol or address (0)> dc .lsa_config 11 display code .lsa_config+000000 stmw r29,FFFFFFF4(stkp) .lsa_config+000004 mflr r0 .lsa_config+000008 ori r31,r3,0 .lsa_config+00000C stw r0,8(stkp) .lsa_config+000010 stwu stkp,FFFFFFB0(stkp) .lsa_config+000014 li r30,0 .lsa_config+000018 lwz r3,C(toc) .lsa_config+00001C li r4,0 .lsa_config+000020 bl <.lockl.glink> .lsa_config+000024 lwz toc,14(stkp) .lsa_config+000028 lwz r29,14(toc) (0)> dc .lockl.glink 6 display glink code .lockl.glink+000000 lwz r12,10(toc) .lockl.glink+000004 stw toc,14(stkp) .lockl.glink+000008 lwz r0,0(r12) .lockl.glink+00000C lwz toc,4(r12) .lockl.glink+000010 mtctr r0 .lockl.glink+000014 bcctr
The exp subcommand can be used to look for an exported symbol or to display the entire export list.
exp [symbol]
If no argument is specified the entire export list is printed. If a symbol name is specified as an argument, then all symbols which begin with the input string are displayed.
KDB(0)> exp list export table 000814D4 pio_assist 019A7708 puthere 0007BE90 vmminfo 00081FD4 socket 01A28A50 tcp_input 01A28BFC in_pcb_hash_del 019A78E8 adjmsg 0000BAB8 execexit 00325138 loif 01980874 lvm_kp_tid 000816E4 ns_detach 019A7930 mps_wakeup 01A28C50 ip_forward 00081E60 ksettickd 000810AC uiomove 000811EC blkflush 0018D97C setpriv 01A5CD38 clntkudp_init 000820D0 soqremque 00178824 devtosth 00081984 rtinithead 01A5CD8C xdr_rmtcall_args (0)> more (^C to quit) ? ^C interrupt KDB(0)> exp send search in export table 00081F5C sendmsg 00081F80 sendto 00081F74 send KDB(0)>