Kdbg
This page was a mirror of the KDBG page (rev 72) on Blight's Wiki
Contents
- 1 Introduction
- 2 Command Reference
- 2.1 ?
- 2.2 bc
- 2.3 bd
- 2.4 be
- 2.5 bl
- 2.6 bpm
- 2.7 bpx
- 2.8 bt
- 2.9 bugcheck
- 2.10 cont
- 2.11 cregs
- 2.12 disasm
- 2.13 dmesg
- 2.14 dregs
- 2.15 dt
- 2.16 filter
- 2.17 gdt
- 2.18 help
- 2.19 idt
- 2.20 kmsg
- 2.21 ldt
- 2.22 mod
- 2.23 next
- 2.24 pcr
- 2.25 proc
- 2.26 regs
- 2.27 set
- 2.28 sregs
- 2.29 step
- 2.30 thread
- 2.31 tss
- 2.32 x
- 2.33 !pool
- 2.34 !poolused
- 2.35 !poolfind
- 2.36 !filecache
- 2.37 !defwrites
- 2.38 !irpfind
- 2.39 !handle
Introduction
KDB, the Kernel DeBugger of ReactOS, is built into ntoskrnl. For each exception which is handled by the kernel, KDB gets up to two chances to handle it. The first chance occurs before the kernel tries to find and execute an exception handler. The last chance occurs after the kernel fails to find an exception handler or the handler did not handle the exception.
For each type of exception known by KDB, you can set the condition when KDB should be entered individually for first and last chance. The possible settings for the conditions are never, umode, kmode and always. never means that KDB will never be entered when the exception is raised, umode means that it will be entered when the exception was raised in user mode, kmode means to enter KDB when the exception was raised in kernel mode, and always means to always enter KDB.
Enabling KDBG before build
KDBG is automatically enabled or disabled by the configuration options script (cmake/config.cmake).
KDBG is by default configured to be enabled for the bootloader entries "ReactOS (Debug)" and "ReactOS (RosDbg)" for all ISO images. See also Debugging#Breaking into the built-in kernel debugger.
KDBinit
As soon as possible KDB loads and interprets the KDBinit file (\SystemRoot\system32\drivers\etc\KDBinit)
The KDBinit file can contain all commands available in the command line interface of KDB plus the break command. When a break is read from the KDBinit file KDB is entered – you can use this to automatically enter KDB when booting.
Here's the default KDBinit file (the break is commented out):
# Example KDBinit file # # Set the disassembly flavor to "intel" (default is "at&t") set syntax intel # Change the condition to enter KDB on INT3 to "always" (default is "kmode") #set condition INT3 first always # This is a special command available only in the KDBinit file - it breaks into # KDB when it is interpreting the init file at startup. #break
Command Reference
?
Syntax: ? expression
Evaluate expression. The result is displayed in hexadecimal and unsigned decimal format. If it is < 0 it is also displayed in signed decimal format.
kdb:> ? eip 0xc00a1535 3221886261 -1073081035
The following operands are supported: +,-,*,/,%,==,!=,>,<,>=,<=
Braces are supported.
Brackets can be used to dereference memory. The memory size (byte, word, dword or qword) can be specified as a prefix before the opening bracket. The default is the size of a pointer (dword for IA32)
kdb:> ? 1+2*3 0x00000007 7 kdb:> ? (1+2)*3 0x00000009 9 kdb:> ? [eip] 0xffbe16e8 4290647784 -4319512 kdb:> ? word[eip] 0x000016e8 5864 kdb:> ? byte[eip] 0x000000e8 232 -24 kdb:> ? byte[eip+1] 0x00000016 22 kdb:> ? [0] ^ Couldn't access memory at 0x0
bc
Syntax: bc [breakpoint]
Clear breakpoint.
bd
Syntax: bd [breakpoint]
Disable breakpoint.
be
Syntax: be [breakpoint]
Enable breakpoint.
bl
Syntax: bl
List breakpoints.
bpm
Syntax: bpm [r|w|rw|x] [byte|word|dword] [address]
Set memory breakpoint at address.
bpx
Syntax: bpx [address]
Set software execution breakpoint at address.
Note: Don't forget to type 'set condition INT3 first always' when you set a breakpoint in usermode or KDB will not be entered on the breakpoint.
bt
Syntax: bt [*frameaddr]
Print current backtrace or from given frame address. Supports also crossed TSS boundaries.
kdb:> bt Eip: <ntoskrnl.exe:153529 (sdk/lib/rtl/i386/debug_asm.S:57 (RtlpBreakWithStatusInstruction))> Frames: <ntoskrnl.exe:899b0 (ntoskrnl/ke/bug.c:1136 (KeBugCheckWithTf))> <ntoskrnl.exe:134826 (ntoskrnl/ke/i386/exp.c:1161 (KeRaiseUserException))> <ntoskrnl.exe:19ae67 (ntoskrnl/ke/i386/traphdlr.c:1282 (KiTrap0DHandler))> <ntoskrnl.exe:19a840 (:0 (KiTrap0D))> <ntoskrnl.exe:1925e6 (ntoskrnl/include/internal/i386/intrin_i.h:45 (KiInitMachineDependent))> <ntoskrnl.exe:187688 (ntoskrnl/ke/krnlinit.c:305 (KeInitSystem))> <ntoskrnl.exe:17fb2f (ntoskrnl/ex/init.c:1621 (Phase1InitializationDiscard))> <ntoskrnl.exe:3247f (ntoskrnl/ex/init.c:2019 (Phase1Initialization))> <ntoskrnl.exe:11c079 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))> <ntoskrnl.exe:135c8a (ntoskrnl/ke/i386/thrdini.c:78 (KiThreadStartup))> <ntoskrnl.exe:11c040 (ntoskrnl/ps/thread.c:141 (PspSystemThreadStartup))> <5d8950ec> Couldn't access memory at 0x83E58959!
kdb:> bt [Active TSS 0x0050 @ 0x80A10CA0] Eip: <ntoskrnl.exe:153529 (sdk/lib/rtl/i386/debug_asm.S:57 (RtlpBreakWithStatusInstruction))> Frames: <ntoskrnl.exe:899b0 (ntoskrnl/ke/bug.c:1136 (KeBugCheckWithTf))> <ntoskrnl.exe:19a1d8 (ntoskrnl/ke/i386/traphdlr.c:917 (KiTrap08Handler))> <ntoskrnl.exe:19a145 (:0 (KiTrap08))> [Parent TSS 0x0028 @ 0x8009C000] <ntoskrnl.exe:1925e6 (ntoskrnl/include/internal/i386/intrin_i.h:45 (KiInitMachineDependent))> <ntoskrnl.exe:187688 (ntoskrnl/ke/krnlinit.c:305 (KeInitSystem))> <ntoskrnl.exe:17fb2f (ntoskrnl/ex/init.c:1621 (Phase1InitializationDiscard))> <ntoskrnl.exe:3247f (ntoskrnl/ex/init.c:2019 (Phase1Initialization))> <ntoskrnl.exe:11c079 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))> <ntoskrnl.exe:135c8a (ntoskrnl/ke/i386/thrdini.c:78 (KiThreadStartup))> <ntoskrnl.exe:11c040 (ntoskrnl/ps/thread.c:141 (PspSystemThreadStartup))> <5d8950ec> Couldn't access memory at 0x83E58959!
bugcheck
Syntax: bugcheck
Crash the system.
cont
Syntax: cont
Continue execution (leave debugger).
cregs
Syntax: cregs
Display control, descriptor table and task segment registers.
kdb:> cregs CR0 0x8001003b PE MP TS ET NE WP PG CR2 0x01720000 CR3 0x006ca000 Pagedir-Base 0x006ca000 CR4 0x00000619 VME DE PSE OSFXSR OSXMMEXCPT GDTR Base 0x806c9000 Size 0x03ff LDTR 0x0000 IDTR Base 0x806c9400 Size 0x07ff TR 0x0028
disasm
Syntax: disasm [address] [L count]
Disassemble count instructions at address.
kdb:> disasm <c00a1535>: call <0xC009D350> <c00a153a>: call <0xC009D110> <c00a153f>: call <ntoskrnl.exe:2e990> <c00a1544>: call <0xC009DDD0> <c00a1549>: mov 0xc0104d40,%eax <c00a154e>: cmpb $0x0,(%eax) <c00a1551>: je <0xC00A1597> <c00a1553>: lea 0x0(%esi),%esi <c00a1559>: lea 0x0(%edi,1),%edi <c00a1560>: sub $0x8,%esp
Intel syntax is also supported:
kdb:> set syntax intel kdb:> disasm <c00a1535>: call <0xC009D350> <c00a153a>: call <0xC009D110> <c00a153f>: call <ntoskrnl.exe:2e990> <c00a1544>: call <0xC009DDD0> <c00a1549>: mov eax,ds:0xc0104d40 <c00a154e>: cmp BYTE PTR [eax],0x0 <c00a1551>: je <0xC00A1597> <c00a1553>: lea esi,[esi] <c00a1559>: lea edi,[edi*1] <c00a1560>: sub esp,0x8
dmesg
Syntax: dmesg
Display debug messages on the screen (with pagination).
dregs
Syntax: dregs
Display debug registers.
kdb:> dregs DR0 0x00000000 DR1 0x00000000 DR2 0x00000000 DR3 0x00000000 DR6 0xffff0ff0 DR7 0x00000400
dt
Syntax: dt [mod] [type] [addr]
Print a struct. The address is optional.
filter
Syntax: filter [error|warning|trace|info|level]+|-[componentname|default]
Enable/disable debug channels. If no parameters are given, display the list of available debug filter components.
Example: List of available debug channels.
kdb:> filter REMARKS: - The 'WIN2000' system-wide debug filter component is used for DbgPrint() messages without Component ID and Level. - The 'DEFAULT' debug filter component is used for DbgPrint() messages with an unknown Component ID. The list of debug filter components currently available on your system is: Component Name Component ID ================== ================ WIN2000 0xffffffff DEFAULT 0x00000065 SYSTEM 0x00000000 SMSS 0x00000001 SETUP 0x00000002 NTFS 0x00000003 FSTUB 0x00000004 CRASHDUMP 0x00000005 CDAUDIO 0x00000006 CDROM 0x00000007 CLASSPNP 0x00000008 DISK 0x00000009 REDBOOK 0x0000000a STORPROP 0x0000000b SCSIPORT 0x0000000c SCSIMINIPORT 0x0000000d CONFIG 0x0000000e I8042PRT 0x0000000f SERMOUSE 0x00000010 LSERMOUS 0x00000011 KBDHID 0x00000012 MOUHID 0x00000013 KBDCLASS 0x00000014 MOUCLASS 0x00000015 TWOTRACK 0x00000016 WMILIB 0x00000017 ACPI 0x00000018 AMLI 0x00000019 HALIA64 0x0000001a VIDEO 0x0000001b SVCHOST 0x0000001c VIDEOPRT 0x0000001d TCPIP 0x0000001e DMSYNTH 0x0000001f NTOSPNP 0x00000020 FASTFAT 0x00000021 SAMSS 0x00000022 PNPMGR 0x00000023 NETAPI 0x00000024 SCSERVER 0x00000025 SCCLIENT 0x00000026 SERIAL 0x00000027 SERENUM 0x00000028 UHCD 0x00000029 RPCPROXY 0x0000002a AUTOCHK 0x0000002b DCOMSS 0x0000002c UNIMODEM 0x0000002d SIS 0x0000002e FLTMGR 0x0000002f WMICORE 0x00000030 BURNENG 0x00000031 IMAPI 0x00000032 SXS 0x00000033 FUSION 0x00000034 IDLETASK 0x00000035 SOFTPCI 0x00000036 TAPE 0x00000037 MCHGR 0x00000038 IDEP 0x00000039 PCIIDE 0x0000003a FLOPPY 0x0000003b FDC 0x0000003c TERMSRV 0x0000003d W32TIME 0x0000003e PREFETCHER 0x0000003f RSFILTER 0x00000040 FCPORT 0x00000041 PCI 0x00000042 DMIO 0x00000043 DMCONFIG 0x00000044 DMADMIN 0x00000045 WSOCKTRANSPORT 0x00000046 VSS 0x00000047 PNPMEM 0x00000048 PROCESSOR 0x00000049 DMSERVER 0x0000004a SR 0x0000004b INFINIBAND 0x0000004c IHVDRIVER 0x0000004d IHVVIDEO 0x0000004e IHVAUDIO 0x0000004f IHVNETWORK 0x00000050 IHVSTREAMING 0x00000051 IHVBUS 0x00000052 HPS 0x00000053 RTLTHREADPOOL 0x00000054 LDR 0x00000055 TCPIP6 0x00000056 ISAPNP 0x00000057 SHPC 0x00000058 STORPORT 0x00000059 STORMINIPORT 0x0000005a PRINTSPOOLER 0x0000005b VSSDYNDISK 0x0000005c VERIFIER 0x0000005d VDS 0x0000005e VDSBAS 0x0000005f VDSDYN 0x00000060 VDSDYNDR 0x00000061 VDSLDR 0x00000062 VDSUTIL 0x00000063 DFRGIFC 0x00000064 MM 0x00000066 DFSC 0x00000067 WOW64 0x00000068 ALPC 0x00000069 WDI 0x0000006a PERFLIB 0x0000006b KTM 0x0000006c IOSTRESS 0x0000006d HEAP 0x0000006e WHEA 0x0000006f USERGDI 0x00000070 MMCSS 0x00000071 TPM 0x00000072 THREADORDER 0x00000073 ENVIRON 0x00000074 EMS 0x00000075 WDT 0x00000076 FVEVOL 0x00000077 NDIS 0x00000078 NVCTRACE 0x00000079 LUAFV 0x0000007a APPCOMPAT 0x0000007b USBSTOR 0x0000007c SBP2PORT 0x0000007d COVERAGE 0x0000007e CACHEMGR 0x0000007f MOUNTMGR 0x00000080 CFR 0x00000081 TXF 0x00000082 KSECDD 0x00000083 FLTREGRESS 0x00000084 MPIO 0x00000085 MSDSM 0x00000086 UDFS 0x00000087 PSHED 0x00000088 STORVSP 0x00000089 LSASS 0x0000008a SSPICLI 0x0000008b CNG 0x0000008c EXFAT 0x0000008d FILETRACE 0x0000008e XSAVE 0x0000008f SE 0x00000090 DRIVEEXTENDER 0x00000091 POWER 0x00000092 CRASHDUMPXHCI 0x00000093 GPIO 0x00000094 REFS 0x00000095 WER 0x00000096 CAPIMG 0x00000097 VPCI 0x00000098 STORAGECLASSMEMORY 0x00000099 FSLIB 0x0000009a
Example:
kdb:> filter trace+i8042prt
Example:
kdb:> filter +serial
gdt
Syntax: gdt
Display the global descriptor table.
kdb:> gdt GDT Base: 0x806c9000 Limit: 0x03ff Idx Sel. Type Base Limit DPL Attribs 001 0x0008 CODE32 0x00000000 0x0fffffff 00 R/X A 002 0x0010 DATA32 0x00000000 0x0fffffff 00 R/W A 003 0x001b CODE32 0x00000000 0x0fffffff 03 R/X A 004 0x0023 DATA32 0x00000000 0x0fffffff 03 R/W A 005 0x0028 TSS32(Busy) 0x8009c000 0x000020ac 00 006 0x0030 DATA32 0xffdff000 0x00001fff 00 R/W A 007 0x003b DATA32 0x00000000 0x00001000 03 R/W A 008 0x0043 DATA16 0x00000400 0x00010000 03 R/W 009 0x0048 LDT 0x00000000 0x00000001 00 010 0x0050 TSS32(Avl) 0x80a10ca0 0x00000069 00 011 0x0058 TSS32(Avl) 0x80a10c20 0x00000069 00 012 0x0060 DATA16 0x00020000 0x00010000 00 R/W 013 0x0068 DATA16 0x000b8000 0x00004000 00 R/W 014 0x0070 DATA16 0xffff7000 0x00000400 00 R/W 015 0x0078 UNKNOWN [NP] [NP] 00 NP
help
Syntax: help
Display help screen.
kdb:> help Kernel debugger commands: * Data: ? expression - Evaluate expression. disasm [address] [L count] - Disassemble count instructions at address. x [address] [L count] - Display count dwords, starting at address. regs - Display general purpose registers. cregs - Display control, descriptor table and task segment registers. sregs - Display status registers. dregs - Display debug registers. bt [*frameaddr|thread id] - Prints current backtrace or from given frame address. * Flow control: cont - Continue execution (leave debugger). step [count] - Execute single instructions, stepping into interrupts. next [count] - Execute single instructions, skipping calls and reps. bl - List breakpoints. be [breakpoint] - Enable breakpoint. bd [breakpoint] - Disable breakpoint. bc [breakpoint] - Clear breakpoint. bpx [address] [IF condition] - Set software execution breakpoint at address. bpm [r|w|rw|x] [byte|word|dword] [address] [IF condition] - Set memory breakpoint at address. * Process/Thread: thread [list[ pid]|[attach ]tid] - List threads in current or specified process, display thread with given id or attach to thread. proc [list|[attach ]pid] - List processes, display process with given id or attach to process. * System info: mod [address] - List all modules or the one containing address. gdt - Display the global descriptor table. ldt - Display the local descriptor table. idt - Display the interrupt descriptor table. pcr - Display the processor control region. tss [selector|*descaddr] - Display the current task state segment, or the one specified by its selector number or descriptor address. * Others: bugcheck - Bugchecks the system. reboot - Reboots the system. filter [error|warning|trace|info|level]+|-[componentname|default] - Enable/disable debug channels. set [var] [value] - Sets var to value or displays value of var. dmesg - Display debug messages on screen, with navigation on pages. kmsg - Kernel dmesg. Alias for dmesg. help - Display help screen. !pool [Address [Flags]] - Display information about pool allocations. !poolused [Flags [Tag]] - Display pool usage. !poolfind Tag [Pool] - Search for pool tag allocations. !filecache - Display cache usage. !defwrites - Display cache write values. !irpfind [Pool [startaddress [criteria data]]] - Lists IRPs potentially matching criteria. !handle [Handle] - Displays info about handles.
idt
Syntax: idt
Display the interrupt descriptor table.
kdb:> idt IDT Base: 0x8012d1d0 Limit: 0x0800 Idx Type Seg. Sel. Offset DPL 000 TRAPGATE32 0x0008 0x800039bf 00 001 TRAPGATE32 0x0008 0x800039ce 00 002 TRAPGATE32 0x0008 0x800039dd 00 003 TRAPGATE32 0x0008 0x800039ec 03 004 TRAPGATE32 0x0008 0x800039fb 00 005 TRAPGATE32 0x0008 0x80003a0a 00 006 TRAPGATE32 0x0008 0x80003a19 00 007 TRAPGATE32 0x0008 0x80003a28 00 008 TASKGATE 0x0050 00 009 TRAPGATE32 0x0008 0x80003a3d 00 010 TRAPGATE32 0x0008 0x80003a4c 00 011 TRAPGATE32 0x0008 0x80003a59 00 012 TRAPGATE32 0x0008 0x80003a66 00 013 TRAPGATE32 0x0008 0x80003a73 00 014 INTGATE32 0x0008 0x80003a80 00 015 TRAPGATE32 0x0008 0x80003a8d 00 016 TRAPGATE32 0x0008 0x80003a9c 00 017 TRAPGATE32 0x0008 0x80003aab 00 018 TRAPGATE32 0x0008 0x80003aba 00 019 TRAPGATE32 0x0008 0x80003ac9 00 020 TRAPGATE32 0x0008 0x80003ad8 00 ... 044 TRAPGATE32 0x0008 0x80003ad8 00 045 TRAPGATE32 0x0008 0x8006ef9f 03 046 TRAPGATE32 0x0008 0x80003b79 03 047 TRAPGATE32 0x0008 0x80003ad8 00 ...
kmsg
Syntax: kmsg
Alias for dmesg.
ldt
Syntax: ldt
Display the local descriptor table.
kdb:> ldt Local descriptor table is empty.
mod
Syntax: mod [address]
List all modules or the one containing address.
kdb:> mod Base Size Name c0000000 00096ca0 ntoskrnl.exe c039c000 00007de0 hal.dll
next
Syntax: next [count]
Execute single instructions, skipping calls and reps.
pcr
Syntax: pcr
Display the processor control region.
kdb:> pcr Current PCR is at 0xFFDFF000. Tib.ExceptionList: 0xffffffff Tib.StackBase: 0x00000000 Tib.StackLimit: 0x00000000 Tib.SubSystemTib: 0x8009c000 Tib.FiberData/Version: 0x000282ed Tib.ArbitraryUserPointer: 0x00000001 Tib.Self: 0x00000000 SelfPcr: 0xffdff000 PCRCB: 0xffdff120 Irql: 0x00 IRR: 0x00000000 IrrActive: 0x00000000 IDR: 0xffff20b8 KdVersionBlock: 0x00000000 IDT: 0x806c9400 GDT: 0x806c9000 TSS: 0x8009c000 MajorVersion: 0x0001 MinorVersion: 0x0001 SetMember: 0x00000001 StallScaleFactor: 0x00000473 Number: 0x00 L2CacheAssociativity: 0x08 VdmAlert: 0x00000000 L2CacheSize: 0x00040000 InterruptMode: 0x00000000
proc
Syntax: proc [list|[attach ]pid]
List processes, display process with given id or attach to process.
kdb:> proc Current process: PID: 0x00000004 State: Unknown (0x0) Image Filename: System
kdb:> proc list PID State Filename *0x00000004 Unknown System 0x00000058 Active smss.exe 0x0000007c Active csrss.exe 0x00000094 Active winlogon.exe 0x000000b0 Active setup.exe
regs
Syntax: regs
Display general purpose registers.
kdb:> regs CS:EIP 0x0008:0xc00b880a SS:ESP 0xd754:0x00000000 EAX 0x01c634d3 EBX 0x0000940e ECX 0x00000000 EDX 0x00000000 ESI 0x002ff000 EDI 0x00000000 EBP 0xc0103c70 EFLAGS 0x00200202 IF IOPL0 ID
set
Syntax: set [var] [value]
Sets var to value or displays value of var.
kdb:> set Available settings: syntax [intel|at&t] condition [exception|*] [first|last] [never|always|kmode|umode] kdb:> set syntax syntax = at&t kdb:> set condition Conditions: (First) (Last) #00 ZERODEVIDE never kmode #01 DEBUGTRAP always never #02 NMI never always #03 INT3 kmode never #04 OVERFLOW never kmode #05 BOUND never kmode #06 INVALIDOP never kmode #07 NOMATHCOP never kmode #08 DOUBLEFAULT always always #09 RESERVED(9) always always #10 INVALIDTSS never kmode #11 SEGMENTNOTPRESENT never kmode #12 STACKFAULT never kmode #13 GPF never kmode #14 PAGEFAULT never kmode #15 RESERVED(15) always always #16 MATHFAULT never kmode #17 ALIGNMENTCHECK never kmode #18 MACHINECHECK never kmode #19 SIMDFAULT never kmode OTHERS never kmode
Example: Enabling usermode software breakpoints.
kdb:> set condition int3 first always kdb:> set condition int3 Condition for exception #03 (INT3): FirstChance always LastChance never
Example: Catching all exceptions.
kdb:> set condition * first always
sregs
Syntax: sregs
Display segment/selector registers.
kdb:> sregs CS 0x0008 Index 0x0001 GDT RPL0 DS 0x0010 Index 0x0002 GDT RPL0 ES 0x0010 Index 0x0002 GDT RPL0 FS 0x0030 Index 0x0006 GDT RPL0 GS 0x0010 Index 0x0002 GDT RPL0 SS 0xd754 Index 0x1aea LDT RPL0
step
Syntax: step [count]
Execute single instructions, stepping into interrupts (i.e. when EIP points to int 0x2e KDB gets the address of the interrupt handler, sets a INT3 there and continues execution)
thread
Syntax: thread [list[ pid]|[attach ]tid]
List threads in current or specified process, display thread with given id or attach to thread.
kdb:> thread Current Thread: TID: 0x00000000 State: Running (0x2) Priority: 8 Affinity: 0x00000001 Initial Stack: 0x8011f5a0 Stack Limit: 0x8011c5a0 Stack Base: 0x8011f5a0 Kernel Stack: 0x8011f5a0 Trap Frame: 0x00000000 NPX State: Invalid (0x1)
kdb:> thread list TID State Prior. Affinity EBP EIP *0x00000000 Running 8 0x00000001 0x00000000 0x00000000 0x00000008 Blocked 16 0xffffffff 0x9cdcbd38 0x8001009e 0x0000000c Blocked 16 0xffffffff 0x9cdced38 0x8001009e 0x00000010 Blocked 16 0xffffffff 0x9cdd1d38 0x8001009e 0x00000014 Blocked 16 0xffffffff 0x9cdd4d38 0x8001009e 0x00000018 Blocked 16 0xffffffff 0x9cdd7d38 0x8001009e 0x0000001c Ready 0 0xffffffff 0x00000000 0x00000000 0x00000020 Ready 0 0xffffffff 0x00000000 0x00000000 0x00000024 Ready 0 0xffffffff 0x00000000 0x00000000 0x00000028 Ready 0 0xffffffff 0x00000000 0x00000000 0x0000002c Ready 0 0xffffffff 0x00000000 0x00000000 0x00000030 Blocked 31 0xffffffff 0x9cde9d38 0x8001009e 0x00000034 Blocked 31 0xffffffff 0x9cdecd38 0x8001009e 0x00000038 Blocked 31 0xffffffff 0x9cdefd38 0x8001009e 0x0000003c Blocked 31 0xffffffff 0x9cdf2d38 0x8001009e 0x00000040 Blocked 31 0xffffffff 0x9cdf5d38 0x8001009e 0x00000044 Blocked 8 0xffffffff 0x9cdf8d28 0x8001009e 0x00000048 Ready 0 0xffffffff 0x00000000 0x00000000 0x0000004c Blocked 17 0xffffffff 0x9cdfed08 0x8001009e 0x00000050 Ready 1 0xffffffff 0x00000000 0x00000000 0x00000054 Blocked 16 0xffffffff 0x9ce04d28 0x8001009e
tss
Syntax: tss [selector|*descaddr]
Display the current task state segment, or the one specified by its selector number or descriptor address.
kdb:> tss Current TSS 0x0028 is at 0x8009C000. Backlink: 0x0000 Ss0:Esp0: 0x0010:0x809fcdf0 CR3: 0x00000000 EFlags: 0x00000000 Eax: 0x00000000 Ebx: 0x00000000 Ecx: 0x00000000 Edx: 0x00000000 Esi: 0x00000000 Edi: 0x00000000 Eip: 0x00000000 Esp: 0x00000000 Ebp: 0x00000000 Cs: 0x0000 Ss: 0x0000 Ds: 0x0000 Es: 0x0000 Fs: 0x0000 Gs: 0x0000 LDT: 0x0000 Flags: 0x0000 IoMapBase: 0x20ac kdb:> tss 0x50 Specified TSS 0x0050 is at 0x80A10CA0. Backlink: 0x0000 Ss0:Esp0: 0x0010:0x809fa000 CR3: 0x006ca000 EFlags: 0x00000000 Eax: 0x00000000 Ebx: 0x00000000 Ecx: 0x00000000 Edx: 0x00000000 Esi: 0x00000000 Edi: 0x00000000 Eip: 0x8099a140 Esp: 0x809fa000 Ebp: 0x00000000 Cs: 0x0008 Ss: 0x0010 Ds: 0x0023 Es: 0x0023 Fs: 0x0030 Gs: 0x0000 LDT: 0x0000 Flags: 0x0000 IoMapBase: 0x20ac
x
Syntax: x [address] [L count]
Display count dwords, starting at address.
kdb:> x ebp <c0103c70>: c0103c80 c000fbec 00000000 012ff000 <c0103c80>: c0103de0 c00b91e6 00000001 c011bc90 <c0103c90>: 00000014 c0103dc4 00000000 00000000 <c0103ca0>: 00000000 c03c6000 c0397000 c0125000
!pool
Syntax: !pool [Address [Flags]]
Display information about pool allocations.
!poolused
Syntax: !poolused [flags] [tag]
Display current pool usage (paged and non paged) for all tags.
It is possible to show only a tag, or a subset of tags, thanks to the wildcard '?' (replaces a char).
kdb:> !poolused Pool Used: NonPaged Paged Tag Allocs Used Allocs Used 'ObCI' 3 192 0 0 'VPB ' 8 768 0 0 'ObSc' 0 0 21 2840 'Rqrv' 0 0 121 664 'USTR' 0 0 365 6528 'SCSI' 51 163984 20 384 'RSYM' 6 2271840 0 0 'TOKu' 0 0 2 192
!poolfind
Syntax: !poolfind Tag [Pool]
Search for pool tag allocations.
!filecache
Syntax: !filecache
Display cache usage.
!defwrites
Syntax: !defwrites
Display cache write values.
!irpfind
Syntax: !irpfind [Pool [startaddress [criteria data]]]
Lists IRPs potentially matching criteria.
!handle
Syntax: !handle [Handle]
Displays info about handles.