DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
SCO kdb and scodb quick reference

SCO kdb and scodb quick reference

scodb commands

OSR UW7 Command Description
x x alias [word [new_command]] Set or list command aliases
x x bc [* | address | DRn | name ] Clear breakpoint
x x bl [name] List breakpoints
x x bp [en|dis|mod|name| [rwi] [b|s|l] |x]
          addr [condition value ]
Set breakpoints
x x c|cb|cs|c1 address Change memory
x x d|db|ds|dl|dn address Dump memory
x x declare|dcl C_declaration Give a system variable a type
x x dis|u [exact] [mode [ [-]names...] | address Disassemble (unassemble)
x   editmode|edit|em [emacs|vi] Change the editing mode
x -- info expression Get low-level information about an expression.
x -- quitif expression If (expression), then quit.
x x r|R [ stack_addr -p pid -p proc_addr Display system or user registers
x x s|step -r Single-step
x x stack|b|B [ stack_addr -p pid -p proc_addr Stack backtrace
x x struct [-> member] [members] addr Show structure member values
x x symname|sym address Find symbol corresponding to an address.
x -- tfe [depth] Trace function entry
x x type expression Show type of expression
x x unalias [*|aliases] Unset alias
x x undeclare|undcl [*|variables...| Undeclare system variables
x x unvar [*|variables...] Remove debugger variables
x x var [name initvalue] Create and list debugger variables
x x <Del> Kill line
x x <Break> Correct error on current line

Calling scodb functions

Function Description
hexdump(addr, mode, len) dump memory; useful from breakpoint commands
dgdt( ) dump global descriptor table
ddt(addr, nentries) dump descriptor table, nentries long
ltop(addr) convert a linear address to a physical address
ptol(addr) convert a physical address to a linear address
patch_call(addr, func) patch a call instruction to call a new function
patch_nop(addr) patch out an instruction with nops
pkill(pid, signal) send pid a signal
ps( ) show process table similar to ps(CP) or crash(ADM) proc
reboot( ) reboot machine
pidtoproc(pid) return the proc structure for the PID of a process that is displayed in a ps( ) listing
dpt(addr) dump out a page table
db_search_pt(addr, pfn) search a page table for a page frame
db_search_region(pfn) check if a page frame belongs to any region
dbtty(n) switch the debugger between screen (0) and sio (1).
eps( ) similar to ps( ), but shows which processes are running on which processors in a multiprocessor configuration.
vuifile(&var, cpuindex) display per-CPU variables for another CPU on a multiprocessor configuration
saveu(N) save N swapped-out u-areas for stack backtrace
regions(pid_or_proc_adr) display pregion and region info for process

scodb nomenclature

Nomenclature Meaning
<num> Hexadecimal input
$<num> Decimal input
0<num> Octal input
&<symbol> Address of a symbol and segment type (data or text)
$<variable> Debugger variable
%<register> Access register
{list_of_specifiers} Calculator input line
? list output modifiers
> no value output
b output value as a byte
s output value as a word
2 output value in binary
o output value in octal
d output value in decimal
: output string

scodb registers

General registers:
eax function return value
ebx general use
ecx general use, counter
edx general use
ebp stack frame base pointer
esp kernel stack pointer
uesp user process stack pointer
esi general use, source index
edi general use, destination index
Segment registers:
cs code
ds data
es extra data
fs extra data
gs extra data
ss stack
Memory management registers:
gdtr Global Descriptor Table Register
ldtr Local Descriptor Table Register
idtr Interrupt Descriptor Table Register
tr Task register
Control registers:
cr0 system control flags
cr1 unused
cr2 page fault linear address
cr3 page directory base
Other registers and pseudo-registers:
eip location processor is executing code
efl flags
trap system trap number
proc processor running on (for MPX)

kdb commands (Part 1/3)

Command Affect
+ compute [TOS-1] + [TOS]; pop 2; push result
- compute [TOS-1] - [TOS]; pop 2; push result
* compute [TOS-1] * [TOS]; pop 2; push result
/ compute [TOS-1] / [TOS]; pop 2; push result
% compute [TOS-1] % [TOS]; pop 2; push result
>> compute [TOS-1] >> [TOS]; pop 2; push result
<< compute [TOS-1] << [TOS]; pop 2; push result
< compute [TOS-1] < [TOS]; pop 2; push result
> compute [TOS-1] > [TOS]; pop 2; push result
== compute [TOS-1] == [TOS]; pop 2; push result
!= compute [TOS-1] != [TOS]; pop 2; push result
& compute [TOS-1] & [TOS]; pop 2; push result
| compute [TOS-1] | [TOS]; pop 2; push result
^ compute [TOS-1] ^ [TOS]; pop 2; push result
&& compute [TOS-1] && [TOS]; pop 2; push result
|| compute [TOS-1] || [TOS]; pop 2; push result
! replace [TOS] with ! [TOS]
++ replace [TOS] with [TOS] + 1
-- replace [TOS] with [TOS] - 1
%register push the contents of the 32-, 16- or 8-bit register.
%trap push the trap number
%ipl push the interrupt priority level
= variable store [TOS] in [variable]; pop 1
:: macro define [macro] as command string [TOS]; pop 1
? print a help message (same as help)
?brk show current breakpoint settings
B set breakpoint number [TOS] at address [TOS-1]; pop 2
or
set breakpoint number [TOS] at address [TOS-2] with command string [TOS-1]; pop 3
b set first free breakpoint address [TOS]; pop 1
or
set first free breakpoint at address [TOS-1] with command string [TOS]; pop 2
bn set breakpoint (like b) and push breakpoint number
brkoff disable breakpoint number [TOS]; pop 1
brkon re-enable breakpoint number [TOS]; pop 1
brksoff disable all breakpoints
brkson re-enable all (disabled) breakpoints
bs branch step: execute until a branch is taken
bss branch step through [TOS] branches; pop 1
call call the function at address [TOS-1] with [TOS] arguments, given by
[TOS-([TOS]+1)],...[TOS-2]; pop [TOS]+2; push function return value
clraddrbrks clear all breakpoints for address [TOS]; pop 1

kdb commands (Part 2/3)

Command Affect
clrbrk clear breakpoint number [TOS]; pop 1
clrbrks clear all breakpoints
clrstk pop all values
cmds print a list of all debugger commands
crreg push the contents of the specified register. reg is 0, 2, 3, 4; for example, cr3.
curbrk push the current breakpoint number, or -1 if not entered from a breakpoint
dis disassemble [TOS] instructions starting at address [TOS-1]; pop 2
dump show [TOS] bytes starting at virtual address [TOS-1]; pop 2
dup push [TOS]
endif end scope of then command
findsym print kernel symbol with address closest to [TOS]; pop 1
fdump show [TOS-1] formatted items at [TOS-2] with format [TOS]; pop 3
help print a help message
ibase set default input base to [TOS]; pop 1
iinput_base set default input base. Values for input_base are binary (base 2), decimal (base 10), hex (base 16), octal (base 8).
kvtop convert kernel virtual addr [TOS] to physical
lbr show from- and to- address for last branch taken
lint show from- and to- address for last interrupt or exception
lstack kernel stack trace for LWP [TOS]; pop 1
newterm switch kdb console I/O to device [TOS-1] unit number [TOS]; pop 2
newdebug switch to another debugger on next debugger entry
nonverbose turn verbose mode off
obase set output base to [TOS]; pop 1
ooutput_base Set output base. Values for output_base are decimal (base 10), hex (base 16), octal (base 8).
P print [TOS] in raw form; pop 1
p print [TOS]
PP print [TOS] values in raw form, from [TOS-[TOS]],...[TOS-1]; pop [TOS]+1
pop pop 1 value
ps show process information
q exit from the debugger
r replace [TOS] with the value at virtual address [TOS]
S single step 1 instruction (passing calls)
s single step 1 instruction
SS single step [TOS] instructions (passing calls); pop 1
ss single step [TOS] instructions; pop 1
stack kernel stack trace for the current process
stackargs set the maximum number of arguments in the stack trace to [TOS]; pop 1
stk print all values on the stack
then if [TOS] = 0, skip to endif; pop 1

kdb commands (Part 3/3)

Command Affect
trace set breakpoint number [TOS] trace count to [TOS-1]; pop 2
tstack ``try'' kernel stack trace from [TOS]; pop 1
uvtop convert user process number [TOS] address [TOS-1] to physical; pop 1
vars show values of debugger variables
vcall call the function at address [TOS-1] with [TOS] arguments,
given by [TOS-([TOS]+1)],...[TOS-2]; pop [TOS]+2
verbose turn verbose mode on
w write [TOS-1] into virtual address [TOS]; pop 2
w%register write [TOS] into register; pop 1
w%trap write [TOS] into the trap number pseudo-register; pop 1

kdb command suffixes

Grouping Suffix Meaning
Operand size /b byte
  /w word (2 bytes)
  /l long (4 bytes) (default)
  /L long long (8 bytes)
Address space /k kernel virtual (default)
  /p physical
  /io I/O port
  /un user process number n virtual
  /cpun CPU number n
  /cn CPU number n (same as cpun)
Register set /rsn register set number n
Breakpoint type /a data access breakpoint
  /m data modify breakpoint
  /i instruction execution breakpoint (default)

kdb registers

32-bit registers eax, ebx, ecx, edx, esi, edi, ebp, esp, eip, efl
16-bit registers cs, ds, es, fs, gs, ax, bx, cx, dx, si, di, bp, sp, ip, fl
8-bit registers al, ah, bl, bh, cl, ch, dl, dh

SCODB and KDB registers

scodb kdb General registers (32-bit):
x x eax function return value
x x ebx general use
x x ecx general use, counter
x x edx general use
x x ebp stack frame base pointer
x x esp kernel stack pointer
x -- uesp user process stack pointer
x x esi general use, source index
x ? edi general use, destination index
-- x eip  
-- x efl  
    Segment registers (16-bit):
x x cs code
x x ds data
x x es extra data
x x fs extra data
x x gs extra data
x -- ss stack
-- x ax  
-- x bx  
-- x cx  
-- x dx  
-- x si  
-- x di  
-- x bp  
-- x sp  
-- x ip  
-- x fl  
    8-bit registers:
-- x al  
-- x ah  
-- x bl  
-- x bh  
-- x cl  
-- x ch  
-- x dl  
-- x dh  
Memory management registers:
x ? gdtr Global Descriptor Table Register
x ? ldtr Local Descriptor Table Register
x ? idtr Interrupt Descriptor Table Register
x ? tr Task register
Control registers:
x ? cr0 system control flags
x ? cr1 unused
x ? cr2 page fault linear address
x ? cr3 page directory base
Other registers and pseudo-registers:
x ? eip location processor is executing code
x ? efl flags
x ? trap system trap number
x ? proc processor running on (for MPX)


© 2005 The SCO Group, Inc. All rights reserved.
OpenServer 6 and UnixWare (SVR5) HDK - June 2005