Difference between revisions of "Kdbg"

From ReactOS Wiki
Jump to: navigation, search
(x)
(Update the list of available debug filters.)
 
(12 intermediate revisions by the same user not shown)
Line 96: Line 96:
 
<b>Syntax:</b> bt [*frameaddr]
 
<b>Syntax:</b> bt [*frameaddr]
  
Print current backtrace or from given frame address.
+
Print current backtrace or from given frame address. Supports also crossed TSS boundaries.
  
<pre>kdb:> bt
+
<pre>
 +
kdb:> bt
 +
Eip:
 +
<ntoskrnl.exe:153529 (sdk/lib/rtl/i386/debug_asm.S:57 (RtlpBreakWithStatusInstruction))>
 +
Frames:
 +
<ntoskrnl.exe:899b0 (ntoskrnl/ke/bug.c:1136 (KeBugCheckWithTf))>
 +
<ntoskrnl.exe:134826 (ntoskrnl/ke/i386/exp.c:1161 (KeRaiseUserException))>
 +
<ntoskrnl.exe:19ae67 (ntoskrnl/ke/i386/traphdlr.c:1282 (KiTrap0DHandler))>
 +
<ntoskrnl.exe:19a840 (:0 (KiTrap0D))>
 +
<ntoskrnl.exe:1925e6 (ntoskrnl/include/internal/i386/intrin_i.h:45 (KiInitMachineDependent))>
 +
<ntoskrnl.exe:187688 (ntoskrnl/ke/krnlinit.c:305 (KeInitSystem))>
 +
<ntoskrnl.exe:17fb2f (ntoskrnl/ex/init.c:1621 (Phase1InitializationDiscard))>
 +
<ntoskrnl.exe:3247f (ntoskrnl/ex/init.c:2019 (Phase1Initialization))>
 +
<ntoskrnl.exe:11c079 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))>
 +
<ntoskrnl.exe:135c8a (ntoskrnl/ke/i386/thrdini.c:78 (KiThreadStartup))>
 +
<ntoskrnl.exe:11c040 (ntoskrnl/ps/thread.c:141 (PspSystemThreadStartup))>
 +
<5d8950ec>
 +
Couldn't access memory at 0x83E58959!
 +
</pre>
 +
 
 +
<pre>
 +
kdb:> bt
 +
[Active TSS 0x0050 @ 0x80A10CA0]
 +
Eip:
 +
<ntoskrnl.exe:153529 (sdk/lib/rtl/i386/debug_asm.S:57 (RtlpBreakWithStatusInstruction))>
 
Frames:
 
Frames:
<ntoskrnl.exe:d9dc>
+
<ntoskrnl.exe:899b0 (ntoskrnl/ke/bug.c:1136 (KeBugCheckWithTf))>
<c00a248f>
+
<ntoskrnl.exe:19a1d8 (ntoskrnl/ke/i386/traphdlr.c:917 (KiTrap08Handler))>
<ntoskrnl.exe:1140></pre>
+
<ntoskrnl.exe:19a145 (:0 (KiTrap08))>
 +
[Parent TSS 0x0028 @ 0x8009C000]
 +
<ntoskrnl.exe:1925e6 (ntoskrnl/include/internal/i386/intrin_i.h:45 (KiInitMachineDependent))>
 +
<ntoskrnl.exe:187688 (ntoskrnl/ke/krnlinit.c:305 (KeInitSystem))>
 +
<ntoskrnl.exe:17fb2f (ntoskrnl/ex/init.c:1621 (Phase1InitializationDiscard))>
 +
<ntoskrnl.exe:3247f (ntoskrnl/ex/init.c:2019 (Phase1Initialization))>
 +
<ntoskrnl.exe:11c079 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))>
 +
<ntoskrnl.exe:135c8a (ntoskrnl/ke/i386/thrdini.c:78 (KiThreadStartup))>
 +
<ntoskrnl.exe:11c040 (ntoskrnl/ps/thread.c:141 (PspSystemThreadStartup))>
 +
<5d8950ec>
 +
Couldn't access memory at 0x83E58959!
 +
</pre>
  
 
=== bugcheck ===
 
=== bugcheck ===
Line 117: Line 152:
 
<b>Syntax:</b> cregs
 
<b>Syntax:</b> cregs
  
Display control registers.
+
Display control, descriptor table and task segment registers.
  
<pre>kdb:> cregs
+
<pre>
 +
kdb:> cregs
 
CR0  0x8001003b  PE MP TS ET NE WP PG
 
CR0  0x8001003b  PE MP TS ET NE WP PG
CR2  0xccc91000
+
CR2  0x01720000
CR3  0x002f9000 Pagedir-Base 0x002f9000
+
CR3  0x006ca000 Pagedir-Base 0x006ca000
CR4  0x00000680 PGE OSFXSR OSXMMEXCPT
+
CR4  0x00000619 VME DE PSE OSFXSR OSXMMEXCPT
GDTR Base 0xc00bb100 Size 0x0058
+
GDTR Base 0x806c9000 Size 0x03ff
LDTR Base 0x00000000  Size 0x0000
+
LDTR 0x0000
IDTR Base 0xc0122ac0 Size 0x0800</pre>
+
IDTR Base 0x806c9400 Size 0x07ff
 +
TR  0x0028
 +
</pre>
  
 
=== disasm ===
 
=== disasm ===
Line 180: Line 218:
 
<b>Syntax:</b> dt [mod] [type] [addr]
 
<b>Syntax:</b> dt [mod] [type] [addr]
  
Print a struct.
+
Print a struct. The address is optional.
  
 
=== filter ===
 
=== filter ===
 
<b>Syntax:</b> filter [error|warning|trace|info|level]+|-[componentname|default]
 
<b>Syntax:</b> filter [error|warning|trace|info|level]+|-[componentname|default]
  
Enable/disable debug channels.
+
Enable/disable debug channels. If no parameters are given, display the list of available debug filter components.
 +
 
 +
''Example:'' List of available debug channels.
 +
<pre>
 +
kdb:> filter
 +
REMARKS:
 +
- The 'WIN2000' system-wide debug filter component is used for DbgPrint()
 +
  messages without Component ID and Level.
 +
- The 'DEFAULT' debug filter component is used for DbgPrint() messages with
 +
  an unknown Component ID.
 +
 
 +
The list of debug filter components currently available on your system is:
 +
 
 +
    Component Name        Component ID
 +
  ==================    ================
 +
            WIN2000        0xffffffff
 +
            DEFAULT        0x00000065
 +
              SYSTEM        0x00000000
 +
                SMSS        0x00000001
 +
              SETUP        0x00000002
 +
                NTFS        0x00000003
 +
              FSTUB        0x00000004
 +
          CRASHDUMP        0x00000005
 +
            CDAUDIO        0x00000006
 +
              CDROM        0x00000007
 +
            CLASSPNP        0x00000008
 +
                DISK        0x00000009
 +
            REDBOOK        0x0000000a
 +
            STORPROP        0x0000000b
 +
            SCSIPORT        0x0000000c
 +
        SCSIMINIPORT        0x0000000d
 +
              CONFIG        0x0000000e
 +
            I8042PRT        0x0000000f
 +
            SERMOUSE        0x00000010
 +
            LSERMOUS        0x00000011
 +
              KBDHID        0x00000012
 +
              MOUHID        0x00000013
 +
            KBDCLASS        0x00000014
 +
            MOUCLASS        0x00000015
 +
            TWOTRACK        0x00000016
 +
              WMILIB        0x00000017
 +
                ACPI        0x00000018
 +
                AMLI        0x00000019
 +
            HALIA64        0x0000001a
 +
              VIDEO        0x0000001b
 +
            SVCHOST        0x0000001c
 +
            VIDEOPRT        0x0000001d
 +
              TCPIP        0x0000001e
 +
            DMSYNTH        0x0000001f
 +
            NTOSPNP        0x00000020
 +
            FASTFAT        0x00000021
 +
              SAMSS        0x00000022
 +
              PNPMGR        0x00000023
 +
              NETAPI        0x00000024
 +
            SCSERVER        0x00000025
 +
            SCCLIENT        0x00000026
 +
              SERIAL        0x00000027
 +
            SERENUM        0x00000028
 +
                UHCD        0x00000029
 +
            RPCPROXY        0x0000002a
 +
            AUTOCHK        0x0000002b
 +
              DCOMSS        0x0000002c
 +
            UNIMODEM        0x0000002d
 +
                SIS        0x0000002e
 +
              FLTMGR        0x0000002f
 +
            WMICORE        0x00000030
 +
            BURNENG        0x00000031
 +
              IMAPI        0x00000032
 +
                SXS        0x00000033
 +
              FUSION        0x00000034
 +
            IDLETASK        0x00000035
 +
            SOFTPCI        0x00000036
 +
                TAPE        0x00000037
 +
              MCHGR        0x00000038
 +
                IDEP        0x00000039
 +
              PCIIDE        0x0000003a
 +
              FLOPPY        0x0000003b
 +
                FDC        0x0000003c
 +
            TERMSRV        0x0000003d
 +
            W32TIME        0x0000003e
 +
          PREFETCHER        0x0000003f
 +
            RSFILTER        0x00000040
 +
              FCPORT        0x00000041
 +
                PCI        0x00000042
 +
                DMIO        0x00000043
 +
            DMCONFIG        0x00000044
 +
            DMADMIN        0x00000045
 +
      WSOCKTRANSPORT        0x00000046
 +
                VSS        0x00000047
 +
              PNPMEM        0x00000048
 +
          PROCESSOR        0x00000049
 +
            DMSERVER        0x0000004a
 +
                  SR        0x0000004b
 +
          INFINIBAND        0x0000004c
 +
          IHVDRIVER        0x0000004d
 +
            IHVVIDEO        0x0000004e
 +
            IHVAUDIO        0x0000004f
 +
          IHVNETWORK        0x00000050
 +
        IHVSTREAMING        0x00000051
 +
              IHVBUS        0x00000052
 +
                HPS        0x00000053
 +
      RTLTHREADPOOL        0x00000054
 +
                LDR        0x00000055
 +
              TCPIP6        0x00000056
 +
              ISAPNP        0x00000057
 +
                SHPC        0x00000058
 +
            STORPORT        0x00000059
 +
        STORMINIPORT        0x0000005a
 +
        PRINTSPOOLER        0x0000005b
 +
          VSSDYNDISK        0x0000005c
 +
            VERIFIER        0x0000005d
 +
                VDS        0x0000005e
 +
              VDSBAS        0x0000005f
 +
              VDSDYN        0x00000060
 +
            VDSDYNDR        0x00000061
 +
              VDSLDR        0x00000062
 +
            VDSUTIL        0x00000063
 +
            DFRGIFC        0x00000064
 +
                  MM        0x00000066
 +
                DFSC        0x00000067
 +
              WOW64        0x00000068
 +
                ALPC        0x00000069
 +
                WDI        0x0000006a
 +
            PERFLIB        0x0000006b
 +
                KTM        0x0000006c
 +
            IOSTRESS        0x0000006d
 +
                HEAP        0x0000006e
 +
                WHEA        0x0000006f
 +
            USERGDI        0x00000070
 +
              MMCSS        0x00000071
 +
                TPM        0x00000072
 +
        THREADORDER        0x00000073
 +
            ENVIRON        0x00000074
 +
                EMS        0x00000075
 +
                WDT        0x00000076
 +
              FVEVOL        0x00000077
 +
                NDIS        0x00000078
 +
            NVCTRACE        0x00000079
 +
              LUAFV        0x0000007a
 +
          APPCOMPAT        0x0000007b
 +
            USBSTOR        0x0000007c
 +
            SBP2PORT        0x0000007d
 +
            COVERAGE        0x0000007e
 +
            CACHEMGR        0x0000007f
 +
            MOUNTMGR        0x00000080
 +
                CFR        0x00000081
 +
                TXF        0x00000082
 +
              KSECDD        0x00000083
 +
          FLTREGRESS        0x00000084
 +
                MPIO        0x00000085
 +
              MSDSM        0x00000086
 +
                UDFS        0x00000087
 +
              PSHED        0x00000088
 +
            STORVSP        0x00000089
 +
              LSASS        0x0000008a
 +
            SSPICLI        0x0000008b
 +
                CNG        0x0000008c
 +
              EXFAT        0x0000008d
 +
          FILETRACE        0x0000008e
 +
              XSAVE        0x0000008f
 +
                  SE        0x00000090
 +
      DRIVEEXTENDER        0x00000091
 +
              POWER        0x00000092
 +
      CRASHDUMPXHCI        0x00000093
 +
                GPIO        0x00000094
 +
                REFS        0x00000095
 +
                WER        0x00000096
 +
              CAPIMG        0x00000097
 +
                VPCI        0x00000098
 +
  STORAGECLASSMEMORY        0x00000099
 +
              FSLIB        0x0000009a
 +
</pre>
  
 
''Example:''
 
''Example:''
Line 196: Line 405:
 
<b>Syntax:</b> gdt
 
<b>Syntax:</b> gdt
  
Display global descriptor table.
+
Display the global descriptor table.
  
 
<pre>
 
<pre>
 
kdb:> gdt
 
kdb:> gdt
GDT Base: 0x800d2100 Limit: 0x0058
+
GDT Base: 0x806c9000 Limit: 0x03ff
 
   Idx  Sel.    Type        Base        Limit      DPL  Attribs
 
   Idx  Sel.    Type        Base        Limit      DPL  Attribs
   001  0x0008  CODE32      0x00000000  0x0fffffff  00  R/X
+
   001  0x0008  CODE32      0x00000000  0x0fffffff  00  R/X A
   002  0x0010  DATA32      0x00000000  0x0fffffff  00  R/W
+
   002  0x0010  DATA32      0x00000000  0x0fffffff  00  R/W A
   003  0x001b  CODE32      0x00000000  0x0fffffff  03  R/X
+
   003  0x001b  CODE32      0x00000000  0x0fffffff  03  R/X A
   004  0x0023  DATA32      0x00000000  0x0fffffff  03  R/W
+
   004  0x0023  DATA32      0x00000000  0x0fffffff  03  R/W A
   005  0x0028  TSS32(Busy)  0x8012d9f0 0x00002069 00
+
   005  0x0028  TSS32(Busy)  0x8009c000 0x000020ac 00
   006  0x0030  DATA16       0xff000000 0x00001000 00  R/W
+
   006  0x0030  DATA32       0xffdff000 0x00001fff 00  R/W A
   007  0x003b  DATA16       0x00000000  0x00001000  03  R/W
+
   007  0x003b  DATA32       0x00000000  0x00001000  03  R/W A
   008  0x0040 UNKNOWN      [NP]        [NP]        00   NP
+
   008  0x0043  DATA16      0x00000400  0x00010000 03   R/W
 
   009  0x0048  LDT          0x00000000  0x00000001  00
 
   009  0x0048  LDT          0x00000000  0x00000001  00
   010  0x0050  TSS32(Avl)  0x80115960 0x00000069  00</pre>
+
   010  0x0050  TSS32(Avl)  0x80a10ca0 0x00000069  00
 +
  011  0x0058  TSS32(Avl)  0x80a10c20  0x00000069  00
 +
  012  0x0060  DATA16      0x00020000  0x00010000  00  R/W
 +
  013  0x0068  DATA16      0x000b8000  0x00004000  00  R/W
 +
  014  0x0070  DATA16      0xffff7000  0x00000400  00  R/W
 +
  015  0x0078  UNKNOWN      [NP]        [NP]        00  NP
 +
</pre>
  
 
=== help ===
 
=== help ===
Line 218: Line 433:
 
Display help screen.
 
Display help screen.
  
<pre>kdb:> help
+
<pre>
 +
kdb:> help
 
Kernel debugger commands:
 
Kernel debugger commands:
 
* Data:
 
* Data:
 
   ? expression        - Evaluate expression.
 
   ? expression        - Evaluate expression.
 
   disasm [address] [L count] - Disassemble count instructions at address.
 
   disasm [address] [L count] - Disassemble count instructions at address.
   x [address] [L count] - Display count dwords, starting at addr.
+
   x [address] [L count] - Display count dwords, starting at address.
 
   regs                - Display general purpose registers.
 
   regs                - Display general purpose registers.
   cregs                - Display control registers.
+
   cregs                - Display control, descriptor table and task segment registers.
 
   sregs                - Display status registers.
 
   sregs                - Display status registers.
 
   dregs                - Display debug registers.
 
   dregs                - Display debug registers.
   bt [*frameaddr|thread id] - Prints current backtrace or from given frame addr
+
   bt [*frameaddr|thread id] - Prints current backtrace or from given frame address.
  
 
* Flow control:
 
* Flow control:
   cont                - Continue execution (leave debugger)
+
   cont                - Continue execution (leave debugger).
 
   step [count]        - Execute single instructions, stepping into interrupts.
 
   step [count]        - Execute single instructions, stepping into interrupts.
 
   next [count]        - Execute single instructions, skipping calls and reps.
 
   next [count]        - Execute single instructions, skipping calls and reps.
Line 247: Line 463:
 
* System info:
 
* System info:
 
   mod [address]        - List all modules or the one containing address.
 
   mod [address]        - List all modules or the one containing address.
   gdt                  - Display global descriptor table.
+
   gdt                  - Display the global descriptor table.
   ldt                  - Display local descriptor table.
+
   ldt                  - Display the local descriptor table.
   idt                  - Display interrupt descriptor table.
+
   idt                  - Display the interrupt descriptor table.
   pcr                  - Display processor control region.
+
   pcr                  - Display the processor control region.
   tss                 - Display task state segment.
+
   tss [selector|*descaddr] - Display the current task state segment, or the one specified by its selector number or descriptor address.
  
 
* Others:
 
* Others:
 
   bugcheck            - Bugchecks the system.
 
   bugcheck            - Bugchecks the system.
 +
  reboot              - Reboots the system.
 +
  filter [error|warning|trace|info|level]+|-[componentname|default] - Enable/disable debug channels.
 
   set [var] [value]    - Sets var to value or displays value of var.
 
   set [var] [value]    - Sets var to value or displays value of var.
   help                - Display help screen.</pre>
+
  dmesg                - Display debug messages on screen, with navigation on pages.
 +
  kmsg                - Kernel dmesg. Alias for dmesg.
 +
   help                - Display help screen.
 +
  !pool [Address [Flags]] - Display information about pool allocations.
 +
  !poolused [Flags [Tag]] - Display pool usage.
 +
  !poolfind Tag [Pool] - Search for pool tag allocations.
 +
  !filecache          - Display cache usage.
 +
  !defwrites          - Display cache write values.
 +
  !irpfind [Pool [startaddress [criteria data]]] - Lists IRPs potentially matching criteria.
 +
  !handle [Handle]    - Displays info about handles.
 +
</pre>
  
 
=== idt ===
 
=== idt ===
 
<b>Syntax:</b> idt
 
<b>Syntax:</b> idt
  
Display interrupt descriptor table.
+
Display the interrupt descriptor table.
  
 
<pre>kdb:> idt
 
<pre>kdb:> idt
Line 302: Line 530:
 
<b>Syntax:</b> ldt
 
<b>Syntax:</b> ldt
  
Display local descriptor table.
+
Display the local descriptor table.
  
 
<pre>kdb:> ldt
 
<pre>kdb:> ldt
Line 325: Line 553:
 
<b>Syntax:</b> pcr
 
<b>Syntax:</b> pcr
  
Display processor control region.
+
Display the processor control region.
  
<pre>kdb:> pcr
+
<pre>
Current PCR is at 0xff000000.
+
kdb:> pcr
 +
Current PCR is at 0xFFDFF000.
 
   Tib.ExceptionList:        0xffffffff
 
   Tib.ExceptionList:        0xffffffff
 
   Tib.StackBase:            0x00000000
 
   Tib.StackBase:            0x00000000
 
   Tib.StackLimit:            0x00000000
 
   Tib.StackLimit:            0x00000000
   Tib.SubSystemTib:          0x00000000
+
   Tib.SubSystemTib:          0x8009c000
   Tib.FiberData/Version:    0x00000000
+
   Tib.FiberData/Version:    0x000282ed
   Tib.ArbitraryUserPointer:  0x00000000
+
   Tib.ArbitraryUserPointer:  0x00000001
   Tib.Self:                  0xff000000
+
   Tib.Self:                  0x00000000
   Self:                     0xff000000
+
   SelfPcr:                   0xffdff000
   PCRCB:                    0xff000120
+
   PCRCB:                    0xffdff120
 
   Irql:                      0x00
 
   Irql:                      0x00
 
   IRR:                      0x00000000
 
   IRR:                      0x00000000
 
   IrrActive:                0x00000000
 
   IrrActive:                0x00000000
   IDR:                      0x00000000
+
   IDR:                      0xffff20b8
 
   KdVersionBlock:            0x00000000
 
   KdVersionBlock:            0x00000000
   IDT:                      0x8012d1d0
+
   IDT:                      0x806c9400
   GDT:                      0x800d2100
+
   GDT:                      0x806c9000
   TSS:                      0x8012d9f0
+
   TSS:                      0x8009c000
   MajorVersion:              0x0000
+
   MajorVersion:              0x0001
   MinorVersion:              0x0000
+
   MinorVersion:              0x0001
   SetMember:                0x00000000
+
   SetMember:                0x00000001
   StallScaleFactor:          0x00000000
+
   StallScaleFactor:          0x00000473
   DebugActive:               0x00
+
   Number:                   0x00
  ProcessorNumber:          0x00
+
   L2CacheAssociativity:      0x08
   L2CacheAssociativity:      0x00
 
 
   VdmAlert:                  0x00000000
 
   VdmAlert:                  0x00000000
   L2CacheSize:              0x00000000
+
   L2CacheSize:              0x00040000
   InterruptMode:            0x00000000</pre>
+
   InterruptMode:            0x00000000
 +
</pre>
  
 
=== proc ===
 
=== proc ===
Line 496: Line 725:
  
 
=== tss ===
 
=== tss ===
<b>Syntax:</b> tss
+
<b>Syntax:</b> tss [selector|*descaddr]
  
Display task state segment.
+
Display the current task state segment, or the one specified by its selector number or descriptor address.
  
<pre>kdb:> tss
+
<pre>
Current TSS is at 0x8012d9f0.
+
kdb:> tss
   PreviousTask0x00000000
+
Current TSS 0x0028 is at 0x8009C000.
   Ss0:Esp0:     0x0010:0x80137df0
+
   Backlink0x0000
   Ss1:Esp1:     0x0000:0x00000000
+
   Ss0:Esp0: 0x0010:0x809fcdf0
   Ss2:Esp2:     0x0000:0x00000000
+
   CR3:       0x00000000
   Cr3:           0x00000000
+
  EFlags:   0x00000000
   Eip:           0x00000000
+
  Eax:       0x00000000
   Eflags:       0x00000000
+
   Ebx:       0x00000000
   Eax:           0x00000000
+
  Ecx:       0x00000000
   Ecx:           0x00000000
+
  Edx:      0x00000000
   Edx:           0x00000000
+
  Esi:       0x00000000
   Ebx:           0x00000000
+
   Edi:       0x00000000
   Esp:           0x00000000
+
   Eip:       0x00000000
   Ebp:           0x00000000
+
   Esp:       0x00000000
   Esi:           0x00000000
+
   Ebp:       0x00000000
   Edi:           0x00000000
+
   Cs:        0x0000
   Es:           0x0000
+
  Ss:        0x0000
   Cs:           0x0000
+
  Ds:        0x0000
   Ss:           0x0000
+
  Es:        0x0000
   Ds:           0x0000
+
  Fs:        0x0000
   Fs:           0x0000
+
  Gs:        0x0000
   Gs:           0x0000
+
  LDT:      0x0000
   Ldt:           0x0048
+
  Flags:    0x0000
   Trap:         0x0000
+
  IoMapBase: 0x20ac
   IoMapBase:     0xffff</pre>
+
 
 +
kdb:> tss 0x50
 +
Specified TSS 0x0050 is at 0x80A10CA0.
 +
  Backlink:  0x0000
 +
  Ss0:Esp0:  0x0010:0x809fa000
 +
  CR3:      0x006ca000
 +
  EFlags:   0x00000000
 +
   Eax:       0x00000000
 +
   Ebx:       0x00000000
 +
   Ecx:       0x00000000
 +
   Edx:       0x00000000
 +
   Esi:       0x00000000
 +
   Edi:       0x00000000
 +
   Eip:      0x8099a140
 +
  Esp:      0x809fa000
 +
  Ebp:       0x00000000
 +
   Cs:       0x0008
 +
   Ss:       0x0010
 +
   Ds:       0x0023
 +
  Es:        0x0023
 +
   Fs:       0x0030
 +
   Gs:       0x0000
 +
   LDT:       0x0000
 +
   Flags:     0x0000
 +
   IoMapBase: 0x20ac
 +
</pre>
  
 
=== x ===
 
=== x ===
Line 537: Line 791:
 
<c0103c90>: 00000014 c0103dc4 00000000 00000000
 
<c0103c90>: 00000014 c0103dc4 00000000 00000000
 
<c0103ca0>: 00000000 c03c6000 c0397000 c0125000</pre>
 
<c0103ca0>: 00000000 c03c6000 c0397000 c0125000</pre>
 +
 +
=== !pool ===
 +
<b>Syntax:</b> !pool [Address [Flags]]
 +
 +
Display information about pool allocations.
  
 
=== !poolused ===
 
=== !poolused ===
Line 557: Line 816:
 
'RSYM'          6              2271840        0              0
 
'RSYM'          6              2271840        0              0
 
'TOKu'          0              0              2              192</pre>
 
'TOKu'          0              0              2              192</pre>
 +
 +
=== !poolfind ===
 +
<b>Syntax:</b> !poolfind Tag [Pool]
 +
 +
Search for pool tag allocations.
 +
 +
=== !filecache ===
 +
<b>Syntax:</b> !filecache
 +
 +
Display cache usage.
 +
 +
=== !defwrites ===
 +
<b>Syntax:</b> !defwrites
 +
 +
Display cache write values.
 +
 +
=== !irpfind ===
 +
<b>Syntax:</b> !irpfind [Pool [startaddress [criteria data]]]
 +
 +
Lists IRPs potentially matching criteria.
 +
 +
=== !handle ===
 +
<b>Syntax:</b> !handle [Handle]
 +
 +
Displays info about handles.
  
 
[[Category:Documentation]]
 
[[Category:Documentation]]

Latest revision as of 16:13, 18 July 2020

This page was a mirror of the KDBG page (rev 72) on Blight's Wiki

Introduction

KDB, the Kernel DeBugger of ReactOS, is built into ntoskrnl. For each exception which is handled by the kernel, KDB gets up to two chances to handle it. The first chance occurs before the kernel tries to find and execute an exception handler. The last chance occurs after the kernel fails to find an exception handler or the handler did not handle the exception.

For each type of exception known by KDB, you can set the condition when KDB should be entered individually for first and last chance. The possible settings for the conditions are never, umode, kmode and always. never means that KDB will never be entered when the exception is raised, umode means that it will be entered when the exception was raised in user mode, kmode means to enter KDB when the exception was raised in kernel mode, and always means to always enter KDB.

Enabling KDBG before build

KDBG is automatically enabled or disabled by the configuration options script (cmake/config.cmake).

KDBG is by default configured to be enabled for the bootloader entries "ReactOS (Debug)" and "ReactOS (RosDbg)" for all ISO images. See also Debugging#Breaking into the built-in kernel debugger.

KDBinit

As soon as possible KDB loads and interprets the KDBinit file (\SystemRoot\system32\drivers\etc\KDBinit)

The KDBinit file can contain all commands available in the command line interface of KDB plus the break command. When a break is read from the KDBinit file KDB is entered – you can use this to automatically enter KDB when booting.

Here's the default KDBinit file (the break is commented out):

# Example KDBinit file
#

# Set the disassembly flavor to "intel" (default is "at&t")
set syntax intel

# Change the condition to enter KDB on INT3 to "always" (default is "kmode")
#set condition INT3 first always

# This is a special command available only in the KDBinit file - it breaks into
# KDB when it is interpreting the init file at startup.
#break

Command Reference

?

Syntax: ? expression

Evaluate expression. The result is displayed in hexadecimal and unsigned decimal format. If it is < 0 it is also displayed in signed decimal format.

kdb:> ? eip
0xc00a1535  3221886261  -1073081035

The following operands are supported: +,-,*,/,%,==,!=,>,<,>=,<=
Braces are supported.
Brackets can be used to dereference memory. The memory size (byte, word, dword or qword) can be specified as a prefix before the opening bracket. The default is the size of a pointer (dword for IA32)

kdb:> ? 1+2*3
0x00000007           7
kdb:> ? (1+2)*3
0x00000009           9
kdb:> ? [eip]
0xffbe16e8  4290647784    -4319512
kdb:> ? word[eip]
0x000016e8        5864
kdb:> ? byte[eip]
0x000000e8         232         -24
kdb:> ? byte[eip+1]
0x00000016          22
kdb:> ? [0]
        ^ Couldn't access memory at 0x0

bc

Syntax: bc [breakpoint]

Clear breakpoint.

bd

Syntax: bd [breakpoint]

Disable breakpoint.

be

Syntax: be [breakpoint]

Enable breakpoint.

bl

Syntax: bl

List breakpoints.

bpm

Syntax: bpm [r|w|rw|x] [byte|word|dword] [address]

Set memory breakpoint at address.

bpx

Syntax: bpx [address]

Set software execution breakpoint at address.

Note: Don't forget to type 'set condition INT3 first always' when you set a breakpoint in usermode or KDB will not be entered on the breakpoint.

bt

Syntax: bt [*frameaddr]

Print current backtrace or from given frame address. Supports also crossed TSS boundaries.

kdb:> bt
Eip:
<ntoskrnl.exe:153529 (sdk/lib/rtl/i386/debug_asm.S:57 (RtlpBreakWithStatusInstruction))>
Frames:
<ntoskrnl.exe:899b0 (ntoskrnl/ke/bug.c:1136 (KeBugCheckWithTf))>
<ntoskrnl.exe:134826 (ntoskrnl/ke/i386/exp.c:1161 (KeRaiseUserException))>
<ntoskrnl.exe:19ae67 (ntoskrnl/ke/i386/traphdlr.c:1282 (KiTrap0DHandler))>
<ntoskrnl.exe:19a840 (:0 (KiTrap0D))>
<ntoskrnl.exe:1925e6 (ntoskrnl/include/internal/i386/intrin_i.h:45 (KiInitMachineDependent))>
<ntoskrnl.exe:187688 (ntoskrnl/ke/krnlinit.c:305 (KeInitSystem))>
<ntoskrnl.exe:17fb2f (ntoskrnl/ex/init.c:1621 (Phase1InitializationDiscard))>
<ntoskrnl.exe:3247f (ntoskrnl/ex/init.c:2019 (Phase1Initialization))>
<ntoskrnl.exe:11c079 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))>
<ntoskrnl.exe:135c8a (ntoskrnl/ke/i386/thrdini.c:78 (KiThreadStartup))>
<ntoskrnl.exe:11c040 (ntoskrnl/ps/thread.c:141 (PspSystemThreadStartup))>
<5d8950ec>
Couldn't access memory at 0x83E58959!
kdb:> bt
[Active TSS 0x0050 @ 0x80A10CA0]
Eip:
<ntoskrnl.exe:153529 (sdk/lib/rtl/i386/debug_asm.S:57 (RtlpBreakWithStatusInstruction))>
Frames:
<ntoskrnl.exe:899b0 (ntoskrnl/ke/bug.c:1136 (KeBugCheckWithTf))>
<ntoskrnl.exe:19a1d8 (ntoskrnl/ke/i386/traphdlr.c:917 (KiTrap08Handler))>
<ntoskrnl.exe:19a145 (:0 (KiTrap08))>
[Parent TSS 0x0028 @ 0x8009C000]
<ntoskrnl.exe:1925e6 (ntoskrnl/include/internal/i386/intrin_i.h:45 (KiInitMachineDependent))>
<ntoskrnl.exe:187688 (ntoskrnl/ke/krnlinit.c:305 (KeInitSystem))>
<ntoskrnl.exe:17fb2f (ntoskrnl/ex/init.c:1621 (Phase1InitializationDiscard))>
<ntoskrnl.exe:3247f (ntoskrnl/ex/init.c:2019 (Phase1Initialization))>
<ntoskrnl.exe:11c079 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))>
<ntoskrnl.exe:135c8a (ntoskrnl/ke/i386/thrdini.c:78 (KiThreadStartup))>
<ntoskrnl.exe:11c040 (ntoskrnl/ps/thread.c:141 (PspSystemThreadStartup))>
<5d8950ec>
Couldn't access memory at 0x83E58959!

bugcheck

Syntax: bugcheck

Crash the system.

cont

Syntax: cont

Continue execution (leave debugger).

cregs

Syntax: cregs

Display control, descriptor table and task segment registers.

kdb:> cregs
CR0  0x8001003b  PE MP TS ET NE WP PG
CR2  0x01720000
CR3  0x006ca000  Pagedir-Base 0x006ca000
CR4  0x00000619  VME DE PSE OSFXSR OSXMMEXCPT
GDTR Base 0x806c9000  Size 0x03ff
LDTR 0x0000
IDTR Base 0x806c9400  Size 0x07ff
TR   0x0028

disasm

Syntax: disasm [address] [L count]

Disassemble count instructions at address.

kdb:> disasm
<c00a1535>: call   <0xC009D350>
<c00a153a>: call   <0xC009D110>
<c00a153f>: call   <ntoskrnl.exe:2e990>
<c00a1544>: call   <0xC009DDD0>
<c00a1549>: mov    0xc0104d40,%eax
<c00a154e>: cmpb   $0x0,(%eax)
<c00a1551>: je     <0xC00A1597>
<c00a1553>: lea    0x0(%esi),%esi
<c00a1559>: lea    0x0(%edi,1),%edi
<c00a1560>: sub    $0x8,%esp

Intel syntax is also supported:

kdb:> set syntax intel
kdb:> disasm
<c00a1535>: call   <0xC009D350>
<c00a153a>: call   <0xC009D110>
<c00a153f>: call   <ntoskrnl.exe:2e990>
<c00a1544>: call   <0xC009DDD0>
<c00a1549>: mov    eax,ds:0xc0104d40
<c00a154e>: cmp    BYTE PTR [eax],0x0
<c00a1551>: je     <0xC00A1597>
<c00a1553>: lea    esi,[esi]
<c00a1559>: lea    edi,[edi*1]
<c00a1560>: sub    esp,0x8

dmesg

Syntax: dmesg

Display debug messages on the screen (with pagination).

dregs

Syntax: dregs

Display debug registers.

kdb:> dregs
DR0  0x00000000
DR1  0x00000000
DR2  0x00000000
DR3  0x00000000
DR6  0xffff0ff0
DR7  0x00000400

dt

Syntax: dt [mod] [type] [addr]

Print a struct. The address is optional.

filter

Syntax: filter [error|warning|trace|info|level]+|-[componentname|default]

Enable/disable debug channels. If no parameters are given, display the list of available debug filter components.

Example: List of available debug channels.

kdb:> filter
REMARKS:
- The 'WIN2000' system-wide debug filter component is used for DbgPrint()
  messages without Component ID and Level.
- The 'DEFAULT' debug filter component is used for DbgPrint() messages with
  an unknown Component ID.

The list of debug filter components currently available on your system is:

    Component Name         Component ID
  ==================     ================
             WIN2000        0xffffffff
             DEFAULT        0x00000065
              SYSTEM        0x00000000
                SMSS        0x00000001
               SETUP        0x00000002
                NTFS        0x00000003
               FSTUB        0x00000004
           CRASHDUMP        0x00000005
             CDAUDIO        0x00000006
               CDROM        0x00000007
            CLASSPNP        0x00000008
                DISK        0x00000009
             REDBOOK        0x0000000a
            STORPROP        0x0000000b
            SCSIPORT        0x0000000c
        SCSIMINIPORT        0x0000000d
              CONFIG        0x0000000e
            I8042PRT        0x0000000f
            SERMOUSE        0x00000010
            LSERMOUS        0x00000011
              KBDHID        0x00000012
              MOUHID        0x00000013
            KBDCLASS        0x00000014
            MOUCLASS        0x00000015
            TWOTRACK        0x00000016
              WMILIB        0x00000017
                ACPI        0x00000018
                AMLI        0x00000019
             HALIA64        0x0000001a
               VIDEO        0x0000001b
             SVCHOST        0x0000001c
            VIDEOPRT        0x0000001d
               TCPIP        0x0000001e
             DMSYNTH        0x0000001f
             NTOSPNP        0x00000020
             FASTFAT        0x00000021
               SAMSS        0x00000022
              PNPMGR        0x00000023
              NETAPI        0x00000024
            SCSERVER        0x00000025
            SCCLIENT        0x00000026
              SERIAL        0x00000027
             SERENUM        0x00000028
                UHCD        0x00000029
            RPCPROXY        0x0000002a
             AUTOCHK        0x0000002b
              DCOMSS        0x0000002c
            UNIMODEM        0x0000002d
                 SIS        0x0000002e
              FLTMGR        0x0000002f
             WMICORE        0x00000030
             BURNENG        0x00000031
               IMAPI        0x00000032
                 SXS        0x00000033
              FUSION        0x00000034
            IDLETASK        0x00000035
             SOFTPCI        0x00000036
                TAPE        0x00000037
               MCHGR        0x00000038
                IDEP        0x00000039
              PCIIDE        0x0000003a
              FLOPPY        0x0000003b
                 FDC        0x0000003c
             TERMSRV        0x0000003d
             W32TIME        0x0000003e
          PREFETCHER        0x0000003f
            RSFILTER        0x00000040
              FCPORT        0x00000041
                 PCI        0x00000042
                DMIO        0x00000043
            DMCONFIG        0x00000044
             DMADMIN        0x00000045
      WSOCKTRANSPORT        0x00000046
                 VSS        0x00000047
              PNPMEM        0x00000048
           PROCESSOR        0x00000049
            DMSERVER        0x0000004a
                  SR        0x0000004b
          INFINIBAND        0x0000004c
           IHVDRIVER        0x0000004d
            IHVVIDEO        0x0000004e
            IHVAUDIO        0x0000004f
          IHVNETWORK        0x00000050
        IHVSTREAMING        0x00000051
              IHVBUS        0x00000052
                 HPS        0x00000053
       RTLTHREADPOOL        0x00000054
                 LDR        0x00000055
              TCPIP6        0x00000056
              ISAPNP        0x00000057
                SHPC        0x00000058
            STORPORT        0x00000059
        STORMINIPORT        0x0000005a
        PRINTSPOOLER        0x0000005b
          VSSDYNDISK        0x0000005c
            VERIFIER        0x0000005d
                 VDS        0x0000005e
              VDSBAS        0x0000005f
              VDSDYN        0x00000060
            VDSDYNDR        0x00000061
              VDSLDR        0x00000062
             VDSUTIL        0x00000063
             DFRGIFC        0x00000064
                  MM        0x00000066
                DFSC        0x00000067
               WOW64        0x00000068
                ALPC        0x00000069
                 WDI        0x0000006a
             PERFLIB        0x0000006b
                 KTM        0x0000006c
            IOSTRESS        0x0000006d
                HEAP        0x0000006e
                WHEA        0x0000006f
             USERGDI        0x00000070
               MMCSS        0x00000071
                 TPM        0x00000072
         THREADORDER        0x00000073
             ENVIRON        0x00000074
                 EMS        0x00000075
                 WDT        0x00000076
              FVEVOL        0x00000077
                NDIS        0x00000078
            NVCTRACE        0x00000079
               LUAFV        0x0000007a
           APPCOMPAT        0x0000007b
             USBSTOR        0x0000007c
            SBP2PORT        0x0000007d
            COVERAGE        0x0000007e
            CACHEMGR        0x0000007f
            MOUNTMGR        0x00000080
                 CFR        0x00000081
                 TXF        0x00000082
              KSECDD        0x00000083
          FLTREGRESS        0x00000084
                MPIO        0x00000085
               MSDSM        0x00000086
                UDFS        0x00000087
               PSHED        0x00000088
             STORVSP        0x00000089
               LSASS        0x0000008a
             SSPICLI        0x0000008b
                 CNG        0x0000008c
               EXFAT        0x0000008d
           FILETRACE        0x0000008e
               XSAVE        0x0000008f
                  SE        0x00000090
       DRIVEEXTENDER        0x00000091
               POWER        0x00000092
       CRASHDUMPXHCI        0x00000093
                GPIO        0x00000094
                REFS        0x00000095
                 WER        0x00000096
              CAPIMG        0x00000097
                VPCI        0x00000098
  STORAGECLASSMEMORY        0x00000099
               FSLIB        0x0000009a

Example:

kdb:> filter trace+i8042prt

Example:

kdb:> filter +serial

gdt

Syntax: gdt

Display the global descriptor table.

kdb:> gdt
GDT Base: 0x806c9000  Limit: 0x03ff
  Idx  Sel.    Type         Base        Limit       DPL  Attribs
  001  0x0008  CODE32       0x00000000  0x0fffffff  00   R/X A
  002  0x0010  DATA32       0x00000000  0x0fffffff  00   R/W A
  003  0x001b  CODE32       0x00000000  0x0fffffff  03   R/X A
  004  0x0023  DATA32       0x00000000  0x0fffffff  03   R/W A
  005  0x0028  TSS32(Busy)  0x8009c000  0x000020ac  00
  006  0x0030  DATA32       0xffdff000  0x00001fff  00   R/W A
  007  0x003b  DATA32       0x00000000  0x00001000  03   R/W A
  008  0x0043  DATA16       0x00000400  0x00010000  03   R/W
  009  0x0048  LDT          0x00000000  0x00000001  00
  010  0x0050  TSS32(Avl)   0x80a10ca0  0x00000069  00
  011  0x0058  TSS32(Avl)   0x80a10c20  0x00000069  00
  012  0x0060  DATA16       0x00020000  0x00010000  00   R/W
  013  0x0068  DATA16       0x000b8000  0x00004000  00   R/W
  014  0x0070  DATA16       0xffff7000  0x00000400  00   R/W
  015  0x0078  UNKNOWN      [NP]        [NP]        00   NP

help

Syntax: help

Display help screen.

kdb:> help
Kernel debugger commands:
* Data:
  ? expression         - Evaluate expression.
  disasm [address] [L count] - Disassemble count instructions at address.
  x [address] [L count] - Display count dwords, starting at address.
  regs                 - Display general purpose registers.
  cregs                - Display control, descriptor table and task segment registers.
  sregs                - Display status registers.
  dregs                - Display debug registers.
  bt [*frameaddr|thread id] - Prints current backtrace or from given frame address.

* Flow control:
  cont                 - Continue execution (leave debugger).
  step [count]         - Execute single instructions, stepping into interrupts.
  next [count]         - Execute single instructions, skipping calls and reps.
  bl                   - List breakpoints.
  be [breakpoint]      - Enable breakpoint.
  bd [breakpoint]      - Disable breakpoint.
  bc [breakpoint]      - Clear breakpoint.
  bpx [address] [IF condition] - Set software execution breakpoint at address.
  bpm [r|w|rw|x] [byte|word|dword] [address] [IF condition] - Set memory breakpoint at address.

* Process/Thread:
  thread [list[ pid]|[attach ]tid] - List threads in current or specified process, display thread with given id or attach to thread.
  proc [list|[attach ]pid] - List processes, display process with given id or attach to process.

* System info:
  mod [address]        - List all modules or the one containing address.
  gdt                  - Display the global descriptor table.
  ldt                  - Display the local descriptor table.
  idt                  - Display the interrupt descriptor table.
  pcr                  - Display the processor control region.
  tss [selector|*descaddr] - Display the current task state segment, or the one specified by its selector number or descriptor address.

* Others:
  bugcheck             - Bugchecks the system.
  reboot               - Reboots the system.
  filter [error|warning|trace|info|level]+|-[componentname|default] - Enable/disable debug channels.
  set [var] [value]    - Sets var to value or displays value of var.
  dmesg                - Display debug messages on screen, with navigation on pages.
  kmsg                 - Kernel dmesg. Alias for dmesg.
  help                 - Display help screen.
  !pool [Address [Flags]] - Display information about pool allocations.
  !poolused [Flags [Tag]] - Display pool usage.
  !poolfind Tag [Pool] - Search for pool tag allocations.
  !filecache           - Display cache usage.
  !defwrites           - Display cache write values.
  !irpfind [Pool [startaddress [criteria data]]] - Lists IRPs potentially matching criteria.
  !handle [Handle]     - Displays info about handles.

idt

Syntax: idt

Display the interrupt descriptor table.

kdb:> idt
IDT Base: 0x8012d1d0  Limit: 0x0800
  Idx  Type        Seg. Sel.  Offset      DPL
  000  TRAPGATE32  0x0008     0x800039bf  00
  001  TRAPGATE32  0x0008     0x800039ce  00
  002  TRAPGATE32  0x0008     0x800039dd  00
  003  TRAPGATE32  0x0008     0x800039ec  03
  004  TRAPGATE32  0x0008     0x800039fb  00
  005  TRAPGATE32  0x0008     0x80003a0a  00
  006  TRAPGATE32  0x0008     0x80003a19  00
  007  TRAPGATE32  0x0008     0x80003a28  00
  008  TASKGATE    0x0050                 00
  009  TRAPGATE32  0x0008     0x80003a3d  00
  010  TRAPGATE32  0x0008     0x80003a4c  00
  011  TRAPGATE32  0x0008     0x80003a59  00
  012  TRAPGATE32  0x0008     0x80003a66  00
  013  TRAPGATE32  0x0008     0x80003a73  00
  014  INTGATE32   0x0008     0x80003a80  00
  015  TRAPGATE32  0x0008     0x80003a8d  00
  016  TRAPGATE32  0x0008     0x80003a9c  00
  017  TRAPGATE32  0x0008     0x80003aab  00
  018  TRAPGATE32  0x0008     0x80003aba  00
  019  TRAPGATE32  0x0008     0x80003ac9  00
  020  TRAPGATE32  0x0008     0x80003ad8  00
  ...
  044  TRAPGATE32  0x0008     0x80003ad8  00
  045  TRAPGATE32  0x0008     0x8006ef9f  03
  046  TRAPGATE32  0x0008     0x80003b79  03
  047  TRAPGATE32  0x0008     0x80003ad8  00
  ...

kmsg

Syntax: kmsg

Alias for dmesg.

ldt

Syntax: ldt

Display the local descriptor table.

kdb:> ldt
Local descriptor table is empty.

mod

Syntax: mod [address]

List all modules or the one containing address.

kdb:> mod
  Base      Size      Name
  c0000000  00096ca0  ntoskrnl.exe
  c039c000  00007de0  hal.dll

next

Syntax: next [count]

Execute single instructions, skipping calls and reps.

pcr

Syntax: pcr

Display the processor control region.

kdb:> pcr
Current PCR is at 0xFFDFF000.
  Tib.ExceptionList:         0xffffffff
  Tib.StackBase:             0x00000000
  Tib.StackLimit:            0x00000000
  Tib.SubSystemTib:          0x8009c000
  Tib.FiberData/Version:     0x000282ed
  Tib.ArbitraryUserPointer:  0x00000001
  Tib.Self:                  0x00000000
  SelfPcr:                   0xffdff000
  PCRCB:                     0xffdff120
  Irql:                      0x00
  IRR:                       0x00000000
  IrrActive:                 0x00000000
  IDR:                       0xffff20b8
  KdVersionBlock:            0x00000000
  IDT:                       0x806c9400
  GDT:                       0x806c9000
  TSS:                       0x8009c000
  MajorVersion:              0x0001
  MinorVersion:              0x0001
  SetMember:                 0x00000001
  StallScaleFactor:          0x00000473
  Number:                    0x00
  L2CacheAssociativity:      0x08
  VdmAlert:                  0x00000000
  L2CacheSize:               0x00040000
  InterruptMode:             0x00000000

proc

Syntax: proc [list|[attach ]pid]

List processes, display process with given id or attach to process.

kdb:> proc
Current process:
  PID:             0x00000004
  State:           Unknown (0x0)
  Image Filename:  System
kdb:> proc list
  PID         State       Filename
 *0x00000004  Unknown     System
  0x00000058  Active      smss.exe
  0x0000007c  Active      csrss.exe
  0x00000094  Active      winlogon.exe
  0x000000b0  Active      setup.exe

regs

Syntax: regs

Display general purpose registers.

kdb:> regs
CS:EIP  0x0008:0xc00b880a
SS:ESP  0xd754:0x00000000
   EAX  0x01c634d3   EBX  0x0000940e
   ECX  0x00000000   EDX  0x00000000
   ESI  0x002ff000   EDI  0x00000000
   EBP  0xc0103c70
EFLAGS  0x00200202  IF IOPL0 ID

set

Syntax: set [var] [value]

Sets var to value or displays value of var.

kdb:> set
Available settings:
  syntax [intel|at&t]
  condition [exception|*] [first|last] [never|always|kmode|umode]
kdb:> set syntax
syntax = at&t
kdb:> set condition
Conditions:                 (First)  (Last)
  #00  ZERODEVIDE           never    kmode
  #01  DEBUGTRAP            always   never
  #02  NMI                  never    always
  #03  INT3                 kmode    never
  #04  OVERFLOW             never    kmode
  #05  BOUND                never    kmode
  #06  INVALIDOP            never    kmode
  #07  NOMATHCOP            never    kmode
  #08  DOUBLEFAULT          always   always
  #09  RESERVED(9)          always   always
  #10  INVALIDTSS           never    kmode
  #11  SEGMENTNOTPRESENT    never    kmode
  #12  STACKFAULT           never    kmode
  #13  GPF                  never    kmode
  #14  PAGEFAULT            never    kmode
  #15  RESERVED(15)         always   always
  #16  MATHFAULT            never    kmode
  #17  ALIGNMENTCHECK       never    kmode
  #18  MACHINECHECK         never    kmode
  #19  SIMDFAULT            never    kmode
       OTHERS               never    kmode

Example: Enabling usermode software breakpoints.

kdb:> set condition int3 first always
kdb:> set condition int3
Condition for exception #03 (INT3): FirstChance always  LastChance never

Example: Catching all exceptions.

kdb:> set condition * first always

sregs

Syntax: sregs

Display segment/selector registers.

kdb:> sregs
CS  0x0008  Index 0x0001  GDT RPL0
DS  0x0010  Index 0x0002  GDT RPL0
ES  0x0010  Index 0x0002  GDT RPL0
FS  0x0030  Index 0x0006  GDT RPL0
GS  0x0010  Index 0x0002  GDT RPL0
SS  0xd754  Index 0x1aea  LDT RPL0

step

Syntax: step [count]

Execute single instructions, stepping into interrupts (i.e. when EIP points to int 0x2e KDB gets the address of the interrupt handler, sets a INT3 there and continues execution)

thread

Syntax: thread [list[ pid]|[attach ]tid]

List threads in current or specified process, display thread with given id or attach to thread.

kdb:> thread
Current Thread:
  TID:            0x00000000
  State:          Running (0x2)
  Priority:       8
  Affinity:       0x00000001
  Initial Stack:  0x8011f5a0
  Stack Limit:    0x8011c5a0
  Stack Base:     0x8011f5a0
  Kernel Stack:   0x8011f5a0
  Trap Frame:     0x00000000
  NPX State:      Invalid (0x1)
kdb:> thread list
  TID         State        Prior.  Affinity    EBP         EIP
 *0x00000000  Running        8     0x00000001  0x00000000  0x00000000
  0x00000008  Blocked       16     0xffffffff  0x9cdcbd38  0x8001009e
  0x0000000c  Blocked       16     0xffffffff  0x9cdced38  0x8001009e
  0x00000010  Blocked       16     0xffffffff  0x9cdd1d38  0x8001009e
  0x00000014  Blocked       16     0xffffffff  0x9cdd4d38  0x8001009e
  0x00000018  Blocked       16     0xffffffff  0x9cdd7d38  0x8001009e
  0x0000001c  Ready          0     0xffffffff  0x00000000  0x00000000
  0x00000020  Ready          0     0xffffffff  0x00000000  0x00000000
  0x00000024  Ready          0     0xffffffff  0x00000000  0x00000000
  0x00000028  Ready          0     0xffffffff  0x00000000  0x00000000
  0x0000002c  Ready          0     0xffffffff  0x00000000  0x00000000
  0x00000030  Blocked       31     0xffffffff  0x9cde9d38  0x8001009e
  0x00000034  Blocked       31     0xffffffff  0x9cdecd38  0x8001009e
  0x00000038  Blocked       31     0xffffffff  0x9cdefd38  0x8001009e
  0x0000003c  Blocked       31     0xffffffff  0x9cdf2d38  0x8001009e
  0x00000040  Blocked       31     0xffffffff  0x9cdf5d38  0x8001009e
  0x00000044  Blocked        8     0xffffffff  0x9cdf8d28  0x8001009e
  0x00000048  Ready          0     0xffffffff  0x00000000  0x00000000
  0x0000004c  Blocked       17     0xffffffff  0x9cdfed08  0x8001009e
  0x00000050  Ready          1     0xffffffff  0x00000000  0x00000000
  0x00000054  Blocked       16     0xffffffff  0x9ce04d28  0x8001009e

tss

Syntax: tss [selector|*descaddr]

Display the current task state segment, or the one specified by its selector number or descriptor address.

kdb:> tss
Current TSS 0x0028 is at 0x8009C000.
  Backlink:  0x0000
  Ss0:Esp0:  0x0010:0x809fcdf0
  CR3:       0x00000000
  EFlags:    0x00000000
  Eax:       0x00000000
  Ebx:       0x00000000
  Ecx:       0x00000000
  Edx:       0x00000000
  Esi:       0x00000000
  Edi:       0x00000000
  Eip:       0x00000000
  Esp:       0x00000000
  Ebp:       0x00000000
  Cs:        0x0000
  Ss:        0x0000
  Ds:        0x0000
  Es:        0x0000
  Fs:        0x0000
  Gs:        0x0000
  LDT:       0x0000
  Flags:     0x0000
  IoMapBase: 0x20ac

kdb:> tss 0x50
Specified TSS 0x0050 is at 0x80A10CA0.
  Backlink:  0x0000
  Ss0:Esp0:  0x0010:0x809fa000
  CR3:       0x006ca000
  EFlags:    0x00000000
  Eax:       0x00000000
  Ebx:       0x00000000
  Ecx:       0x00000000
  Edx:       0x00000000
  Esi:       0x00000000
  Edi:       0x00000000
  Eip:       0x8099a140
  Esp:       0x809fa000
  Ebp:       0x00000000
  Cs:        0x0008
  Ss:        0x0010
  Ds:        0x0023
  Es:        0x0023
  Fs:        0x0030
  Gs:        0x0000
  LDT:       0x0000
  Flags:     0x0000
  IoMapBase: 0x20ac

x

Syntax: x [address] [L count]

Display count dwords, starting at address.

kdb:> x ebp
<c0103c70>: c0103c80 c000fbec 00000000 012ff000
<c0103c80>: c0103de0 c00b91e6 00000001 c011bc90
<c0103c90>: 00000014 c0103dc4 00000000 00000000
<c0103ca0>: 00000000 c03c6000 c0397000 c0125000

!pool

Syntax: !pool [Address [Flags]]

Display information about pool allocations.

!poolused

Syntax: !poolused [flags] [tag]

Display current pool usage (paged and non paged) for all tags.

It is possible to show only a tag, or a subset of tags, thanks to the wildcard '?' (replaces a char).

kdb:> !poolused
Pool Used:
                NonPaged                        Paged
Tag             Allocs          Used            Allocs          Used
'ObCI'          3               192             0               0
'VPB '          8               768             0               0
'ObSc'          0               0               21              2840
'Rqrv'          0               0               121             664
'USTR'          0               0               365             6528
'SCSI'          51              163984          20              384
'RSYM'          6               2271840         0               0
'TOKu'          0               0               2               192

!poolfind

Syntax: !poolfind Tag [Pool]

Search for pool tag allocations.

!filecache

Syntax: !filecache

Display cache usage.

!defwrites

Syntax: !defwrites

Display cache write values.

!irpfind

Syntax: !irpfind [Pool [startaddress [criteria data]]]

Lists IRPs potentially matching criteria.

!handle

Syntax: !handle [Handle]

Displays info about handles.