Displaying data


As you no doubt recall, you will usually provide two input files to adb : the object file, which contains the code and the symbol table or namelist ; and the core file, which contains the actual contents of memory. Since you may need to look at both of these, there are two separate display commands, one for each file. The general format for using either of these is the same.

  address, count   command   formatting_information  

You must provide some starting location, the address, when displaying anything.

The count specifies how many times the display should be done. It's not always used; if you don't specify anything, adb runs the command only once.

The command is a single character that tells adb where to find the data at the particular address you specified.

The formatting information specifies how much you want to display and how it should be displayed.

Now, let's look at each of these in more detail.

Addressing

adb will allow some different types of addresses that tell it where to go to begin the command. In general, you may have:

  • A specific numeric address, in hexadecimal (which adb assumes is the base, by default) or perhaps decimal or octal if you wish

  • The name of a variable or function

  • An expression combining these, for instance, a name plus an offset value

Binary operators

You can perform arithmetic as you might expect when using symbol names and numeric addresses. adb offers several binary arithmetic operators that you can use when making expressions that will translate to an address or other numeric value. They include:

+

Addition. For example, the command rmalloc+4?i will display the instruction at the second word of the rmalloc function (4 bytes past the start of rmalloc ).

-

Subtraction.

*

Multiplication.

%

Integer division ( fractional addresses would be difficult to work with).

&

Bitwise AND operations, also known as conjunctions.

Bitwise OR operations, also known as disjunctions.

#

Rounding up the value on the left-hand side to the next nearest multiple of the value on the right-hand side. For example, f032ea55#4 results in f032ea58. When writing adb macros, this is a clever way to realign adb 's current pointer to the next full-word address after displaying an ASCII string of unknown length.

( and )

Grouping expressions.

Aside from + and -, these operators are not commonly seen as part of expressions used to represent address values; however, they are all legal. You are more likely to encounter them inside macros. What you normally will use is a constant address, or a symbol name, with perhaps an offset forward or back.

Unary operators

There are five unary operators. They are:

*

Pointer to the contents of the location in the core file represented by the expression

%

Pointer to the contents of the location in the object file represented by the expression ( @ is used instead on some versions of adb )

-

Integer negation

~

Bitwise complement

#

Logical negation

Of these operators, two appear consistently in macros. These are * , which indicates a pointer, and # . Let's talk about each of these in detail.

Pointers

Two unary operators act as pointers. Of these, the * is used the most often. Let's see an example of how it works.

The kernel variable panicstr contains a pointer to the string that was printed when the system panic'ed. To look at the string, you can perform two commands.

 Hiya...  adb -k vmunix.3 vmcore.3  physmem 3f98  panicstr/X  panicstr: 0xf015f7a8  0xf015f7a8/s  0xf015f7a8: zero 

Or, you can use the asterisk to indicate that this is a pointer.

  *panicstr/s  0xf015f7a8: zero 

This command uses, not the value in panicstr , but what it points to, as the address of the string we want to display.

We will be using the * unary operator quite often throughout system crash dump analysis.

Logical negation

Another unary operator worth discussing in detail is the # sign, also known as a hash symbol, tic-tac-toe, or a pound sign, depending on the country you live in. The # acts just like the exclamation point, ! , in C programs. If the number it precedes is zero, then the result is one. If the number is non-zero , then the result is zero. This is known as logical negation. The result is either true, 1, or false, 0, and it's the opposite of the expression that follows .

We will put the # unary operator to good use when we move to the topic of macros later on.

Counts

The repeat count, which adb assumes is 1 if you don't say otherwise , is the number of times adb will execute the display command. Normally, this is some small number, although any expression can be used here.

The clever adb user will note that if the count turns out to be zero, adb will not perform the command at all. We will see how this can used to our advantage later on when we discuss adb macros.

Commands

There are two one-character data display commands, one for each possible file on the adb command line. They are:

  • ? Examine and display data from the object file

  • / Examine and display data from the core file

Let's cover each of these in detail.

The ? display command

The ? command is most often used for displaying instructions, but sometimes you may want to look at data. The data in the executable object file is the value that a variable is set to when the program (or the kernel) initially is loaded into memory. An example C program code statement, such as:

 int pencils = 100; 

means that the variable pencils has an initial value of 100 when the program starts. This means you can look for pencils in the object file and expect to see 100 as the original value. On the other hand, a statement like:

 char messages[4096]; 

just tells the compiler that you will want 4096 bytes worth of memory reserved for later use and to call that area of memory messages . This is known as "bss" ( b lock s tarted by s ymbol) space and just results in a notation in the object file that you will need an extra 4 kilobytes when you start up the program. Looking for messages with the ? command will probably result in an error message such as "data address not found."

The / display command

The / command gives you the actual value of the variable when the machine or the program stopped , as stored in the core file. Note that you may find a name or a variable in both files. This is not unusual. It just means that the variable had an initial value that may have changed during execution, so the start value shows up in one place and the current value in another.

In some BSD-based kernels , executable code will appear only in the vmunix. X file, which must be examined with the ? command. However, the loadable drivers will appear in the vmcore. X file, since they are put into kernel data space while the system is running.

With Solaris 2 SVR4-based kernels, most of the code is dynamically loaded, so normally you use the / command when looking at both code and data.

Formats

Reviewing the general adb command syntax, we see that the formatting information comes next.

  address, count   command   formatting_information  

As you might expect, there are a lot of format commands. Some of these deal with displaying different sizes of data in various formats, whereas others deal with methods of formatting the output. Let's first talk about the format commands used to display data.

Format display commands are all single-letter commands. With the data display commands, generally a lowercase letter indicates a "short" or simple value, and uppercase is used for "long" or more sophisticated displays. Let's go some of through them.

X

Prints he x adecimal numbers . An uppercase X will display a long, 4-byte quantity, and a lowercase x will show a 2-byte short quantity.

D

Prints a decimal number. D is for longs, d is for shorts.

U

Also prints decimals, but as unsigned numbers. u is for short unsigned values.

O

Prints unsigned octal (base 8). o is for short unsigned octal values.

Q

Prints signed 32-bit octal values. q is for short signed octal values.

B

Prints a single byte (8 bits) in hexadecimal. b prints a byte in octal.

F

Used for floating-point. F prints a double-precision floating-point, which takes 8 bytes (64 bits). f prints a single-precision, 32-bit floating-point value.

s

Prints a s tring, up to the first null byte. S does the same, but any characters that normally would not correspond to a printable character will be displayed as a "control" character. For example, a byte containing the number 1, which doesn't normally mean anything, will be output as "^A", a "control-A" character code.

c

Prints a single c haracter. Just as with the "S" strings format, a "C" prints nonprintable characters.

i

Prints a full 32-bit word value as an instruction.

Y

Prints a date value in string format. Date values are stored as the number of seconds since the beginning of (UNIX) time; not a useful number to most folks. The output from the Y command is much more intelligible.

Each of these format display commands will print one value. You can put several of these format commands together in any combination. You can also use a counter with any of them, which tells adb to repeat that particular format a certain number of times. Thus, if you put XXX in the format, it will print three long values in hex. 3X will do exactly the same thing.

Formatting the output

adb also offers a few format display commands that are not used to print out data but are used to make the display more readable and useful. For example, you can print headings, move to a new line, or skip over data you're not interested in printing. The format display commands, shown below, are primarily used in macros.

text

in quotes is printed as is. The text may be a label or heading, to make the output understandable.

n

Prints a newline or goes to the next line of output.

t

Causes adb to move to the next tab stop according to the multiplier you specify. If you specify 8t in the format, adb will move to the next column that is a multiple of 8. You can use anything you want here, but adb does not assume an unlimited line length. Eighty characters is the normal width of a terminal screen, so adb will automatically move to a new line when you get out too far.

a

Prints the current address of the data you're printing. This address is often used when displaying assembly code instructions, so you can keep each line labeled with the appropriate code location. For example, rmalloc,20?ia will display 20 (hex) instructions with the address on each line.

+

Moves forward to another address, skipping over data. - moves backward. You must provide a count to tell adb how many bytes you're passing.

These commands are used most often inside macro files, but you can certainly type them yourself. Play around with these in your own commands if you'd like, and see what they do to your output.



PANIC. UNIX System Crash Dump Analysis Handbook
PANIC! UNIX System Crash Dump Analysis Handbook (Bk/CD-ROM)
ISBN: 0131493868
EAN: 2147483647
Year: 1994
Pages: 289
Authors: Chris Drake

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net