Jump to content

KernelDebugRef - Expressions

From EDM2

Reprint Courtesy of International Business Machines Corporation, © International Business Machines Corporation

Kernel Debugger Reference
  1. Introduction
  2. Installing the Kernel Debugger
  3. The T Terminal Emulator
  4. Entering the Debugger
  5. Expressions
  6. Operator Precedence
  7. Binary Operators
  8. Unary Operators
  9. Numbers
  10. Strings
  11. Symbol Files
  12. Using Kernel Debugger Commands
  13. The Breakpoint (BP) Command
  14. Breakpoint Commands
  15. External Commands
  16. Using Default Commands
  17. External Debugger Commands
  18. Setting Useful Breakpoints
  19. Debugging Kernel Device Drivers
  20. Debugging VM Start Sessions
  21. Debugging a Remote System
  22. Notices

The expression evaluator has been enhanced to provide support for four types of addresses:

  • Real mode (.segment:offset)
  • Protected mode (#selector:offset)
  • Linear address (%dword)
  • Physical address (%%dword)

The symbols:

  • .
  • #
  • %
  • %%

override the current address type, allowing selectors to be used in real mode, segments to be used in protected mode, and so on. The % linear address and the %% physical address operator actually convert other address types to a linear or physical address. For example, %(#001F:0220) looks up selector 1F’s linear address in the current LDT, and adds hex 0220 to it. Linear and physical addresses are the same, unless paging is enabled on an 80386 microprocessor.

  • ? <expr> | "<string>"

This command evaluates the expression and prints it in all the standard numerical bases, along with the ASCII character for the value and the physical address for the address. It also prints an indication of whether the expression evaluated to TRUE (nonzero) or FALSE (zero). It prints a string if the string is surrounded by single or double quotation marks.

  • #1f:02C0 Protected-Mode address
  • .3450:1234 Real-Mode address
  • %310230 Linear address
  • %%310230 Physical address

Addresses can be used in any mode. In real mode, you can use protected mode addresses as long as there is an override. The default depends on the current debugger mode.

The following are keywords that return the value of registers, breakpoints, and so on in expressions:

  • AX, BX, CX, DX, SI, DI, BP, DS, ES, SS, CS, SP, IP - register values
  • FLG - value of the flags
  • GDTB - value of the GDT base as a physical address
  • GDTL - value of the GDT limit
  • IDTB - value of the IDT base as a physical address
  • IDTL - value of the IDT limit
  • TR, LDTR, MSW - value of the TR, LDTR, and MSW registers
  • BR0, BR1,..., BR9 - the address at that breakpoint

The 80386 keywords are (in addition to the above):

  • EAX, EBX, ECX, EDX, ESI, EDI, EBP, ESP, EIP - extended register values
  • FS, GS - segment registers
  • EFLG - value of extend flags
  • CR0, CR2, CR3 - control register values
  • DR0, DR1, DR2, DR3, DR6, DR7 - debug register values
  • TR6, TR7 - test register values

These register names are searched for first, before the symbol table is searched. The @ character can override the register name lookup, and cause a search of the symbol table for the name. The term @ax causes a search for a symbol called ax, instead of evaluating to the register value.

Operator Precedence

The precedence of the operators has been changed to be more like C.

If two or more operators have the same precedence, the expression is evaluated from left to right. C evaluates unary operators from right to left, which is more intuitive and easier to use. Expressions such as poi #60:133 must be written as poi (#60:133) because of the way the debugger handles unary operators.

  1. ( )
  2. | :
  3. . # % %% - ! NOT SEG OFF BY WO DW POI PORT WPORT (all unary operators)
  4. * / MOD
  5. + -
  6. > < >= <=
  7. == !=
  8. AND XOR OR
  9. && ||
Retrieved from "https://www.edm2.com/index.php?title=KernelDebugRef_-_Expressions&oldid=86739"