krash(8) — Maintenance
Digital
NAME
krash − analyses running kernels and dump files
SYNOPSIS
/bin/krash [ -dbx dbx-path ] -k [ dbx-options ] object-file [ core-file ]
DESCRIPTION
The krash utility is an interactive program that lets you examine either the running kernel or dump files created by savecore. In either case, you will be examining an object file and a core file. For running systems, these are usually /vmunix and /dev/mem, respectively. Dump files created by savecore are saved in the directory /var/adm/crash and are named vmunix.n and vmcore.n where n is determined by the value contained in /var/adm/crash/bounds.
The krash utility serves as a front-end to the dbx utility. The krashutility has facilities for interpreting and formatting the various symbol and data structures within the operating system and certain miscellaneous functions that are useful when perusing a dump. All dbx commands are available through krash.
If no core-file is specified, krash uses the dbx default of /dev/mem. The krash utility with /vmunix as the only argument can be used to examine an active system.
To use krash to examine a running system, issue the following command: # krash -k /vmunix /dev/mem
To use krash to examine the first object file and core file created by savecore utility, issue the following command: # krash -k /var/adm/crash/vmunix.0 /var/adm/crash/vmcore.0
Commands
Use the following input to the krash utility:
command [ options ] [ structures ]
If used, options modify the format of the printout. If a specific structure element is not specified, all valid entries are used. For example, if you issue the following the proc command: proc 0x8024c9e4 0x80249d08
prints only the process structures at address 0x8024c9e4 and 0x80249d08, respectively, but proc prints all process structures in standard format.
In general, those commands that perform I/O with addresses assume hexadecimal values.
The commands include the following:
alias [ name ] [ command-string ]
Set or print aliases. If no arguments are specified, alias prints all aliases. If name is specified, alias prints the alias for nameif one exists. If name and command-stringO are specified, alias gives command-string the alias name.
context proc | user
Set context to user’s aliases or extension’s aliases. Used only by extensions.
core file
Switch to a different core file (not yet implemented).
dbx command-string
Pass command-string to dbx. See the dbx(1) reference page for a complete description of dbx commands.
helpPrint help text.
proc [ switches ] [ executable ] [ args ]
Execute an extension and give it control of the krash session until it quits. executable specifies the named executable file and passes it arguments as specified by args. Valid switches are as follows:
| -debug | Causes I/O to and from the extension to be printed on the screen |
| -redirect_output | Used by extensions that execute other extensions if they want themselves, and not the user, to receive the output of those extensions. |
| -pipe in_pipe out_pipe | Create in_pipe and out_pipe as named pipes and read input from in_pipe and write output to out_pipe. Note, you do not specify the executable and args arguments in the command line if you use the -pipe switch. |
print string
Print string on the terminal. If this command is used by an extension, it receives no output.
quitExit the current command loop. If the current command loop is the top level loop that the user is using, krash exits. Otherwise control is given to the next lowest loop.
source [ -x ] [ file[s] ]
Reads and interprets files as krash commands in the context of the current aliases. If -x is present, then commands are printed out as they are executed.
shellShell escape (not yet implemented).
unalias name
Removes alias, if any, from name.
Predefined krash Aliases
The following aliases are defined in the krash startup file, /var/krash/system.krashrc:
| Alias | Definition |
| arp | "proc" arp |
| buf | "proc" buf |
| callout | "proc" callout |
| config | "proc" config |
| dec | "proc" convert -out 10 |
| dis | "proc" dis |
| file | "proc" file |
| hex | "proc" convert -out 16 |
| inpcb | "proc" inpcb |
| mount | "proc" mount |
| oct | "proc" convert -out 8 |
| paddr | "proc" paddr |
| pr | "proc" |
| proc | "proc" proc |
| procp | "proc" -pipe /tmp/pipein /tmp/pipeout |
| procpd | "proc" -debug -pipe /tmp/pipein /tmp/pipeout |
| socket | "proc" socket |
| tty | "proc" tty |
Extensions
arp [ - ]
Print contents of the arp table If the optional - is present, arp prints out the entire arp table; otherwise it prints out those entries which have non-zero at_iaddr.s_addr or at_flags fields.
| Field | Derivation of Value |
| type | struct arptab |
| structure | arptab[i] 0 <= i <= arptab_size |
| NAME | taken from internet address in .at_iaddr.s_addr |
| BUCK | i % arptab_bsiz |
| SLOT | i / arptab_bsiz |
| IPADDR | .at_iaddr |
| ETHERADDR | .at_hwaddr |
| MHOLD | .at_hold |
| TIMER | .at_timer |
| FLAGS | .at_flags |
buf [ address ]
Print out the buf table. If no arguments are present, the entire buf table is printed. Otherwise, the buf entries named by the addresses are printed.
| Field | Derivation of Value |
| type | struct buf |
| structure | list headed at buf |
| BUF | index of current cell in list |
| MAJ | device major part of .b_dev |
| MIN | device minor part of .b_dev |
| BLOCK | .b_blkno |
| COUNT | .b_bcount |
| SIZE | .b_bufsize |
| RESID | .b_resid |
| VNO | .b_vp |
| FWD BACK FLAGS | These are currently not filled in |
callout
Prints the callout table.
| Field | Derivation of Value |
| type | struct callout |
| structure | list headed at callout |
| FUNCTION | procedure whose start address is .c_func |
| ARGUMENT | .c_arg |
| TIME | .c_time |
config
Print out the configuration of the machine.
| Field | Derivation of Value |
| type | struct bus |
| structure | bus_list[i] 0 <= i <= 3 |
| bus name | .bus_name |
| connected to | .connect_bus |
| config 1 | procedure whose start address is .confl1 |
| config 2 | procedure whose start address is .confl2 |
convert [ -in 8 | 10 | 16 ] -out 8 |
10 | 16 [ args... ]" 5 Convert number from one base to another. The -in and -out switches specify the input and output bases, respectively. If -in is not present, the input base is inferred from the arguments. The arguments may be either numbers or variables.
dis start-address [ num-instructions ]
Disassemble some instructions. num-instructions instructions starting at start-address are printed. If num-instructions is not given, 1 is assumed.
file [ adresses... ]
Print out the file table. If no arguments are present, all file entries with non-zero reference counts are printed. Otherwise, the file entries named by the addresses are printed.
| Field | Derivation of Value |
| type | struct file |
| structure | list headed at file |
| Slot | index of cell in list |
| Type | "file", "sock", "npip", or "pipe" depending on .f_type |
| Ref | .f_count |
| Msg | .f_msgcount |
| Cred | .f_cred |
| Islot | not filled in |
| Fileops | "vnops" or "socketops" depending on .f_ops |
| Offset | .f_u.fu_offset |
| Flags | taken from .f_flag |
inpcb [ -udp ] [ -tcp ] [ address ]
Print the udb and tcb tables. If no arguments are present, both tables are printed. If either -udp or -tcp are present, then the corresponding table is printed. If addresses are present, then -udp and -tcp are ignored and the entries named by the addresses are printed.
| Field | Derivation of Value |
| type | struct inpcb |
| structure | lists headed by udb and tcb |
| Foreign Host | taken from .inp_faddr |
| FPort | .inp_fport |
| Local Host | taken from .inp_laddr |
| LPort | .inp_lport |
| Socket | .inp_socket |
| PCB | .inp_ppcb |
| Options | taken from .inp_options |
mount [ -s ] [ address... ]
Print the mount table. -s outputs a short form of the table. If addresses are present, the mount entries named by them are printed.
| Field | Derivation of Value |
| type | struct mount |
| structure | list headed by rootfs |
| SLOT | |
| MAJ | |
| MIN | |
| VNODE | |
| TYPE | |
| PATH | |
| FLAGS | |
| MOUNT POINT | .m_stat.f_mntonname |
| DEVICE | .m_stat.f_mntfromname |
paddr address number-of-longwords
Convert a range of memory to symbolic references. address is the starting address. number-of-longwords is the number of words to dump out.
Field paddr takes a chunk of memory and converts addresses to symbolic form.
proc [ address ]
Print the proc table. If addresses are present, the proc structures named by the addresses are printed. Otherwise, all procs are printed.
| Field | Derivation of Value |
| type | struct proc |
| structure | list headed at allproc |
| SLT | index of cell in list |
| S | taken from .p_stat |
| PID | .p_pid |
| PPID | .p_ppid |
| PGRP | .p_pgrp->pg_id |
| UID | .p_ruid |
| PY | .p_pri |
| CPU | .p_cpu |
| SIGS | .p_sig |
| Event | - .thread->wait_event |
| Flags | .p_flag |
socket
Print out the sockets in the file table.
Field Prints out the files that are sockets that have non-zero ref counts
| Field | Derivation of Value |
| type | struct file |
| structure | file[i] 0 <= i <= nfile |
| type | .f_type |
| ref count | .f_count |
| address of socket struct | .f_data |
| type | struct socket |
| structure | taken from .f_data field in file struct |
| Slot | index in file array |
| Sockaddr | .f_data |
| Type | taken from .so_type |
| PCB | .so_pcb |
| Qlen | .so_qlen |
| Qlim | .so_qlimit |
| Scc | .so_snd.sb_cc |
| Sproc | not filled in |
| Rcc | .so_rcv.sb_cc |
| Rproc | not filled in |
tty proc-addr
Print information about a terminal. proc-addr is the address of a proc structure that is attached to the terminal of interest.
| Field | Derivation of Value |
| type | struct tty |
| structure | procp->p_pgrp->pg_session->s_ttyp - procp is struct proc ∗ |
| dev | .t_dev |
| pgrp | procp.p_pgrp |
| ispeed | not filled in |
| ospeed | not filled in |
| flags | .t_flags |
| state | .t_state |
| Control characters | Taken from .t_termios.c_cc[i] |
unaliasall
Remove all aliases.
RESTRICTIONS
Your path needs to include /var/krash to include the extensions to the /bin/krash executable.
The dbx variable, $page, must be set to 0.
RELATED INFORMATION
Commands: dbx(1), savecore(8)