Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ kdbx(8) — OSF/1 X2.0-8 MIPS

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

dbx(1)

savecore(8)

kdbx(8)  —  Maintenance

Digital

NAME

kdbx − analyses running kernels and dump files

SYNOPSIS

/bin/kdbx [ -dbx dbx-path ] -k [ dbx-options ] object-file [ core-file ]

DESCRIPTION

The kdbx utility is an interactive program that lets you examine either the running kernel or dump files created by savecore. In either case, you examine an object file and a core file. For running systems, these are usually /vmunix and /dev/mem, respectively. Dump files created by savecore are saved in the directory /var/adm/crash and are named vmunix.n and vmcore.n where n is determined by the value contained in /var/adm/crash/bounds. 

The kdbx utility serves as a front-end to the dbx utility.  The kdbx utility has facilities for interpreting and formatting the various symbol and data structures within the operating system and certain miscellaneous functions that are useful when perusing a dump. All dbx commands are available through kdbx. 

If no core-file is specified, kdbx uses the dbx default of /dev/mem. The kdbx utility with /vmunix as the only argument can be used to examine an active system. 

To use kdbx to examine a running system, issue the following command: # kdbx -k /vmunix /dev/mem

To use kdbx to examine the first object file and core file created by savecore utility, issue the following command: # kdbx -k /var/adm/crash/vmunix.0 /var/adm/crash/vmcore.0

Commands

Use the following input to the kdbx utility:

command [ options ] [ structures ]

If used, options modify the format of the printout.  If a specific structure element is not specified, all valid entries are used. For example, if you issue the following the proc command: proc 0x8024c9e4 0x80249d08

prints only the process structures at address 0x8024c9e4 and 0x80249d08, respectively, but proc prints all process structures in standard format. 

In general, those commands that perform I/O with addresses assume hexadecimal values. 

The commands include the following:

alias [ name ] [ command-string ]
Set or print aliases. If no arguments are specified, alias prints all aliases.  If name is specified, alias prints the alias for nameif one exists. If name and command-stringO are specified, alias gives command-string the alias name. 

context proc | user
Set context to user’s aliases or extension’s aliases. Used only by extensions.

core file
Switch to a different core file (not yet implemented).

dbx command-string
Pass command-string to dbx. See the dbx(1) reference page for a complete description of dbx commands. 

helpPrint help text. 

proc [ switches ] [ executable ] [ args ]
Execute an extension and give it control of the kdbx session until it quits. executable specifies the named executable file and passes it arguments as specified by args. Valid switches are as follows:

-debug Causes I/O to and from the extension to be printed on the screen
-redirect_output Used by extensions that execute other extensions if they want themselves, and not the user, to receive the output of those extensions. 
-pipe in_pipe out_pipe Create in_pipe and out_pipe as named pipes and read input from in_pipe and write output to out_pipe. Note, you do not specify the executable and args arguments in the command line if you use the -pipe switch. 

print string
Print string on the terminal. If this command is used by an extension, it receives no output.

quitExit the current command loop. If the current command loop is the top level loop that the user is using, kdbx exits. Otherwise control is given to the next lowest loop. 

source [ -x ] [ file[s] ]
Reads and interprets files as kdbx commands in the context of the current aliases. If -x is present, then commands are printed out as they are executed. 

shellShell escape (not yet implemented). 

unalias name
Removes alias, if any, from name.

Predefined kdbx Aliases

The following aliases are defined in the kdbx startup file, /var/kdbx/system.kdbxrc:

Alias Definition
arp "proc" arp
buf "proc" buf
callout "proc" callout
config "proc" config
dec "proc" convert -out 10
dis "proc" dis
file "proc" file
hex "proc" convert -out 16
inpcb "proc" inpcb
mount "proc" mount
oct "proc" convert -out 8
paddr "proc" paddr
pr "proc"
proc "proc" proc
procp "proc" -pipe /tmp/pipein /tmp/pipeout
procpd "proc" -debug -pipe /tmp/pipein /tmp/pipeout
socket "proc" socket
tty "proc" tty

Extensions

arp [ - ]
Print contents of the arp table If the optional - is present, arp prints out the entire arp table; otherwise it prints out those entries which have non-zero at_iaddr.s_addr or at_flags fields. 

Field Derivation of Value
type struct arptab
structure arptab[i] 0 <= i <= arptab_size
NAME taken from internet address in .at_iaddr.s_addr
BUCK i % arptab_bsiz
SLOT i / arptab_bsiz
IPADDR .at_iaddr
ETHERADDR .at_hwaddr
MHOLD .at_hold
TIMER .at_timer
FLAGS .at_flags

buf [ address ]
Print out the buf table. If no arguments are present, the entire buf table is printed. Otherwise, the buf entries named by the addresses are printed.

Field Derivation of Value
type struct buf
structure list headed at buf
BUF index of current cell in list
MAJ device major part of .b_dev
MIN device minor part of .b_dev
BLOCK .b_blkno
COUNT .b_bcount
SIZE .b_bufsize
RESID .b_resid
VNO .b_vp
FWD BACK FLAGS These are currently not filled in

callout
Prints the callout table.

Field Derivation of Value
type struct callout
structure list headed at callout
FUNCTION procedure whose start address is .c_func
ARGUMENT .c_arg
TIME .c_time

config
Print out the configuration of the machine.

Field Derivation of Value
type struct bus
structure bus_list[i] 0 <= i <= 3
bus name .bus_name
connected to .connect_bus
config 1 procedure whose start address is .confl1
config 2 procedure whose start address is .confl2

convert [ -in 8 | 10 | 16 ] -out 8 | 10 | 16 [ args... ]
Convert number from one base to another. The -in and -out switches specify the input and output bases, respectively. If -in is not present, the input base is inferred from the arguments. The arguments may be either numbers or variables. 

dis start-address [ num-instructions ]
Disassemble some instructions. num-instructions instructions starting at start-address are printed. If num-instructions is not given, 1 is assumed. 

file [ adresses... ]
Print out the file table. If no arguments are present, all file entries with non-zero reference counts are printed. Otherwise, the file entries named by the addresses are printed.

Field Derivation of Value
type struct file
structure list headed at file
Slot index of cell in list
Type "file", "sock", "npip", or "pipe" depending on .f_type
Ref .f_count
Msg .f_msgcount
Cred .f_cred
Islot not filled in
Fileops "vnops" or "socketops" depending on .f_ops
Offset .f_u.fu_offset
Flags taken from .f_flag

inpcb [ -udp ] [ -tcp ] [ address ]
Print the udb and tcb tables. If no arguments are present, both tables are printed. If either -udp or -tcp are present, then the corresponding table is printed. If addresses are present, then -udp and -tcp are ignored and the entries named by the addresses are printed. 

Field Derivation of Value
type struct inpcb
structure lists headed by udb and tcb
Foreign Host taken from .inp_faddr
FPort .inp_fport
Local Host taken from .inp_laddr
LPort .inp_lport
Socket .inp_socket
PCB .inp_ppcb
Options taken from .inp_options

mount [ -s ] [ address... ]
Print the mount table. -s outputs a short form of the table.  If addresses are present, the mount entries named by them are printed. 

Field Derivation of Value
type struct mount
structure list headed by rootfs
SLOT
MAJ
MIN
VNODE
TYPE
PATH
FLAGS
MOUNT POINT .m_stat.f_mntonname
DEVICE .m_stat.f_mntfromname

paddr address number-of-longwords
Convert a range of memory to symbolic references. address is the starting address. number-of-longwords is the number of words to dump out. 

Field paddr takes a chunk of memory and converts addresses to symbolic form. 

proc [ address ]
Print the proc table. If addresses are present, the proc structures named by the addresses are printed. Otherwise, all procs are printed.

Field Derivation of Value
type struct proc
structure list headed at allproc
SLT index of cell in list
S taken from .p_stat
PID .p_pid
PPID .p_ppid
PGRP .p_pgrp->pg_id
UID .p_ruid
PY .p_pri
CPU .p_cpu
SIGS .p_sig
Event  - .thread->wait_event
Flags .p_flag

socket
Print out the sockets in the file table.

Field Prints out the files that are sockets that have non-zero ref counts

Field Derivation of Value
type struct file
structure file[i] 0 <= i <= nfile
type .f_type
ref count .f_count
address of socket struct .f_data
type struct socket
structure taken from .f_data field in file struct
Slot index in file array
Sockaddr .f_data
Type taken from .so_type
PCB .so_pcb
Qlen .so_qlen
Qlim .so_qlimit
Scc .so_snd.sb_cc
Sproc not filled in
Rcc .so_rcv.sb_cc
Rproc not filled in

tty proc-addr
Print information about a terminal. proc-addr is the address of a proc structure that is attached to the terminal of interest. 

Field Derivation of Value
type struct tty
structure procp->p_pgrp->pg_session->s_ttyp - procp is struct proc ∗
dev .t_dev
pgrp procp.p_pgrp
ispeed not filled in
ospeed not filled in
flags .t_flags
state .t_state
Control characters Taken from .t_termios.c_cc[i]

unaliasall
Remove all aliases.

RESTRICTIONS

Your path needs to include /var/kdbx to include the extensions to the /bin/kdbx executable. 

The dbx variable, $page, must be set to 0. 

RELATED INFORMATION

Commands: dbx(1), savecore(8)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026