ex:
kernel_debug_kit_10.6.7_10j869.dmg
2. create kext symbol file
ex:
find address from crash report (/Library/Logs/DiagnosticReports/)
Thu Apr 7 15:19:35 2011
panic(cpu 0 caller 0xffffff80002cffca): Kernel trap at 0xffffff8000521c10, type 14=page fault, registers:
CR0: 0x000000008001003b, CR2: 0x0000000000000000, CR3: 0x0000000000100000, CR4: 0x0000000000000660
RAX: 0xffffff800918f260, RBX: 0xffffff8009a45c00, RCX: 0x00000000f25d0000, RDX: 0xffffff80088a5e20
RSP: 0xffffff804a4db790, RBP: 0xffffff804a4db7b0, RSI: 0x0000000020000001, RDI: 0x0000000000000000
R8: 0x000000000000000a, R9: 0x0000000000000000, R10: 0x0000000000000000, R11: 0xffffff80004f3b3a
R12: 0xffffff8008ce1000, R13: 0xffffff8009a45c00, R14: 0xffffff8009a459c0, R15: 0x0000000000000000
RFL: 0x0000000000010246, RIP: 0xffffff8000521c10, CS: 0x0000000000000008, SS: 0x0000000000000000
Error code: 0x0000000000000000
Backtrace (CPU 0), Frame : Return Address
0xffffff804a4db430 : 0xffffff8000204b99
0xffffff804a4db530 : 0xffffff80002cffca
0xffffff804a4db680 : 0xffffff80002e20da
0xffffff804a4db690 : 0xffffff8000521c10
0xffffff804a4db7b0 : 0xffffff8000521408
0xffffff804a4db7e0 : 0xffffff7f806e699a
0xffffff804a4db970 : 0xffffff7f806defca
0xffffff804a4db9e0 : 0xffffff7f806e76f9
0xffffff804a4dba30 : 0xffffff7f8067f5ad
0xffffff804a4dbaa0 : 0xffffff7f806807e2
0xffffff804a4dbba0 : 0xffffff7f80680191
0xffffff804a4dbbd0 : 0xffffff7f80680458
0xffffff804a4dbc50 : 0xffffff7f806e6d30
0xffffff804a4dbcb0 : 0xffffff80005267da
0xffffff804a4dbd20 : 0xffffff80005239bf
0xffffff804a4dbd40 : 0xffffff8000521e78
0xffffff804a4dbd70 : 0xffffff800052649f
0xffffff804a4dbda0 : 0xffffff8000523a07
0xffffff804a4dbde0 : 0xffffff80005267da
0xffffff804a4dbe50 : 0xffffff80005239bf
0xffffff804a4dbd40 : 0xffffff8000521e78
0xffffff804a4dbd70 : 0xffffff800052649f
0xffffff804a4dbda0 : 0xffffff8000523a07
0xffffff804a4dbde0 : 0xffffff80005267da
0xffffff804a4dbe50 : 0xffffff80005239bf
0xffffff804a4dbe70 : 0xffffff8000521e78
0xffffff804a4dbea0 : 0xffffff800052649f
0xffffff804a4dbed0 : 0xffffff8000523a07
0xffffff804a4dbf10 : 0xffffff7f806c276b
0xffffff804a4dbf40 : 0xffffff7f806c09f6
0xffffff804a4dbf60 : 0xffffff800028504e
0xffffff804a4dbfa0 : 0xffffff80002c7387
Kernel Extensions in backtrace (with dependencies):
com.eonpath.driver.TestC(1.0.1)@0xffffff7f806dc000->0xffffff7f806edfff
dependency: com.apple.iokit.IOSCSIBlockCommandsDevice(2.6.5)@0xffffff7f806be000
dependency: com.ift.driver.TestB(1.0.0)@0xffffff7f806ce000
dependency: com.apple.iokit.IOStorageFamily(1.6.2)@0xffffff7f80679000
dependency: com.apple.iokit.IOSCSIArchitectureModelFamily(2.6.5)@0xffffff7f806a5000
com.apple.iokit.IOSCSIBlockCommandsDevice(2.6.5)@0xffffff7f806be000->0xffffff7f806cdfff
dependency: com.apple.iokit.IOSCSIArchitectureModelFamily(2.6.5)@0xffffff7f806a5000
dependency: com.apple.iokit.IOStorageFamily(1.6.2)@0xffffff7f80679000
com.apple.iokit.IOStorageFamily(1.6.2)@0xffffff7f80679000->0xffffff7f80692fff
kextutil -n -s /tmp /System/Library/Extensions/test.kext
-s: location for symbol file
Notice: Using running kernel architecture x86_64 to generate symbols.
No kernel file specified; using running kernel for linking.
/System/Library/Extensions/mpioDriver.kext appears to be loadable (not including linkage for on-disk libraries).
Enter the hexadecimal load addresses for these extensions
(press Return to skip symbol generation for an extension):
com.apple.iokit.IOSCSIArchitectureModelFamily: 0xffffff7f806a5000
com.apple.iokit.IOStorageFamily: 0xffffff7f80679000
com.apple.iokit.IOSCSIBlockCommandsDevice: 0xffffff7f806be000
com.peter.driver.testB: 0xffffff7f806ce000
com.peter.driver.testC: 0xffffff7f806dc000
3. find source code line number that triggers panic:
ex:
gdb /Volumes/KernelDebugKit/mach_kernel
--> set kext-symbol-file-path /tmp
--> add-kext ~/test.kext
--> set print asm-demangle on
--> x/i 0xffffff7f806e699a
find the function mapped to this address
--> disass 0xffffff7f806e699a
show this function's content
--> info line * 0xffffff7f806e699a
show the line number of EIP in the function
kextutil -n -s /tmp /System/Library/Extensions/test.kext
-s: location for symbol file
Notice: Using running kernel architecture x86_64 to generate symbols.
No kernel file specified; using running kernel for linking.
/System/Library/Extensions/mpioDriver.kext appears to be loadable (not including linkage for on-disk libraries).
Enter the hexadecimal load addresses for these extensions
(press Return to skip symbol generation for an extension):
com.apple.iokit.IOSCSIArchitectureModelFamily: 0xffffff7f806a5000
com.apple.iokit.IOStorageFamily: 0xffffff7f80679000
com.apple.iokit.IOSCSIBlockCommandsDevice: 0xffffff7f806be000
com.peter.driver.testB: 0xffffff7f806ce000
com.peter.driver.testC: 0xffffff7f806dc000
->
.sym files are created at /tmp/
.sym files are created at /tmp/
ex:
gdb /Volumes/KernelDebugKit/mach_kernel
--> set kext-symbol-file-path /tmp
--> add-kext ~/test.kext
--> set print asm-demangle on
--> x/i 0xffffff7f806e699a
find the function mapped to this address
--> disass 0xffffff7f806e699a
show this function's content
--> info line * 0xffffff7f806e699a
show the line number of EIP in the function
note:
0xffffff7f806e699a is address for our driver in backtrace
沒有留言:
張貼留言