Note: This subcommand is only available within the kdb command; it is not included in the KDB Kernel Debugger.
Generally speaking, read or write access can be done in virtual or real mode, using an effective address or a real address as input:
For each display subcommand d dw dd using an effective address, there is a memory modify subcommand m (modify bytes) mw (modify words) md (modify double words).
For each display subcommanddp dpw dpd using a real address, there is a memory modify subcommand mp (modify bytes) mpw (modify words) mpd (modify double words).
These subcommands are interactive, each modification is entered one by one. The first unexpected input stops modification. "." for example may be used as <eod>. In the following example, we shows how to do a patch.
If a break point is set at the same address, use the mw subcommand to keep break point coherency.
Note: Symbolic expressions are not allowed as input.
KDB(0)> dc @iar print current instruction .open+000000 mflr r0 KDB(0)> mw @iar nop current instruction .open+000000: 7C0802A6 = 60000000 .open+000004: 93E1FFFC = . end of input KDB(0)> dc @iar print current instruction .open+000000 ori r0,r0,0 KDB(0)> m @iar restore current instruction byte per byte .open+000000: 60 = 7C .open+000001: 00 = 08 .open+000002: 00 = 02 .open+000003: 00 = A6 .open+000004: 93 = . end of input KDB(0)> dc @iar print current instruction .open+000000 mflr r0 KDB(0)> tr @iar physical address of current instruction Physical Address = 001C5BA0 KDB(0)> mwp 001C5BA0 modify with physical address 001C5BA0: 7C0802A6 = <CR/LF> 001C5BA4: 93E1FFFC = <CR/LF> 001C5BA8: 90010008 = <CR/LF> 001C5BAC: 9421FF40 = 60000000 001C5BB0: 83E211C4 = . end of input KDB(0)> dc @iar 5 print instructions .open+000000 mflr r0 .open+000004 stw r31,FFFFFFFC(stkp) .open+000008 stw r0,8(stkp) .open+00000C ori r0,r0,0 .open+000010 lwz r31,11C4(toc) 11C4(toc)=_open$$ KDB(0)> mw open+c restore instruction .open+00000C: 60000000 = 9421FF40 .open+000010: 83E211C4 = . end of input KDB(0)> dc open+c print instruction .open+00000C stwu stkp,FFFFFF40(stkp) KDB(0)>
Each register may be altered by the mr subcommand. When the register is in the mst context, KDB alters this mst and the modification will be taken ast resume. When the register is a special one, the processor register is altered immediately. Symbolic expressions are allowed as input.
KDB(0)> dc @iar print current instruction
.open+000000 mflr r0
KDB(0)> mr iar modify current instruction address
iar : 001C5BA0 = @iar+4
KDB(0)> dc @iar print current instruction
.open+000004 stw r31,FFFFFFFC(stkp)
KDB(0)> mr iar restore current instruction address
iar : 001C5BA4 = @iar-4
KDB(0)> dc @iar print current instruction
.open+000000 mflr r0
KDB(0)> mr sr modify first invalid segment register
s0 : 00000000 = <CR/LF>
s1 : 60000323 = <CR/LF>
s2 : 20001E1E = <CR/LF>
s3 : 007FFFFF = 0
s4 : 007FFFFF = . end of input
KDB(0)> dr s3 print segment register 3
s3 : 00000000
KDB(0)> mr s3 restore segment register 3
s3 : 00000000 = 007FFFFF
KDB(0)> mr f29 modify floating point register f29
f29 : 0000000000000000 = 000333335999999A
KDB(0)> dr f29
f29 : 000333335999999A
KDB(0)> u
Uthread [2FF3B400]:
save@......2FF3B400 fpr@.......2FF3B550
...
KDB(0)> dd 2FF3B550 20
__ublock+000150: C027C28F5C28F5C3 000333335999999A .'..\(....33Y...
__ublock+000160: 3FE3333333333333 3FC9999999999999 ?.333333?.......
__ublock+000170: 7FF0000000000000 00100000C0000000 ................
__ublock+000180: 4000000000000000 000000009A068000 @...............
__ublock+000190: 7FF8000000000000 00000000BA411000 .............A..
__ublock+0001A0: 0000000000000000 0000000000000000 ................
__ublock+0001B0: 0000000000000000 0000000000000000 ................
__ublock+0001C0: 0000000000000000 0000000000000000 ................
__ublock+0001D0: 0000000000000000 0000000000000000 ................
__ublock+0001E0: 0000000000000000 0000000000000000 ................
__ublock+0001F0: 0000000000000000 0000000000000000 ................
__ublock+000200: 0000000000000000 0000000000000000 ................
__ublock+000210: 0000000000000000 0000000000000000 ................
__ublock+000220: 0000000000000000 0000000000000000 ................
__ublock+000230: 0000000000000000 000333335999999A ..........33Y...
__ublock+000240: 0000000000000000 0000000000000000 ................
KDB(0)>
Note: This subcommand is only available within the kdb command; it is not included in the KDB Kernel Debugger.
Specific subcommands are available to write in IO space memory. To avoid bad effects, memory is not read before, only the specified write is performed with translation enabled.
Access can be done in bytes, half words, words or double words.
Address can be an effective address or a real address.
Four special subcommands mdvb, mdvh, mdvw and mdvd may be used to access these areas in translated mode, giving an effective address already mapped. On 64-bit machine, double words correctly aligned are accessed (mdvd) in a single store instruction.
Four special subcommands mdpb, mdph, mdpw and mdpd may be used to access these areas in translated mode, giving a physical address that will be mapped. On 64-bit machine, double words correctly aligned are accessed (mdpd) in a single store instruction. DBAT interface is used to translate this address in cache inhibited mode (POWER PC only).
WARNING: Interface with effective address (mdv.) assume that mapping to real address is currently valid. No check is done by KDB. Interface with real address (mdp.) can be used to let KDB doing the mapping (attach and detach).
KDB(0)> tr FFF19610 print physical mapping
BAT mapping for FFF19610
DBAT0 FFC0003A FFC0005F
bepi 7FE0 brpn 7FE0 bl 001F v 1 wim 3 ks 1 kp 0 pp 2 s 0
eaddr = FFC00000, paddr = FFC00000 size = 4096 KBytes
KDB(0)> mdvb fff19610 byte modify with data relocate enable
FFF19610: ?? = 00
FFF19611: ?? = 00
FFF19612: ?? = . end of input
KDB(0)> mdvw fff19610 word modify with data relocate enable
FFF19610: ???????? = 004196B0
FFF19614: ???????? = . end of input
KDB(0)>
KDB(0)> mdpw 80000cf8 change one word at physical address 80000cf8 80000CF8: ???????? = 84000080 80000CFC: ???????? = .Write is done in relocated mode, cache inhibited KDB(0)> ddpw 80000cfc print one word at physical address 80000cfc 80000CFC: D2000000 KDB(0)> mdpw 80000cfc change one word at physical address 80000cfc 80000CFC: ???????? = d0000000 80000D00: ???????? = . KDB(0)> mdpw 80000cf8 change one word at physical address 80000cf8 80000CF8: ???????? = 8c000080 80000CFC: ???????? = . KDB(0)> ddpw 80000cfc print one word at physical address 80000cfc 80000CFC: D2000080