Question about Windbg and GDT

Rage_RCE

Hi all!,

i'm new here and a newbie with kernel stuffs.

i would like to know how can i dump the content of every GDT in a machine
with multiple cores, i mean, for example, if i have a machine with two
processors, i would like to be able to see the two GDTs, is this possible?.

Thanks in advanced for your questions!.

Paul_Sanders-1

The first thing you should do is read the first quarter of the help file. It will answer a lot of your questions. It's a quick read, but you really need to do that first thing.

After that you can read the second quarter of the help file at your leisure. The second half of the help file is predominantly about writing debugger extensions and you probably aren't concerned with that right now.

Paul
----- Original Message -----
From: "rage"
To: "Kernel Debugging Interest List"
Sent: Friday, February 19, 2010 8:41:52 AM GMT -05:00 US/Canada Eastern
Subject: [windbg] Question about Windbg and GDT

Hi all!,

i'm new here and a newbie with kernel stuffs.

i would like to know how can i dump the content of every GDT in a machine with multiple cores, i mean, for example, if i have a machine with two processors, i would like to be able to see the two GDTs, is this possible?.

Thanks in advanced for your questions!.
--- WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Scott_Noone_(OSR)

The base address of the GDT is in the GDTR register and the size is in the
GDTL register, so you can view these with @gdtr and @gdtl (respectively).
For example:

0: kd> r @gdtr
gdtr=8003f000
0: kd> r @gdtl
gdtl=000003ff

If you want the base on other processors, you can switch processors with the
~ command and repeat:

0: kd> ~1
1: kd> r @gdtr
gdtr=f8733190
1: kd> r @gdtl
gdtl=000003ff

If you want to start parsing this yourself, the kernel data type for the
entries is nt!_KGDTENTRY. If you want the entries printed out pretty for you
already, you can use the Display Segment command "dg":

1: kd> r @cs
cs=00000008
1: kd> dg @cs
P Si Gr Pr Lo
Sel Base Limit Type l ze an es ng Flags
---- -------- -------- ---------- - -- -- -- -- --------
0008 00000000 ffffffff Code RE Ac 0 Bg Pg P Nl 00000c9b

HTH and good luck!

-scott


--
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com


"rage" <[email protected]> wrote in message news:[email protected]
Hi all!,

i'm new here and a newbie with kernel stuffs.

i would like to know how can i dump the content of every GDT in a machine
with multiple cores, i mean, for example, if i have a machine with two
processors, i would like to be able to see the two GDTs, is this possible?.

Thanks in advanced for your questions!.

Rage_RCE

Thank you very much! this is what i've been looking for!.

On Fri, Feb 19, 2010 at 12:23 PM, Scott Noone wrote:

> The base address of the GDT is in the GDTR register and the size is in the
> GDTL register, so you can view these with @gdtr and @gdtl (respectively).
> For example:
>
> 0: kd> r @gdtr
> gdtr=8003f000
> 0: kd> r @gdtl
> gdtl=000003ff
>
> If you want the base on other processors, you can switch processors with
> the ~ command and repeat:
>
> 0: kd> ~1
> 1: kd> r @gdtr
> gdtr=f8733190
> 1: kd> r @gdtl
> gdtl=000003ff
>
> If you want to start parsing this yourself, the kernel data type for the
> entries is nt!_KGDTENTRY. If you want the entries printed out pretty for you
> already, you can use the Display Segment command "dg":
>
> 1: kd> r @cs
> cs=00000008
> 1: kd> dg @cs
> P Si Gr Pr Lo
> Sel Base Limit Type l ze an es ng Flags
> ---- -------- -------- ---------- - -- -- -- -- --------
> 0008 00000000 ffffffff Code RE Ac 0 Bg Pg P Nl 00000c9b
>
> HTH and good luck!
>
> -scott
>
>
> --
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> "rage" wrote in message news:[email protected]
>
> Hi all!,
>
> i'm new here and a newbie with kernel stuffs.
>
> i would like to know how can i dump the content of every GDT in a machine
> with multiple cores, i mean, for example, if i have a machine with two
> processors, i would like to be able to see the two GDTs, is this possible?.
>
> Thanks in advanced for your questions!.
>
> ---
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Rage_RCE

Hello Paul!,

Surely, i should read the help manual but i asked for a specific question.
Sometimes, we do not have time to read the entire manual to do a job. I was
looking for a concrete answer and scott was very direct to answer.

BR,
~rage

On Fri, Feb 19, 2010 at 11:27 AM, Paul Sanders wrote:

> The first thing you should do is read the first quarter of the help file.
> It will answer a lot of your questions. It's a quick read, but you really
> need to do that first thing.
>
> After that you can read the second quarter of the help file at your
> leisure. The second half of the help file is predominantly about writing
> debugger extensions and you probably aren't concerned with that right now.
>
> Paul
>
> ----- Original Message -----
> From: "rage"
> To: "Kernel Debugging Interest List"
> Sent: Friday, February 19, 2010 8:41:52 AM GMT -05:00 US/Canada Eastern
> Subject: [windbg] Question about Windbg and GDT
>
> Hi all!,
>
> i'm new here and a newbie with kernel stuffs.
>
> i would like to know how can i dump the content of every GDT in a machine
> with multiple cores, i mean, for example, if i have a machine with two
> processors, i would like to be able to see the two GDTs, is this possible?.
>
> Thanks in advanced for your questions!.
> --- WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> ---
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Tim_Roberts

rage wrote:
> Thank you very much! this is what i've been looking for!.

Why?

The question is not meant to be snotty -- I'm just wondering what task
you could possibly be working on that requires you to know the value of
GDTR for all processors.

--
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.

Rage_RCE

Hi Tim!,

I'm just doing some research about descriptor tables to do my own tool. It
is just for fun!.

~rage

On Fri, Feb 19, 2010 at 2:43 PM, Tim Roberts wrote:

> rage wrote:
> > Thank you very much! this is what i've been looking for!.
>
> Why?
>
> The question is not meant to be snotty -- I'm just wondering what task
> you could possibly be working on that requires you to know the value of
> GDTR for all processors.
>
> --
> Tim Roberts, [email protected]
> Providenza & Boekelheide, Inc.
>
>
> ---
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

yu_shang

@Scott_Noone_(OSR) said:
The base address of the GDT is in the GDTR register and the size is in the
GDTL register, so you can view these with @gdtr and @gdtl (respectively).
For example:

0: kd> r @gdtr
gdtr=8003f000
0: kd> r @gdtl
gdtl=000003ff

If you want the base on other processors, you can switch processors with the
~ command and repeat:

0: kd> ~1
1: kd> r @gdtr
gdtr=f8733190
1: kd> r @gdtl
gdtl=000003ff

If you want to start parsing this yourself, the kernel data type for the
entries is nt!_KGDTENTRY. If you want the entries printed out pretty for you
already, you can use the Display Segment command "dg":

1: kd> r @cs
cs=00000008
1: kd> dg @cs
P Si Gr Pr Lo
Sel Base Limit Type l ze an es ng Flags

---

0008 00000000 ffffffff Code RE Ac 0 Bg Pg P Nl 00000c9b

HTH and good luck!

-scott

--
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

"rage" [email protected] wrote in message news:[email protected]
Hi all!,

i'm new here and a newbie with kernel stuffs.

i would like to know how can i dump the content of every GDT in a machine
with multiple cores, i mean, for example, if i have a machine with two
processors, i would like to be able to see the two GDTs, is this possible?.

Thanks in advanced for your questions!.

Hi @Scott_Noone_(OSR) , thank you for this very elaborated answer ! I have a difficult to find the help for such registers GDTR/GDTL/IDTR/IDTL/LDTR in the windbg help doc. It seems there is no explicitly statement about these registers. Could you please help me with this ?

Peter_Viscarola_(OSR)

You know you're replying to an 11 year old thread, right? And that's not allowed on this forum?

Hint: START A NEW THREAD if you have a question. Don't necropost to an old thread.