Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Question about Windbg and GDT

Rage_RCERage_RCE Member Posts: 12
Hi all!,

i'm new here and a newbie with kernel stuffs.

i would like to know how can i dump the content of every GDT in a machine
with multiple cores, i mean, for example, if i have a machine with two
processors, i would like to be able to see the two GDTs, is this possible?.

Thanks in advanced for your questions!.

Comments

  • Paul_Sanders-1Paul_Sanders-1 Member Posts: 27
    The first thing you should do is read the first quarter of the help file. It will answer a lot of your questions. It's a quick read, but you really need to do that first thing.

    After that you can read the second quarter of the help file at your leisure. The second half of the help file is predominantly about writing debugger extensions and you probably aren't concerned with that right now.

    Paul
    ----- Original Message -----
    From: "rage"
    To: "Kernel Debugging Interest List"
    Sent: Friday, February 19, 2010 8:41:52 AM GMT -05:00 US/Canada Eastern
    Subject: [windbg] Question about Windbg and GDT

    Hi all!,

    i'm new here and a newbie with kernel stuffs.

    i would like to know how can i dump the content of every GDT in a machine with multiple cores, i mean, for example, if i have a machine with two processors, i would like to be able to see the two GDTs, is this possible?.

    Thanks in advanced for your questions!.
    --- WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,465
    The base address of the GDT is in the GDTR register and the size is in the
    GDTL register, so you can view these with @gdtr and @gdtl (respectively).
    For example:

    0: kd> r @gdtr
    gdtr=8003f000
    0: kd> r @gdtl
    gdtl=000003ff

    If you want the base on other processors, you can switch processors with the
    ~ command and repeat:

    0: kd> ~1
    1: kd> r @gdtr
    gdtr=f8733190
    1: kd> r @gdtl
    gdtl=000003ff

    If you want to start parsing this yourself, the kernel data type for the
    entries is nt!_KGDTENTRY. If you want the entries printed out pretty for you
    already, you can use the Display Segment command "dg":

    1: kd> r @cs
    cs=00000008
    1: kd> dg @cs
    P Si Gr Pr Lo
    Sel Base Limit Type l ze an es ng Flags
    ---- -------- -------- ---------- - -- -- -- -- --------
    0008 00000000 ffffffff Code RE Ac 0 Bg Pg P Nl 00000c9b

    HTH and good luck!

    -scott


    --
    Scott Noone
    Consulting Associate
    OSR Open Systems Resources, Inc.
    http://www.osronline.com


    "rage" <[email protected]> wrote in message news:[email protected]
    Hi all!,

    i'm new here and a newbie with kernel stuffs.

    i would like to know how can i dump the content of every GDT in a machine
    with multiple cores, i mean, for example, if i have a machine with two
    processors, i would like to be able to see the two GDTs, is this possible?.

    Thanks in advanced for your questions!.

    -scott
    OSR

  • Rage_RCERage_RCE Member Posts: 12
    Thank you very much! this is what i've been looking for!.

    On Fri, Feb 19, 2010 at 12:23 PM, Scott Noone wrote:

    > The base address of the GDT is in the GDTR register and the size is in the
    > GDTL register, so you can view these with @gdtr and @gdtl (respectively).
    > For example:
    >
    > 0: kd> r @gdtr
    > gdtr=8003f000
    > 0: kd> r @gdtl
    > gdtl=000003ff
    >
    > If you want the base on other processors, you can switch processors with
    > the ~ command and repeat:
    >
    > 0: kd> ~1
    > 1: kd> r @gdtr
    > gdtr=f8733190
    > 1: kd> r @gdtl
    > gdtl=000003ff
    >
    > If you want to start parsing this yourself, the kernel data type for the
    > entries is nt!_KGDTENTRY. If you want the entries printed out pretty for you
    > already, you can use the Display Segment command "dg":
    >
    > 1: kd> r @cs
    > cs=00000008
    > 1: kd> dg @cs
    > P Si Gr Pr Lo
    > Sel Base Limit Type l ze an es ng Flags
    > ---- -------- -------- ---------- - -- -- -- -- --------
    > 0008 00000000 ffffffff Code RE Ac 0 Bg Pg P Nl 00000c9b
    >
    > HTH and good luck!
    >
    > -scott
    >
    >
    > --
    > Scott Noone
    > Consulting Associate
    > OSR Open Systems Resources, Inc.
    > http://www.osronline.com
    >
    >
    > "rage" wrote in message news:[email protected]
    >
    > Hi all!,
    >
    > i'm new here and a newbie with kernel stuffs.
    >
    > i would like to know how can i dump the content of every GDT in a machine
    > with multiple cores, i mean, for example, if i have a machine with two
    > processors, i would like to be able to see the two GDTs, is this possible?.
    >
    > Thanks in advanced for your questions!.
    >
    > ---
    > WINDBG is sponsored by OSR
    >
    > For our schedule of WDF, WDM, debugging and other seminars visit:
    > http://www.osr.com/seminars
    >
    > To unsubscribe, visit the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
  • Rage_RCERage_RCE Member Posts: 12
    Hello Paul!,

    Surely, i should read the help manual but i asked for a specific question.
    Sometimes, we do not have time to read the entire manual to do a job. I was
    looking for a concrete answer and scott was very direct to answer.

    BR,
    ~rage

    On Fri, Feb 19, 2010 at 11:27 AM, Paul Sanders wrote:

    > The first thing you should do is read the first quarter of the help file.
    > It will answer a lot of your questions. It's a quick read, but you really
    > need to do that first thing.
    >
    > After that you can read the second quarter of the help file at your
    > leisure. The second half of the help file is predominantly about writing
    > debugger extensions and you probably aren't concerned with that right now.
    >
    > Paul
    >
    > ----- Original Message -----
    > From: "rage"
    > To: "Kernel Debugging Interest List"
    > Sent: Friday, February 19, 2010 8:41:52 AM GMT -05:00 US/Canada Eastern
    > Subject: [windbg] Question about Windbg and GDT
    >
    > Hi all!,
    >
    > i'm new here and a newbie with kernel stuffs.
    >
    > i would like to know how can i dump the content of every GDT in a machine
    > with multiple cores, i mean, for example, if i have a machine with two
    > processors, i would like to be able to see the two GDTs, is this possible?.
    >
    > Thanks in advanced for your questions!.
    > --- WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging and
    > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
    > the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
    > ---
    > WINDBG is sponsored by OSR
    >
    > For our schedule of WDF, WDM, debugging and other seminars visit:
    > http://www.osr.com/seminars
    >
    > To unsubscribe, visit the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,161
    rage wrote:
    > Thank you very much! this is what i've been looking for!.

    Why?

    The question is not meant to be snotty -- I'm just wondering what task
    you could possibly be working on that requires you to know the value of
    GDTR for all processors.

    --
    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Rage_RCERage_RCE Member Posts: 12
    Hi Tim!,

    I'm just doing some research about descriptor tables to do my own tool. It
    is just for fun!.

    ~rage

    On Fri, Feb 19, 2010 at 2:43 PM, Tim Roberts wrote:

    > rage wrote:
    > > Thank you very much! this is what i've been looking for!.
    >
    > Why?
    >
    > The question is not meant to be snotty -- I'm just wondering what task
    > you could possibly be working on that requires you to know the value of
    > GDTR for all processors.
    >
    > --
    > Tim Roberts, [email protected]
    > Providenza & Boekelheide, Inc.
    >
    >
    > ---
    > WINDBG is sponsored by OSR
    >
    > For our schedule of WDF, WDM, debugging and other seminars visit:
    > http://www.osr.com/seminars
    >
    > To unsubscribe, visit the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
  • yu_shangyu_shang Member Posts: 14

    @Scott_Noone_(OSR) said:
    The base address of the GDT is in the GDTR register and the size is in the
    GDTL register, so you can view these with @gdtr and @gdtl (respectively).
    For example:

    0: kd> r @gdtr
    gdtr=8003f000
    0: kd> r @gdtl
    gdtl=000003ff

    If you want the base on other processors, you can switch processors with the
    ~ command and repeat:

    0: kd> ~1
    1: kd> r @gdtr
    gdtr=f8733190
    1: kd> r @gdtl
    gdtl=000003ff

    If you want to start parsing this yourself, the kernel data type for the
    entries is nt!_KGDTENTRY. If you want the entries printed out pretty for you
    already, you can use the Display Segment command "dg":

    1: kd> r @cs
    cs=00000008
    1: kd> dg @cs
    P Si Gr Pr Lo
    Sel Base Limit Type l ze an es ng Flags


    0008 00000000 ffffffff Code RE Ac 0 Bg Pg P Nl 00000c9b

    HTH and good luck!

    -scott

    --
    Scott Noone
    Consulting Associate
    OSR Open Systems Resources, Inc.
    http://www.osronline.com

    "rage" [email protected] wrote in message news:[email protected]
    Hi all!,

    i'm new here and a newbie with kernel stuffs.

    i would like to know how can i dump the content of every GDT in a machine
    with multiple cores, i mean, for example, if i have a machine with two
    processors, i would like to be able to see the two GDTs, is this possible?.

    Thanks in advanced for your questions!.

    Hi @Scott_Noone_(OSR) , thank you for this very elaborated answer ! I have a difficult to find the help for such registers GDTR/GDTL/IDTR/IDTL/LDTR in the windbg help doc. It seems there is no explicitly statement about these registers. Could you please help me with this ?

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,783
    edited October 5

    You know you're replying to an 11 year old thread, right? And that's not allowed on this forum?

    Hint: START A NEW THREAD if you have a question. Don't necropost to an old thread.

    Peter Viscarola
    OSR
    @OSRDrivers

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 24 January 2022 Live, Online
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online