Sometimes the situation arises where neither a kernel debug session or a system dump alone are sufficient to analyse a problem. Typically this occurs with problems where evidence of the cause has been removed from the system before the problem occurrence becomes recognised but the problem itself requires lengthy analysis even when the causal conditions are intercepted. Examples of this are problems where:
Storage overlays, may not be noticed until the valid owner of the storage traps at some later time.
A program terminates apparently normally, but unexpectedly.
A deadlock or hang occurs because a resource owner forgets to release ownership of a shared resource.
If the problem is such the there are readily identifiable criteria that allow it to be intercepted closer to its cause, for example by using breakpoints under the Kernel Debugger, then being able to take a dump at such a point can be advantageous.
The simplest technique for initiating a system dump is to enter the .SYSDUMP command , which is new from fix pack 29 for Warp 3.0 and base Warp 4.0. Prior to these releases other techniques have to be employed. The simplest of these is to type the dump key sequence (Ctrl-Alt-Numlock-Numlock or Ctrl_Alt_F10_F10) from the keyboard of the system undertest while the debugger is in console mode. Then type the G command from the debug console. The keyboard interrupt will be serviced and the standalone dump procedure initiated.
In an unattended situation a manually initiated dump may not be feasible. The following techniques discuss how to initiated the system dump in a more automated fashion. In some cases it may be possible to set up the command automation from the KDB.INI initialisation file.
The system dump is initiated when the kernel routine RASRST (RAS restart) is called. Normally this occurs from ring 0 when exception management intercepts a trap and TRAPDUMP is coded in the CONFIG.SYS file or when the keyboard device driver (KDB.SYS) intercepts a Ctrl-Alt-Numlock-Numlock or Ctrl-Alt-F10-F10 sequence. From ring 3 RASRST is called indirectly via the Dos32ForceSystemDump API since RASRST is not addressable from any user code selectors. The Kernel Debugger G command allows an address to be specified where execution is to continue from, which provides a means calling the system dump routine from the debugging console. Before using this technique, the following points must be understood:
RASRST is not addressable from user code selectors since they have an upper address boundary of at most 512M.
RASRST requires to be executed using a 16-bit code selector.
RASRST requires a ring 0 stack selector to be active
Dos32ForceSystemDump requires a 32-bit code selector, such as 5b.
On some early versions of OS/2 2.1 Dos32ForceSystemDump is unreliable.
The symbol Dos32ForceSystemDump occurs in both DOSCALL1.DLL and the callgate entry point in OS2KRNL.
From ring 0 the following command will generally be successful in initiating a system dump:
g =rasrst
From ring 2 or ring 3, 32-bit code the following commands will be successful providing Dos32ForceSystemDump is working correctly. The address of DOSCALL1:DOS32FORCESYSTEMDUMP is determined first, then a call to Dos32ForceSystemDump is made:
ln dos32forcesystemdump
%1a027c78 doscall1:FLAT32:DOS32FORCESYSTEMDUMP
g =1a027c78
For 16-bit application code the CS register must be to to a value that will address DOSCALL1.DOS32FORCESYSTEMDUMP. A suitable selector would be 5b for ring-3 code and 5a for ring-2. So, for 16-bit code this procedure becomes:
ln dos32forcesystemdump
%1a027c78 doscall1:FLAT32:DOS32FORCESYSTEMDUMP
r cs 5b (or r cs 5a)
g =1a027c78
If TRAPDUMP is in effect then a dump can be forced by causing an immediate trap. The most effective way to achieve this is to set the current SS selector to 0 using the R command. For example:
r ss=00
g
If you wish to trap an application the very next time it runs in user mode then use .R to determine the user registers and set a breakpoint on CS:EIP in the context of the application's thread slot and specify that SS be set to zero when the breakpoint fires. For example:
.p 2d Slot Pid Ppid Csid Ord Sta Pri pTSD pPTDA pTCB Disp SG Name 002d 000b 0002 000b 0001 blk 0200 7b700000 7b8c68fc 7b8acb60 1eb8 14 mrfilepm ##.r 2d eax=00000000 ebx=00000000 ecx=0000aa37 edx=0000a9ef esi=00090bff edi=00090000 eip=0000272d esp=0000b228 ebp=0009b230 iopl=2 -- -- -- nv up ei ng nz na pe nc cs=d02f ss=004f ds=a9ef es=be47 fs=150b gs=0000 cr2=1704b000 cr3=001d9000 doscall1:CONFORM16:postDOSSEMWAIT: 002d|d02f:0000272d c9 leave ;br0 ##bp d02f:272d,"j wo(tasknumber)==2d,'.r;r ss=0;g';g" ##g eax=00000000 ebx=00000014 ecx=0009a9ef edx=0000a9ef esi=00090bff edi=00090006 eip=0000272d esp=0000b230 ebp=0009b230 iopl=2 -- -- -- nv up ei ng nz na pe nc cs=d02f ss=004f ds=a9ef es=be47 fs=150b gs=0000 cr2=01550000 cr3=001d9000 d02f:0000272e ca0800 retf 0008 Symbols linked (calc) DelayHardError SYS3171: 4 string(s): Pid 000b Tid 0001 Slot 002d HobMte 03be C:\OS2TOOLS\MRFILEPM.EXE c0000005 1a05272d P1=00000008 P2=6d640000 P3=XXXXXXXX P4=XXXXXXXX EAX=00000000 EBX=00000014 ECX=0009a9ef EDX=0000a9ef ESI=00090bff EDI=00090006 DS=a9ef DSACC=00f3 DSLIM=00000fff ES=be47 ESACC=00f3 ESLIM=000017f5 FS=150b FSACC=00f3 FSLIM=00000030 GS=0000 GSACC=**** GSLIM=******** CS:EIP=d02f:0000272d CSACC=00df CSLIM=000054a3 SS:ESP=0000:0000b230 SSACC=**** SSLIM=******** EBP=0009b230 FLG=00002386 DOSCALL1.DLL 0005:0000272d
This technique will successfully terminate an application. If TRAPDUMP is set appropriately then a system dump will be taken.
If TRAPDUMP is not correctly set for taking dumps, it may be dynamically modified from the debugging console. Symbol DumpDevice specifies the dump partition or drive letter (without the colon) and DUMP_ON is a flag byte that take values 0, 1 or 2 to specify whether TRAPDUMP is OFF, ON or R0 respectively. Use the E command to modify to these fields according to needs. For example, if we wish to set the equivalent of TRAPDUMP R0,F after system initialisation then the following command sequence would achieve this:
e dump_on 2
e dumpdevice "F"
When examining a dump taken by calling RASRST, directly or indirectly, using the G command then the registers at the time the Kernel Debugger was last entered can be found at label _RegSA. The format of this save area is as follows.
Before fix pack 29 for Warp 3.0 and base Warp 4.0:
┌──────┬────────────────────┐ │Offset│Register mnemonic │ ├──────┼────────────────────┤ │+0 │EAX │ ├──────┼────────────────────┤ │+4 │EBX │ ├──────┼────────────────────┤ │+8 │EXC │ ├──────┼────────────────────┤ │+c │EDX │ ├──────┼────────────────────┤ │+10 │ESP │ ├──────┼────────────────────┤ │+14 │EBP │ ├──────┼────────────────────┤ │+18 │ESI │ ├──────┼────────────────────┤ │+1c │EDI │ ├──────┼────────────────────┤ │+20 │ES │ ├──────┼────────────────────┤ │+22 │SS │ ├──────┼────────────────────┤ │+24 │DS │ ├──────┼────────────────────┤ │+26 │FS │ ├──────┼────────────────────┤ │+28 │GS │ ├──────┼────────────────────┤ │+2a │EIP │ ├──────┼────────────────────┤ │+2e │CS │ ├──────┼────────────────────┤ │+30 │reserved │ ├──────┼────────────────────┤ │+34 │EFLAGS │ ├──────┼────────────────────┤ │+38 │MSW │ ├──────┼────────────────────┤ │+3c │GTD limit │ ├──────┼────────────────────┤ │+3e │GTD base │ ├──────┼────────────────────┤ │+42 │reserved │ ├──────┼────────────────────┤ │+44 │IDT limit │ ├──────┼────────────────────┤ │+46 │IDT base │ ├──────┼────────────────────┤ │+4a │reserved │ ├──────┼────────────────────┤ │+4c │LDTR │ ├──────┼────────────────────┤ │+4e │TR │ ├──────┼────────────────────┤ │+50 │CR2 │ ├──────┼────────────────────┤ │+54 │CR3 │ ├──────┼────────────────────┤ │+58 │DR0 │ ├──────┼────────────────────┤ │+5c │DR1 │ ├──────┼────────────────────┤ │+60 │DR2 │ ├──────┼────────────────────┤ │+64 │DR3 │ ├──────┼────────────────────┤ │+68 │DR4 │ ├──────┼────────────────────┤ │+6c │DR5 │ ├──────┼────────────────────┤ │+70 │DR6 │ ├──────┼────────────────────┤ │+74 │DR7 │ ├──────┼────────────────────┤ │+78 │reserved │ ├──────┼────────────────────┤ │+7c │TR6 │ ├──────┼────────────────────┤ │+80 │TR7 │ └──────┴────────────────────┘
From fix pack 29 for Warp 3.0 and base Warp 4.0:
┌──────┬────────────────────┐ │Offset│Register mnemonic │ ├──────┼────────────────────┤ │+0 │EAX │ ├──────┼────────────────────┤ │+4 │EBX │ ├──────┼────────────────────┤ │+8 │EXC │ ├──────┼────────────────────┤ │+c │EDX │ ├──────┼────────────────────┤ │+10 │ESP │ ├──────┼────────────────────┤ │+14 │EBP │ ├──────┼────────────────────┤ │+18 │ESI │ ├──────┼────────────────────┤ │+1c │EDI │ ├──────┼────────────────────┤ │+20 │ES │ ├──────┼────────────────────┤ │+22 │SS │ ├──────┼────────────────────┤ │+24 │DS │ ├──────┼────────────────────┤ │+26 │FS │ ├──────┼────────────────────┤ │+28 │GS │ ├──────┼────────────────────┤ │+2a │EIP │ ├──────┼────────────────────┤ │+2e │CS │ ├──────┼────────────────────┤ │+30 │reserved │ ├──────┼────────────────────┤ │+34 │EFLAGS │ ├──────┼────────────────────┤ │+38 │MSW │ ├──────┼────────────────────┤ │+3c │GTD limit │ ├──────┼────────────────────┤ │+3e │GTD base │ ├──────┼────────────────────┤ │+42 │reserved │ ├──────┼────────────────────┤ │+44 │IDT limit │ ├──────┼────────────────────┤ │+46 │IDT base │ ├──────┼────────────────────┤ │+4a │reserved │ ├──────┼────────────────────┤ │+4c │LDTR │ ├──────┼────────────────────┤ │+4e │TR │ ├──────┼────────────────────┤ │+50 │CR2 │ ├──────┼────────────────────┤ │+54 │CR3 │ ├──────┼────────────────────┤ │+58 │CR4 │ ├──────┼────────────────────┤ │+5c │DR0 │ ├──────┼────────────────────┤ │+60 │DR1 │ ├──────┼────────────────────┤ │+64 │DR2 │ ├──────┼────────────────────┤ │+68 │DR3 │ ├──────┼────────────────────┤ │+6c │DR4 │ ├──────┼────────────────────┤ │+70 │DR5 │ ├──────┼────────────────────┤ │+74 │DR6 │ ├──────┼────────────────────┤ │+78 │DR7 │ ├──────┼────────────────────┤ │+7c │reserved │ ├──────┼────────────────────┤ │+80 │TR6 │ ├──────┼────────────────────┤ │+84 │TR7 │ └──────┴────────────────────┘