KEXT Debugging on Mac

Copy the kext to temp folder

    sudo cp -r /…xx.kext /tmp/

     cd /tmp

Modify the priviledges

    sudo chown -R root:wheel xx.kext
    sudo chmod -R 775 xx.kext

Load the kext at the starting address where the affected kext loaded. you will get the address from the panic report

    sudo kextload -z -n -a xxx.yyy.kext.zzz@0x47cd1000 -s . xx.kext

Open another terminal and launch the gdb

    gdb -arch i386 /Volumes/KernelDebugKit/mach_kernel

Add debug source symbols
    source  /Volumes/KernelDebugKit/kgmacros

Add system and application symbols

    add-symbol-file /tmp/com.apple.kpi.bsd.sym
    add-symbol-file /tmp/com.apple.kpi.libkern.sym
    add-symbol-file /tmp/com.apple.kpi.iokit.sym
    add-symbol-file /tmp/com.apple.kpi.mach.sym
    add-symbol-file /tmp/xxx.yyy.kext.zzz.sym

Query the symbols

    x/i address

// For remote debugging

As it is exec the following command
    target remote-kdp

Attach to the remote system
    attach ip

Execute the bt to get all the symbols or use x/i to get a particular symbol
    bt   // back trace  , it loads all symbols, otherwise

Blogged with Flock

Tags: , , ,

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: