error code: 0: read from a non-present page
2: write to a non-present page
EIP: address of instruction at panic
create symbol file:
/Volumes/KernelDebugKit/createsymbolfiles -s /tmp PanicDriver/build/Debug/PanicDriver.kext
assume 0x223ab275 is EIP address
gdb /Volumes/KernelDebugKit/mach_kernel
--> set kext-symbol-file-path /tmp
--> add-kext ~/test.kext
--> set print asm-demangle on
--> x/i 0x223ab275
find the function mapped to this address
--> disass 0x223ab275
show this function's content
--> info line * 0x223ab275
show the line number of EIP in the function
沒有留言:
張貼留言