If we load the module and start a kernel debugging session using KGDB<\/a> or VMWare<\/a>, gdb will load the kernel symbols, but not the symbols for the module. E.g. we will be able to set breakpoints inside the kernel itself (e.g. the sys_open()<\/strong> function), but not inside TestKernelModule_exit()<\/strong>:<\/p>\n Unlike the kernel itself that is always loaded at the same address in memory, kernel modules can be loaded at arbitrary addresses. Before we can load the symbols for a module, we need to find out at which address it was loaded. The easiest way to do it is to set a breakpoint in the do_init_module()<\/strong> function and once it hits, checking the name<\/strong> and module_core<\/strong> fields of the mod <\/strong>variable:<\/p>\n Now once we know the load address of the module, we can load the symbols for it using the add-symbol-file<\/strong> command. The symbols are contained in the file called <module name>.o<\/strong> in the module build directory:<\/p>\n Note that if you now attempt to set a breakpoint in the TestKernelModule_exit()<\/strong> function, gdb will set it in an invalid address:<\/p>\n This happens because the TestKernelModule_exit()<\/strong> function is located in the “.exit.text” section and we have only loaded the symbols for the “.text” section. Use the following command to display all sections of TestKernelModule that has been loaded into the memory:<\/p>\n To load the symbols for those sections as well we need to specify their addresses manually in the add-symbol-file<\/strong> command:<\/p>\n Now the breakpoint was set at the correct address. Note that in order to see the global variables in the debugger, you need to also manually specify the addresses of the .data<\/strong>, .rodata<\/strong> and .bss<\/strong> sections.<\/p>\n You can explore all modules loaded into the kernel by looking through the global ‘modules’ list. Simply use the ‘next’ field to get the pointer to the list item corresponding to the next module and subtract 4 (the offset of the list item inside the module structure) from it to get the address of the module object:<\/p>\n When you start your debugging session, VisualKernel will automatically set breakpoints inside the kernel functions responsible for loading and unloading the modules. When your module is loaded or unloaded, VisualKernel will automatically load\/unload the symbols for it: You can use the Modules window in Visual Studio to see the list of currently loaded kernel modules and load symbols for them: You can configure VisualKernel to automatically load symbols for all or some of the in-tree kernel modules (that ones that are included in the original Linux kernel tree):(gdb) file vmlinux-3.8.0-19-generic\r\nReading symbols from vmlinux-3.8.0-19-generic...done.\r\n(gdb) b sys_open\r\nBreakpoint 1 at 0xc115f000: file \/build\/buildd\/linux-3.8.0\/fs\/open.c, line 995.\r\n(gdb) b TestKernelModule_exit\r\nFunction \"TestKernelModule_exit\" not defined.\r\nMake breakpoint pending on future shared library load? (y or [n]) n<\/pre>\n
(gdb) break do_init_module\r\nBreakpoint 2 at 0xc10ac8e8: file \/build\/buildd\/linux-3.8.0\/arch\/x86\/include\/asm\/\r\ncurrent.h, line 14.\r\n(gdb) continue\r\nContinuing.\r\nBreakpoint 2, load_module\r\nat \/build\/buildd\/linux-3.8.0\/kernel\/module.c:3271\r\n3271 \/build\/buildd\/linux-3.8.0\/kernel\/module.c: No such file or directory.\r\n(gdb) print mod\r\n$1 = (struct module *) 0xf9921000\r\n(gdb) print mod->name\r\n$2 = \"TestKernelModule\"<\/strong>, '\\000' <repeats 43 times>\r\n(gdb) print mod->module_core\r\n$3 = (void *) 0xf9928000<\/strong><\/pre>\n
(gdb) add-symbol-file TestKernelModule.o 0xf9928000<\/strong>\r\nadd symbol table from file \"TestKernelModule.o\" at\r\n.text_addr = 0xf9928000\r\n(y or n) y\r\nReading symbols from TestKernelModule.o...done.<\/pre>\n
(gdb) break TestKernelModule_exit\r\nBreakpoint 3 at 0x19<\/strong>: file TestKernelModule_main.c, line 13.<\/pre>\n
(gdb) print *mod->sect_attrs->attrs@mod->sect_attrs->nsections\r\n$1 = {{\r\nmattr = {...},\r\nname = \".note.gnu.build-id\",\r\naddress = 0xf9929000\r\n}, {\r\nmattr = {...},\r\nname = \".init.text\",\r\naddress = 0xf842a000\r\n}, {\r\nmattr = {...},\r\nname = \".exit.text\",\r\naddress = 0xf9928000\r\n}, {\r\nmattr = {...},\r\nname = \".rodata\",\r\naddress = 0xf9929024\r\n}, {\r\nmattr = {...},\r\nname = \".data\",\r\naddress = 0xf992a000\r\n}, {\r\nmattr = {...},\r\nname = \".gnu.linkonce.this_module\",\r\naddress = 0xf992a020\r\n}, {\r\nmattr = {...},\r\nname = \".bss\",\r\naddress = 0xf992a1a0\r\n}, {\r\nmattr = {...},\r\nname = \".symtab\",\r\naddress = 0xf842b000\r\n}, {\r\nmattr = {...},\r\nname = \".strtab\",\r\naddress = 0xf842b270\r\n}}<\/pre>\nadd-symbol-file KernelModule.o 0xf9928000 -s .init.text 0xf842a000 -s .exit.text 0xf9928000\r\nadd symbol table from file \"TestKernelModule.o\" at\r\n.text_addr = 0xf9928000\r\n.init.text_addr = 0xf842a000\r\n.exit.text_addr = 0xf9928000\r\n(y or n) y\r\nReading symbols from TestKernelModule.o...done.\r\n(gdb) b TestKernelModule_exit\r\nBreakpoint 5 at 0xf9928006: file TestKernelModule_main.c, line 17.<\/pre>\n
(gdb) print &((struct module *)0)->list\r\n$10 = (struct list_head *) 0x4\r\n(gdb) print modules\r\n$11 = {\r\nnext = 0xf9962024,\r\nprev = 0xf8453024\r\n}\r\n(gdb) print *((struct module *)(0xf9962024 - 0x4))\r\n$12 = {\r\nstate = MODULE_STATE_LIVE,\r\nlist = {\r\nnext = 0xf98fc004,\r\nprev = 0xc18a1658 <modules>\r\n},\r\nname = \"TestKernelModule\", '\\000' <repeats 43 times>,\r\n...<\/pre>\nAutomatic symbol loading using VisualKernel<\/h2>\n
![\"\"](\"https:\/\/sysprogs.com\/tutorials\/wp-content\/uploads\/2022\/06\/modload.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/sysprogs.com\/tutorials\/wp-content\/uploads\/2022\/06\/modules.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/sysprogs.com\/tutorials\/wp-content\/uploads\/2022\/06\/modulesettings.png\")
<\/a><\/p>\n