{"id":652,"date":"2022-09-28T10:56:59","date_gmt":"2022-09-28T17:56:59","guid":{"rendered":"https:\/\/sysprogs.com\/tutorials\/?p=652"},"modified":"2022-09-28T10:56:59","modified_gmt":"2022-09-28T17:56:59","slug":"using-live-watch-to-monitor-kernel-mode-code-in-real-time","status":"publish","type":"post","link":"https:\/\/sysprogs.com\/VisualKernel\/tutorials\/livewatch\/","title":{"rendered":"Using Live Watch to Monitor Kernel-Mode Code in Real Time"},"content":{"rendered":"

This tutorial shows how to use Live Watch to monitor the state of your kernel-mode code without having to stop it in the debugger.<\/p>\n

Before you begin, install Visual Studio and VisualKernel 4.0 or later.<\/p>\n

    \n
  1. Start Visual Studio and open the Linux Kernel Module Wizard:\"\"<\/a><\/li>\n
  2. Enter the name and location for your project:\"\"<\/a><\/li>\n
  3. Select the project template you would like to use. In this tutorial we will create a basic RAM disk and will show how to monitor its read\/write count without setting any breakpoints, hence select “Ramdisk” and click “Next”:\"\"<\/a><\/li>\n
  4. Select the target you would like to use. Live Watch transfers data via the network interface, so it supports most of the kernel targets:\"\"<\/a><\/li>\n
  5. Proceed with the default selection of storing the sources on the Windows side: \"\"<\/a><\/li>\n
  6. Finally, select the debug settings that work for your target and click “Finish” to create the project: \"\"<\/a><\/li>\n
  7. Once the project has been created, you can build it by pressing Ctrl-Shift-B: \"\"<\/a><\/li>\n
  8. Once the build succeeds, try setting a breakpoint in the BasicRamDisk_SubmitBIO()<\/strong> function and press F5 to begin debugging. Once the triggers, use the Call Stack window to see the context of the call. In this example, the first I\/O operation submitted to the disk comes from the disk_scan_partitions()<\/strong> function trying to scan the partition table:\"\"<\/a><\/li>\n
  9. Press F5 to continue debugging. Then, right-click on the project node in Solution Explorer and select “Open a new SSH window”:\"\"<\/a><\/li>\n
  10. Once the window opens, run “sudo dmesg” to view the commands necessary to test out the RAM disk:\n
    sudo mkfs \/dev\/LiveWatchDemoDisk1\r\nsudo mkdir \/mnt\/ramdisk\r\nsudo mount \/dev\/LiveWatchDemoDisk1 \/mnt\/ramdisk<\/pre>\n
    Run the commands from the dmesg<\/strong> output and make sure the disk is initialized and mounted:\"\"<\/a><\/li>\n
  11. Using the debugger to see what is going on could be useful in many scenarios, however it stops the target while you are examining its state. Live Watch avoids this by sampling the values of different variables over the UDP connection without having to stop the target. In order to test it out, add the following 2 variables to the BasicRamDisk.c<\/strong> file:\n
    static uint64_t s_BytesIn;\r\nstatic uint64_t s_BytesOut;<\/pre>\n
    Then, update the BasicRamDisk_Transfer()<\/strong> function to increment either s_BytesIn<\/strong> or s_BytesOut<\/strong> depending on the direction of the transfer:\"\"<\/a><\/li>\n
  12. Start the debug session, open the Debug->Windows->Live Watch<\/strong> window and switch it to the Globals<\/strong> view. Observe how the values of s_BytesIn<\/strong> and s_BytesOut<\/strong> are immediately shown both in the Live Watch window and directly in the code:\"\"<\/a>You can read more about various Live Watch modes and settings on this page<\/a>.<\/li>\n
  13. Click the “Plot” column for both variables, then try copying some data to the RAM disk. Note how the data is actually written when you run the “sync” command (00:42 below). Try unmounting the disk, remounting it and comparing the copied file. Observe how the number of read bytes now matches the number of written ones:\"\"<\/a><\/li>\n
  14. You can also use Live Watch to observe and plot various variables from the kernel itself. Expand the [vmlinux] node in Live Watch and type “^jiffies” in the filter: \"\"<\/a><\/li>\n
  15. Click the plot column to plot the value of jiffies<\/strong> (system clock):\"\"<\/a>Note that because the value of jiffies<\/strong> is much larger than the values of s_BytesIn<\/strong> or s_BytesOut<\/strong>, it completely eclipsed both of them on the graph.<\/li>\n
  16. Click the settings button and enable the “scale each variable independently” checkbox. See how the values are now properly visible:\"\"<\/a><\/li>\n
  17. You can configure VisualKernel to show the graphs in separate horizontal spaces (i.e. under each other), so that similar changes to multiple graphs won’t obscure each other:\"\"<\/a><\/li>\n<\/ol>\n
     <\/p>\n","protected":false},"excerpt":{"rendered":"
    This tutorial shows how to use Live Watch to monitor the state of your kernel-mode code without having to stop<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[59],"tags":[61],"_links":{"self":[{"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/posts\/652"}],"collection":[{"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/comments?post=652"}],"version-history":[{"count":1,"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/posts\/652\/revisions"}],"predecessor-version":[{"id":669,"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/posts\/652\/revisions\/669"}],"wp:attachment":[{"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/media?parent=652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/categories?post=652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sysprogs.com\/tutorials\/wp-json\/wp\/v2\/tags?post=652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}