1 This is some preliminary information on using PICE. I am planning to write
2 a detailed manual later.
4 BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA
6 PICE for Reactos is in early beta stage of development. It still has many bugs.
8 BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA-BETA
11 PICE is a kernel debugger that was ported for Reactos (the original Linux
12 project by Klaus P. Gerlicher and Goran Devic may be found here:
13 http://pice.sourceforge.net).
17 1. PICE is loaded like a regular device driver. The only limitation - it must
18 be loaded after keyboard.sys driver. You should add:
20 LdrLoadAutoConfigDriver( L"pice.sys" );
22 in ntoskrnl/ldr/loader.c after the line loading keyboard driver.
24 2. You should copy pice.cfg and ntoskrnl.sym to \SystemRoot\symbols directory
27 3. If you want to add symbolic information you should use loader.exe to
28 create .dbg file from the unstrippped version of exe or driver:
30 pice\loader\loader.exe -t ntoskrnl.nostrip.exe
32 After that copy .dbg file to \SystemRoot\symbols and add a line to pice.cfg:
33 \\SystemRoot\symbols\ntoskrnl.dbg.
35 Pice will load the symbols during boot. For large .dbg files it may take a
36 while (ntoskrnl.dbg is ~3Mb). You may find that loading time under bochs is
37 quite slow, although otherwise performance should be fine.
39 Key combination to break into debugger is CTRL-D.
40 You may need to press CTRL button upon return from the debugger if you get
41 "funny" symbols when you type.
45 gdt display current global descriptor table
46 idt display current interrupt descriptor table
48 t single step one instruction
50 h list help on commands
51 page dump page directories
52 proc list all processes
53 dd display dword memory
54 db display byte memory
55 u disassemble at address
56 mod displays all modules
57 bpx set code breakpoint
60 ver display pICE version and state information
61 hboot hard boot the system
62 cpu display CPU special registers
63 stack display call stack
64 . unassemble at current instruction
65 p single step over call
66 i single step into call
67 locals display local symbols
68 table display loaded symbol tables
69 file display source files in symbol table
70 sym list known symbol information
71 ? evaluate an expression (global symbols only)
72 src sets disassembly mode
73 wc change size of code window
74 wd change size of data window
75 r sets or displays registers
76 cls clear output window
78 next advance EIP to next instruction
80 layout sets keyboard layout
81 syscall displays syscall (table)
82 altkey set alternate break key
83 addr show/set address contexts
85 [CTRL/SHIFT/ALT] arrow up/down
90 dpd display dword physical memory
91 code toggle code display
92 peek peek at physical memory
93 poke poke to physical memory
94 phys show all mappings for linear address
95 timers show all active timers
98 1. Evaluation of pointers.
99 2. Virtual breakpoints
100 3. Unimplemented commands.
101 4. Video mode switching (to debug gdi applications).