jalavoui Posted May 18, 2016 Share Posted May 18, 2016 Panic debug procedure: To debug the kernel/kext u need an Apple ethernet driver installed on the machine u're debugging (machine1) Then u can connect that machine to a router using a ethernet cable Boot the machine1 with flags -v keepsyms=1 pmuflags=1 debug=0x144 kdp_match_name=en1 The flag kcsuffix=debug will load the kernel.debug Booting without caches might help load the eth driver b4 other kexts. Replace en1 with ethernet card name (open a console and type ifconfig to check) On a 2nd machine (i used wifi to connect to the network) open a console and type "lldb" After machine1 boots to desktop press the magic keys: cmd+option+alt+shift+esc on my pc this is ctrl+windows key+alt+shift+esc U will see on screen a line with ip address (e.g 192.168.2.2) and a w8 4 debugger attach msg Go back to machine2 and on lldb type kdb-remote 192.168.2.2 (u entered kernel debug mode) if u got no kernel panic type c to unlock machine1 back u can redo this as need The above procedure can be done using a firewire cable, etc with some changes. Al this is now obsolete - welcome to xcode kernel debug. Debuging a kext on a remote kernel using the Xcode GUI This is a panic catch when loading brcm4360 Howto (using the root account) - Backup The existing Xcode LLDB framework and replace with the attached. - Unzip lldbinit. In terminal copy to /var/root. Edit and change the ip address. In terminal type "cp lldbinit .lldbinit" - Extract kdp.zip. It's a xcode project. Edit the xxx.xcscheme and change kernel path if need. - Open the Xcode project - Press Run if u get a kernel panic or if u used the kernel magic keys on the remote system. LLDB patch SBTarget::Launch (SBLaunchInfo &sb_launch_info, SBError& error) { (...) if (arch_spec.IsValid()) launch_info.GetArchitecture () = arch_spec; SBCommandInterpreter interp = GetDebugger().GetCommandInterpreter(); SBCommandReturnObject result; interp.SourceInitFileInHomeDirectory(result); sb_process.SetSP(GetDebugger().GetSelectedTarget().GetProcess().GetSP()); //error.SetError (target_sp->Launch (launch_info, NULL)); //sb_process.SetSP(target_sp->GetProcessSP()); } else { error.SetErrorString ("SBTarget is invalid"); (...) int PrivateResumeC=0; Error Process::ConnectRemote (Stream *strm, const char *remote_url) { m_abi_sp.reset(); m_process_input_reader.reset(); // Find the process and its architecture. Make sure it matches the architecture // of the current Target, and if not adjust it. //SetPublicState (eStateStopped, false); PrivateResumeC=0; Error error (DoConnectRemote (strm, remote_url)); (...) Error Process::PrivateResume () { if (!PrivateResumeC) { PrivateResumeC=1; SetPrivateState(eStateRunning); SetPrivateState(eStateStopped); return Error("Process is not running."); } Log *log(lldb_private::GetLogIfAnyCategoriesSet (LIBLLDB_LOG_PROCESS|LIBLLDB_LOG_STEP)); TODO: Write a xcode.plugin/patch 4 original lldb framework. This driver works on OS X 10.11.4 , tested on 1 AMD and 1 Intel cpus with a RTL8168 card. The patch was trivial - skip a basic hadrware probe check in code. Might work on other cards. Can be used as a normal eth driver or to allow debuging the kernel and most important new kexts. AppleRTL8169Ethernet.kext.zip LLDB.framework.zip kdp.zip lldbinit.zip 3 Link to comment Share on other sites More sharing options...
jalavoui Posted April 1, 2017 Author Share Posted April 1, 2017 Howto catch a opcode during kernel boot or after you load a driver u can get this Apr 1 17:50:57 localhost kernel[0]: invalid kernel opcode (64-bit): 96 e0 10 00 80 ff ff ff 08 00 00 00 00 00 00 00 Apr 1 17:50:57 localhost kernel[0]: invalid kernel opcode (64-bit): 96 e0 10 00 80 ff ff ff 08 00 00 00 00 00 00 00 Apr 1 17:50:57 localhost kernel[0]: invalid kernel opcode (64-bit): 96 e0 10 00 80 ff ff ff 08 00 00 00 00 00 00 00 Apr 1 17:50:58 localhost kernel[0]: invalid kernel opcode (64-bit): 96 e0 10 00 80 ff ff ff 08 00 00 00 00 00 00 00 the address in this case is ff ff ff + 80 00 10 e0 96 so in xcode after u use the magic keys to enter debug mode u type break 0xffffff800010e096 then u can resume the process (type c) the debugger will stop on the right function and show where the opcode bug is. if u use the kernel source code (or other apple source code) u get a very good trace of the opcode. To debug a graphic driver on the AMD7000 if u get a bug u can easily trace it using opcodes cause the driver breaks and u can catch it on logs AMD8000,9000 don't have this behavior - they just exit silently - this make debugging much harder more soon 3 Link to comment Share on other sites More sharing options...
Rocky12 Posted May 20, 2017 Share Posted May 20, 2017 Great news really appreciate your help and support Link to comment Share on other sites More sharing options...
hackaudio Posted August 28, 2017 Share Posted August 28, 2017 Panic debug procedure: To debug the kernel/kext u need an Apple ethernet driver installed on the mau're debugging (machine1) What do you mean `Apple ethernet driver'? Does debug kernel need specific hardware? $ ls -l /System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns total 0 drwxr-xr-x 3 root wheel 102 4 15 07:44 AppleBCM5701Ethernet.kext drwxr-xr-x 3 root wheel 102 4 15 07:43 AppleIntel8254XEthernet.kext drwxr-xr-x 3 root wheel 102 4 15 07:44 AppleIntelI210Ethernet.kext drwxr-xr-x 3 root wheel 102 4 15 07:49 AppleVmxnet3Ethernet.kext drwxr-xr-x 3 root wheel 102 4 15 07:43 AppleYukon2.kext drwxr-xr-x 3 root wheel 102 4 15 07:35 IOEthernetAVBController.kext drwxr-xr-x 3 root wheel 102 4 15 07:43 Intel82574L.kext drwxr-xr-x 3 root wheel 102 4 15 07:35 mDNSOffloadUserClient.kext drwxr-xr-x 3 root wheel 102 4 15 07:52 nvenet.kext Is it possible to debug kernel panic which happen on a Hackintosh? reference: https://wikileaks.org/ciav7p1/cms/page_17760389.html Link to comment Share on other sites More sharing options...
kocoman Posted May 22 Share Posted May 22 does this driver work with catlina etc? Link to comment Share on other sites More sharing options...
Recommended Posts