.s [#] displays short logged exceptions starting at #, if specified.
Displays a condensed version of logged exceptions (logging is enabled with the ".T" command described previously). The ".S" command displays the log in brief format, most recent log entry first.
The first column is the log entry number.
The second column describes the reason for the log entry. If the log entry describes the beginning of a fault, it contains the fault number. If the log entry describes leaving ring 0 (for example, because fault
handling is complete), it contains the word "OUT".
The third column is the handle of the thread at the time of the fault.
The fourth column is the number of times the critical section was taken at the time the log entry was made.
The fifth column is "EI" if interrupts were enabled at the time the log entry was made; "DI" if interrupts were disabled.
The sixth column describes the processor mode at the time of the fault. It is "VMM" to indicate that the fault was encountered by a ring 0 component. It is "V86" to indicate that the fault was encountered
while in V86-mode. It is "PM" to indicate that the fault was encountered in ring 3 protected mode.
The seventh column is the address that caused the fault.
The remainder of the line contains auxiliary information related to the fault. If the fault was raised by a software interrupt or I/O port access, the faulting instruction is disassembled; in the case of a software interrupt, the value of the EAX register is also displayed following the disassembly. If the fault was caused by a callback or breakpoint, the address of the ring 0 handler for the callback or breakpoint is displayed.
Here follow some sample log entries with interpretation.
0000165A: OUT C1D9F08C 00 EI VMM C0011FDC
This is log entry number 0000165A. The system is leaving ring 0 ("OUT"). The current thread is C1D9F08C, the critical section is not taken ("00"), interrupts are enabled ("EI"), and the system is returning to interrupt code which happens also to be at ring 0 ("VMM"), at address C0011FDC.
00023131: 002A C359F08C 01 EI V86 FF03:5311 INT 2A 00008102
This is log entry number 000023131. The system is entering ring 0 due to software interrupt 002A. The current thread is C359F08C, the critical section is taken once ("01"), interrupts are enabled ("EI"), and the software interrupt was raised by V86-mode ("V86") at address FF03:5311. The faulting instruction was an "INT 2A", and the value of the EAX register was 00008102.
0002312B: 0006 C1D9F08C 00 DI V86 FEB7:1448 Hdl: C0087244:IFSMGR(01) + 86d
This is log entry number 00002312B. The system is entering ring 0 due to an invalid opcode (fault 0006). The current thread is C1D9F08C, the critical section is not taken ("00"), interrupts are disabled ("DI"),
and the software interrupt was raised by V86-mode ("V86") at address FEB7:1448. The faulting instruction was a callback or breakpoint; the handler for the callback of breakpoint is IFSMGR(01) + 86d.
00023118: 0055 C1D9F08C 00 EI VMM C0011FDC
This is log entry number 000023118. The system is entering ring 0 due to an IRQ 5 (50+5). The current thread is C1D9F08C, the critical section is not taken ("00"), interrupts are disabled ("EI"), and the hardware interrupt was raised while the system was in ring 0 ("VMM") at address C0011FDC.
The ".SL" command described in the following displays a complete dump to each logged entry, but takes much more screen space, so this command is used more often to get a quick look at the sequence of faults, and the ".SL" command is used when a more in-depth view is necessary, or when it is necessary to know what other registers were at the time of the fault.
".S" accepts an optional parameter that is the fault entry index. If this parameter exists, then the log is searched for the specified entry. If the entry is found, then the list starts from that entry and proceeded backwards to the oldest entry; if the entry is not found then a warning message is displayed and the list starts from the most resent.
The macro Queue_Out queues messages to a separate circular queue. Each message is linked to the current fault entry index, so the ".S" can show the queued messages interspersed with the fault information. This allows fault handlers to show information about how they handled the fault so that the list displayed by the ".S" command is a fairly complete execution history, which is particularly useful when debugging devices that are trying to virtualize I/O so that they simulate actual hardware, such as the PIC, DMA and video.
".S" always disables logging before it displays anything, so no more logging will be performed until ".T" is invoked again.