Kurt Ferreira

Projects

Stuff

Debugging with Bochs

Loading a Symbols File

Generating the Symbols File

Symbols files must be of the form: 

%x %s

That is the hexadecimal virtual address of a symbol followed by its ASCII name

The following script will generate the symbols file: 

#!/bin/bash -x
##
## mkldsym: based on linux mksysmap, we just strip a field
## 
## usage:
## 
## mkldsym <ELF EXE> <output sym file>
nm -n $1 | grep -v '\( [aUw] \)\|\(__crc_\)\|\( \$[adt]\)' | awk '{print $1, $3}' > $2

Loading the Symbols File

Start Bochs: 

========================================================================
                        Bochs x86 Emulator 2.3
              Build from CVS snapshot on August 27, 2006
========================================================================
00000000000i[     ] reading configuration from nway-bochsrc
00000000000i[     ] nway-bochsrc: vga_update_interval seems awfully small!
00000000000e[     ] nway-bochsrc: ataX-master/slave CHS set to 0/0/0 - autodetection enabled
00000000000i[     ] installing x module as the Bochs GUI
00000000000i[     ] using log file bochsout.txt
Next at t=0
(0) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b         ; ea5be000f0
(1) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b         ; ea5be000f0

Load the symbols file 

<bochs:1> load-symbols "lwk.sym"

Set a breakpoint in printk function in our kernel 

<bochs:2> vb 0x8:"printk"

Continue execution till the breakpoint 

<bochs:3> c

We hit the breakpoint and see the context: 

(136477816) Breakpoint 3220503032, in 0008:00101230 (0x00101230)
Next at t=29992949
(0) [0x00101230] 0008:0000000000101230 (printk+0): push ebp        ; 55

Breakpoints

Virtual Address Breakpoints

Note: Newer versions of Bochs have resolved this issue

There is caveat with virtual breakpoints in bochs that I will illustrate here. It appears as though breakpoints are a hard-wall that u can not step past until the breakpoint is disabled. The following is how I deal with this when I am debugging.

Suppose we want to set a breakpoint for the printk function on our testing kernel. From the kernel's Map file (${LD} <…> -Map <mapfile>) 

              0x0000000000101180                con_install
              0x00000000001013a0                panic
              0x0000000000101230                printk
              0x00000000001011b0                con_puts

We see that the printk function is located at virtual address 0×0000000000101230. Also also note that our kernel's text is located in segment 0×8. Note: a symbols location can also be found using the nm command

After starting Bochs, we type at the simulation prompt: 

========================================================================
                        Bochs x86 Emulator 2.3
              Build from CVS snapshot on August 27, 2006
========================================================================
00000000000i[     ] reading configuration from nway.bochsrc
00000000000i[     ] nway.bochsrc: vga_update_interval seems awfully small!
00000000000e[     ] nway.bochsrc: ataX-master/slave CHS set to 0/0/0 - autodetection enabled
00000000000i[     ] installing x module as the Bochs GUI
00000000000i[     ] using log file bochsout.txt
Next at t=0
(0) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b         ; ea5be000f0
<bochs:1> vb 0x8:0x0000000000101230

This tells Bochs to set a breakpoint at virtual addess segment: 0×8, offset: 0×0000000000101230

Now we continue execution until we hit our breakpoint 

<bochs:2> c  
(136473720) Breakpoint 3213446024, in 0008:00101230 (0x00101230)
Next at t=31229582
(0) [0x00101230] 0008:0000000000101230 (unk. ctxt): push ebp                  ; 55

We hit out breakpoint at time= 31229582 and the address we specified.

Now we can perform any peeking and poking to see the state of the machine.

Suppose we now want to continue to the next time we hit this breakpoint. We must first find the break point number. 

<bochs:3> blist
Num Type           Disp Enb Address
  1 vbreakpoint    keep y   0x0008:0000000000101230

It is bp 1, we then diable breakpoint 1 

<bochs:4> bpd 1

Then step to the next instruction past the breakpoint 

<bochs:5> step
Next at t=31229583
(0) [0x00101231] 0008:0000000000101231 (unk. ctxt): mov ebp, esp              ; 89e5

We then enable breakpoint 1 

<bochs:6> bpe 1

Then continue execution until we hit the breakpoint. 

<bochs:7> c
(136473720) Breakpoint 3213446024, in 0008:00101230 (0x00101230)
Next at t=31801646
(0) [0x00101230] 0008:0000000000101230 (unk. ctxt): push ebp                  ; 55

… Ad infinitum.

To delete our virtual breakpoint we do the following 

<bochs:8> d 1
 
/var/www/ssl/data/pages/kurt/bochs.txt · Last modified: 2008/01/07 12:37 (external edit)     Back to top
Get Firefox! Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki