Category: Debugger

GKD symbol parsing engine failed to parse c++ symbol

GKD symbol parsing engine failed to parse c++ symbol


2016/04/05 0

Description of the first few entries in GOT table

Description of the first few entries in GOT table GOT[0] : The table’ s entry zero is reserved to hold the address of the dynamic structure, referenced with the symbol _DYNAMIC . This allows a program, such as the dynamic linker, to fi nd its own dynamic structure without having yet processed its relocation entries. This is especially…
Read more


2016/02/06 0

Enhancement of the OS debug format, support scripting

OS debug format https://code.google.com/p/peter-bochs/wiki/OSDebugStandard is a xml based document stays in memory of the emulator, brining out the debug information in real time to the debugger, make the debugger understand what data structure they want to debug. In the early stage of kernel debugger, people rely on printk to dump out the debug information. At that…
Read more


2015/09/05 0

http://www.kaizou.org/2015/01/linux-libraries/

Originally from http://www.kaizou.org/2015/01/linux-libraries/ , it is a super professional article that explain the LD process. 08 Jan 2015 by David Corvoysier A few months ago I stumbled upon a linking problem with secondary dependencies I couldn’t solved without overlinking the corresponding libraries. I only realized today in a discussion with my friend Yann E. Morin that not only did I use the…
Read more


2015/09/02 0

gcc can’t handle too much #if macro

gcc can’t handle too much macro (#if, #define), the output dwarf will have wrong line number. So when you disassemble the assembly with c/c++ source, everything are wrong, including wrong line number, wrong assembly code to c source code, duplicated c/c++ line. https://github.com/gcc-mirror/gcc/blob/master/libgcc/libgcc2.c   In GKD, i add an on/off button to filter out those…
Read more


2015/08/02 1

Getting the parameters by parsing the dwarf directly

I used another two months to getting correct location of each parameter of a functions. Mission sounds stupid, the timeframe i spent sounds stupid. If I use GDB, i perhaps never know how parameters are stored in memory. Now i know how computer ACTUALLY works. People think the parameters are store in the stack, and…
Read more


2015/07/07 0

How to lookup the value of each parameter from dwarf and memory location

Here are the steps to lookup the parameter value 1) Look into the “info” section from dwarf, “objdump –dwarf=info”. There is a die DW_AT_LOCATION (DW_OP_freg:0), telling you the offset to the frame register. 2) Look at the CIE from .eh_frames section, “objdump –dwarf=frames”. It will tell you the formula of calculating the CFA, such as…
Read more


2015/06/18 1

Decoded first two instructions of .eh_frame

Decoded first two instructions of .eh_frame, dwarf spec is lack of detail, need to hack into the objdump to understand each byte, it is time consuming.


2015/05/12 1

I finally understand why “DW_OP_fbreg: 0” is possible

In the following function kmalloc2, take a look the first parameter, the memory location of that parameter is stated by dwarf “DW_AT_location : 2 byte block: 91 0 (DW_OP_fbreg: 0)”, where “DW_OP_fbreg: 0” means stack+0. I was thinking why it is possible. Because when cpu executed call instruction, it already pushed 4 bytes into the…
Read more


2015/04/14 0

I finally understand why same parameter even has multiple locations

I finally understand why same parameter even has multiple locations. My pass concept is parameter stay in the stack. But after hacking the dwarf, it show me same parameter have multiple location during execution. Take a look below image, I wrote a function call kmalloc2 (blue arrow), the third parameter “size” has three locations (yellow…
Read more


2015/04/07 1

Finally can dump out the parameter type from dwarf standard

Finally can dump out the parameter type from dwarf standard. Some parameter is store recursively, so need to read out DW_AT_type and get the right die and decode again. Personally I think dwarf is just too hard to parse. Here is the code https://sourceforge.net/p/peter-dwarf/code/254/tree//trunk/src/main/java/com/peterdwarf/dwarf/DwarfLib.java https://sourceforge.net/p/peter-dwarf/code/254/tree//trunk/src/main/java/com/peterdwarf/dwarf/Dwarf.java


2015/03/29 0

This is how to decode dwarf DT_Type

This is how to decode dwarf DT_Type


2015/03/23 1

heading toward to decode the range address of dwarf

heading toward to decode the range address of dwarf, this job is killing me. And I found the information in die is not always meaningful, see below.


2015/03/22 1

Peter-dwarf library can show hierarchy data for compile unit now

Peter-dwarf library can show hierarchy data for compile unit now


2015/02/15 1

now is good enough

now is good enough, can focus on library things


2015/01/22 0

Elf is having duplicate compile unit, why ld doesn’t clear it out?

Elf is having duplicate compile unit, why ld doesn’t clear it out?


2015/01/09 0

make bochs runs faster

Without “CXXFLAGS=-O3”, boots can only runs 20M ips on my i5 mbpr. With that, now is 57M ips.


2014/12/14 0

bochs problem again

I am unable to get the “” from the input stream. Please help. In command line, when i start bochs, I saw “”, which is very normal. But if i use java to read it out, i never got the . I tried different classes (BufferedReader, InputStream), none of them success.


2014/11/22 0

Tutorial : Add a debug command in bochs

This tutorial teach you how to add a debug command in boots, you need to touch these files only: debug.h dbg_main.cc lexer.l parser.y Step 1) First of all, you need to add your command (see below) to lexer.l, don’t add anything below the line “[A-Za-z_][A-Za-z0-9_]* { bxlval.sval = strdup(bxtext); return(BX_TOKEN_GENERIC); }”, because it will eat…
Read more


2014/11/15 0

bochs can’t compile in mac (solved)

bochs can’t compile in mac because the configure always set gui_debugger=1, just set this variable to 0 in line 22459. Bochs can be compile in mac with “./configure –enable-disasm –with-sdl –enable-debugger”


2014/11/15 0