Kernel, Virus and Programming

ported libelf

finally ported libel to my os, my linker script won’t warn me I crossed the kernel boundary. So libelf’s variables becoming exist in a memory area that they shouldn’t be there.


2015/09/13 0

This battery save my apple magic mouse

When you change your mouse from logitech mouse to magic mouse, the first feeling is that magic mouse is much much heavier. This battery save my apple magic mouse, although it has lesser mah, but it is 5 times lighter than normal battery, so i much my magic mouse much lighter weight. And it is only…
Read more


2015/09/08 0

Enable peter-swing theme in netbeans

Edit : /Applications/NetBeans/NetBeans 8.0.2.app/Contents/Resources/NetBeans/etc/netbeans.conf Change the line to:


2015/09/06 0

Enhancement of the OS debug format, support scripting

OS debug format https://code.google.com/p/peter-bochs/wiki/OSDebugStandard is a xml based document stays in memory of the emulator, brining out the debug information in real time to the debugger, make the debugger understand what data structure they want to debug. In the early stage of kernel debugger, people rely on printk to dump out the debug information. At that…
Read more


2015/09/05 0

http://www.kaizou.org/2015/01/linux-libraries/

Originally from http://www.kaizou.org/2015/01/linux-libraries/ , it is a super professional article that explain the LD process. 08 Jan 2015 by David Corvoysier A few months ago I stumbled upon a linking problem with secondary dependencies I couldn’t solved without overlinking the corresponding libraries. I only realized today in a discussion with my friend Yann E. Morin that not only did I use the…
Read more


2015/09/02 0

Amazing recording feature by specific which code-block you want to record

In the original GKD design, it works with bochs instrumentation. Being helped (https://sourceforge.net/p/bochs/discussion/39593/thread/d960fe94/?limit=50) by the author of bochs (Mr Stanislav Shwartsman ) emulator, now we can use the prefetch instruction to specific which code-block you want to record, it becomes even more useful now. Every code surrounded by PREFETCHT0 and PREFETCHT1 instruction, GKD will record jumping instruction…
Read more


2015/08/20 0

handling exception 7

the easiest way to handle exception 7 is to execute clts then iret. My kernel was crashed because it generated a exception 0x7.


2015/08/19 0

GKD can dump the exceptions now

GKD can dump the exceptions now, it helps me to trace what happened to my kernel


2015/08/13 0

hard to theme netbeans perfectly

It is hard to theme netbeans using traditional swing look & feel. The reason is netbean’s tab container is not traditional swing JTabbedPane. See the post https://netbeans.org/bugzilla/show_bug.cgi?id=150393 Netbeans use a AbstractViewTabDisplayerUI to support only few “default look & feel”, such as Metal, Nimbus, Aqua. see below: The problem is : This default look & feel tab container…
Read more


2015/08/06 0

Peter-swing java look & feel

https://github.com/mcheung63/peter-swing


2015/08/03 0

grub is slow on bochs

if grub is running slowly on bochs, try to add “–no-rs-codes” to your grub-bios-setup command. It will be 0.5 sec versus 5 seconds different.


2015/08/02 0

gcc can’t handle too much #if macro

gcc can’t handle too much macro (#if, #define), the output dwarf will have wrong line number. So when you disassemble the assembly with c/c++ source, everything are wrong, including wrong line number, wrong assembly code to c source code, duplicated c/c++ line. https://github.com/gcc-mirror/gcc/blob/master/libgcc/libgcc2.c   In GKD, i add an on/off button to filter out those…
Read more


2015/08/02 1

GKD is running fast with bochs instrumentation stub now

GKD is running fast with bochs instrumentation stub now, it captures all jmp/call/int/ret, all instructions that change you EIP. I am using H2 as the backbone database, every second can records over 100,000 instruction, which is pretty fast. Turn on subtitle when you are watching it:


2015/07/26 0

Nazi gun tower


2015/07/13 0

Getting the parameters by parsing the dwarf directly

I used another two months to getting correct location of each parameter of a functions. Mission sounds stupid, the timeframe i spent sounds stupid. If I use GDB, i perhaps never know how parameters are stored in memory. Now i know how computer ACTUALLY works. People think the parameters are store in the stack, and…
Read more


2015/07/07 0

libelf include issue

When you meet this: Just comment out the following line in /toolchain/include/libelf/sys_elf.h When I build the libelf in mac and in linux, the output sys_elf.h is different, in mac, the above line is not exist, so my OS is able to compile. Peter.


2015/06/30 0

How to lookup the value of each parameter from dwarf and memory location

Here are the steps to lookup the parameter value 1) Look into the “info” section from dwarf, “objdump –dwarf=info”. There is a die DW_AT_LOCATION (DW_OP_freg:0), telling you the offset to the frame register. 2) Look at the CIE from .eh_frames section, “objdump –dwarf=frames”. It will tell you the formula of calculating the CFA, such as…
Read more


2015/06/18 1

Linux view csv command

alias csv=’column -s, -t’ csv your_file


2015/06/16 0

Successfully decode .eh_frame

Successfully decode .eh_frame, now able to calculate the base offset of each parameter, can keep going on profiling feature of GKD


2015/05/27 0

objdump 2.24 has bug

objdump 2.24 has bug, but this bug is fixed in 2.25. It dump the wrong address for my 32 bits kernel.


2015/05/22 1