Category: Debugger

GKD symbol parsing engine failed to parse c++ symbol

GKD symbol parsing engine failed to parse c++ symbol

2016/04/05 0

Description of the first few entries in GOT table

Description of the first few entries in GOT table GOT[0] : The table’ s entry zero is reserved to hold the address of the dynamic structure, referenced with the symbol _DYNAMIC . This allows a program, such as the dynamic linker, to fi nd its own dynamic structure without having yet processed its relocation entries. This is especially…
Read more

2016/02/06 0

Enhancement of the OS debug format, support scripting

OS debug format is a xml based document stays in memory of the emulator, brining out the debug information in real time to the debugger, make the debugger understand what data structure they want to debug. In the early stage of kernel debugger, people rely on printk to dump out the debug information. At that…
Read more

2015/09/05 0

Originally from , it is a super professional article that explain the LD process. 08 Jan 2015 by David Corvoysier A few months ago I stumbled upon a linking problem with secondary dependencies I couldn’t solved without overlinking the corresponding libraries. I only realized today in a discussion with my friend Yann E. Morin that not only did I use the…
Read more

2015/09/02 0

gcc can’t handle too much #if macro

gcc can’t handle too much macro (#if, #define), the output dwarf will have wrong line number. So when you disassemble the assembly with c/c++ source, everything are wrong, including wrong line number, wrong assembly code to c source code, duplicated c/c++ line.   In GKD, i add an on/off button to filter out those…
Read more

2015/08/02 1

Getting the parameters by parsing the dwarf directly

I used another two months to getting correct location of each parameter of a functions. Mission sounds stupid, the timeframe i spent sounds stupid. If I use GDB, i perhaps never know how parameters are stored in memory. Now i know how computer ACTUALLY works. People think the parameters are store in the stack, and…
Read more

2015/07/07 0

How to lookup the value of each parameter from dwarf and memory location

Here are the steps to lookup the parameter value 1) Look into the “info” section from dwarf, “objdump –dwarf=info”. There is a die DW_AT_LOCATION (DW_OP_freg:0), telling you the offset to the frame register. 2) Look at the CIE from .eh_frames section, “objdump –dwarf=frames”. It will tell you the formula of calculating the CFA, such as…
Read more

2015/06/18 1

Decoded first two instructions of .eh_frame

Decoded first two instructions of .eh_frame, dwarf spec is lack of detail, need to hack into the objdump to understand each byte, it is time consuming.

2015/05/12 1

I finally understand why “DW_OP_fbreg: 0” is possible

In the following function kmalloc2, take a look the first parameter, the memory location of that parameter is stated by dwarf “DW_AT_location : 2 byte block: 91 0 (DW_OP_fbreg: 0)”, where “DW_OP_fbreg: 0” means stack+0. I was thinking why it is possible. Because when cpu executed call instruction, it already pushed 4 bytes into the…
Read more

2015/04/14 0

I finally understand why same parameter even has multiple locations

I finally understand why same parameter even has multiple locations. My pass concept is parameter stay in the stack. But after hacking the dwarf, it show me same parameter have multiple location during execution. Take a look below image, I wrote a function call kmalloc2 (blue arrow), the third parameter “size” has three locations (yellow…
Read more

2015/04/07 1

Finally can dump out the parameter type from dwarf standard

Finally can dump out the parameter type from dwarf standard. Some parameter is store recursively, so need to read out DW_AT_type and get the right die and decode again. Personally I think dwarf is just too hard to parse. Here is the code

2015/03/29 0

This is how to decode dwarf DT_Type

This is how to decode dwarf DT_Type

2015/03/23 1

heading toward to decode the range address of dwarf

heading toward to decode the range address of dwarf, this job is killing me. And I found the information in die is not always meaningful, see below.

2015/03/22 1

Peter-dwarf library can show hierarchy data for compile unit now

Peter-dwarf library can show hierarchy data for compile unit now

2015/02/15 1

now is good enough

now is good enough, can focus on library things

2015/01/22 0

Elf is having duplicate compile unit, why ld doesn’t clear it out?

Elf is having duplicate compile unit, why ld doesn’t clear it out?

2015/01/09 0

make bochs runs faster

Without “CXXFLAGS=-O3”, boots can only runs 20M ips on my i5 mbpr. With that, now is 57M ips.

2014/12/14 0

bochs problem again

I am unable to get the “” from the input stream. Please help. In command line, when i start bochs, I saw “”, which is very normal. But if i use java to read it out, i never got the . I tried different classes (BufferedReader, InputStream), none of them success.

2014/11/22 0

Tutorial : Add a debug command in bochs

This tutorial teach you how to add a debug command in boots, you need to touch these files only: debug.h lexer.l parser.y Step 1) First of all, you need to add your command (see below) to lexer.l, don’t add anything below the line “[A-Za-z_][A-Za-z0-9_]* { bxlval.sval = strdup(bxtext); return(BX_TOKEN_GENERIC); }”, because it will eat…
Read more

2014/11/15 0

bochs can’t compile in mac (solved)

bochs can’t compile in mac because the configure always set gui_debugger=1, just set this variable to 0 in line 22459. Bochs can be compile in mac with “./configure –enable-disasm –with-sdl –enable-debugger”

2014/11/15 0

GKD with windows is working

Someone comlpaint GKD dosen’t work with Bochs in windows. Because the bochs path has space. I just tested it in windows 7, this issue doesn’t exist.

2014/10/09 0

openocd with arm is working

openocd with arm is working

2014/10/05 0

openjtag + openocd + smartarm 2200

Finally connect my openjtag usb device to my old smartarm 2200 development board using openocd. The next step is buy a x86 dev board (intel galileo) and try to use openocd with it. Then port peter-bochs to support openocd, finally i will have a hardware debug platform for os dev. is a development board…
Read more

2014/10/01 0

find out what’s wrong in your page table

People always ask me why their virtual address is not pointing to the right physical address. Almost every time is the page table get wrong. But there are few possibilities, such as PD, CR address and etc.. You can use these step to find out. 1) First, set the physical point and run until the…
Read more

2014/09/20 0

A little bit better – Showing the MBR

A little bit better – Showing the MBR Here is the java code to read MBR out:

2014/07/28 0

GKD dependency tree graph

GKD dependency tree graph

2014/07/11 0

gdb protocol, “g” command

This is the tcpflow dump for the gdb protocol “g” command, it contains all register values. Let’s parse it: After the trace: target.c::debug_print_register gdbarch.c::gdbarch_register_name i386-tdep.c::i386_register_names The register packet can be decode by:

2014/04/19 0

i may know why the gdb command “x” only request one byte each time

I am playing the gdbstub in qemu, i found a bug there , if i invoke the function cpu_physical_memory_rw(0xffff0, mem_buf, 50, 0) , qemu crashes. Then, i tested the gdb command “x /20bx 0xffff0” and use tcpflow to capture the gdb packet, i found out gdb send 20 command and each time request one byte only.…
Read more

2013/10/08 0

qemu 1.6.0 rc2 has bug

I found a bug in qemu, version 1.6.0 rc2. When i invoke: where addr=0xffff0 and noOfBytes=50, qemu will has segmentation fault. I called the cpu_physical_memory_rw right after the qemu is started (haven’t run yet) with gdb. The vm was in real mode, i am not sure it is crossing memory boundary problem. But i just…
Read more

2013/10/07 0

QMP Supported Commands

QMP Supported Commands:   This document describes all commands currently supported by QMP. Most of the time their usage is exactly the same as in the user Monitor, this means that any other document which also describe commands (the manpage, QEMU’s manual, etc) can and should be consulted. QMP has two types of commands: regular…
Read more

2013/09/22 0

Qemu + GDB, the single step speed is not fast

In bochs, i can invokes around 40 single step commands in my 2012 mac air. People think qemu is much faster than bochs, it is truth but not for single step. I wrote a java program and keep sending single-step command to qemu through socket (GDB protocol, the average speed is 32 commands per seconds.…
Read more

2013/08/18 0

GDB two-breakpoints inter-communication between gdb and gdbstub of qemu

$tcpflow -c -i lo0 port 1234 tcpflow[5508]: new flow + $qSupported:multiprocess+;xmlRegisters=i386;qRelocInsn+#b5 + $PacketSize=1000#f1 + $Hg0#df + $OK#9a + $?#3f + $T05thread:01;#07 + $Hc-1#09 + $OK#9a + $qC#b4 + $QC1#c5 + $qAttached#8f…
Read more

2013/06/16 0

gdb – qemu : two breakpoints flowchart

This is the flowchart for qemu-gdb after i insert two breakpoints at 0x7c00 and 0x7c01, you can see everytime gdb hit a breakpoints, it will remove all breakpoints. And if the current address is the address that hit the breakpoint, when you want to “cont”, gdb will send a “s” command first.

2013/06/12 0

gdb crash, for another debug server

if you are create your own debug server,  gdb will crash, take a look: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffebfff700 (LWP 32202)] 0x000055555577632b in gdb_set_stop_cpu (env=env@entry=0x5555564f6d20) at /root/workspace/qemu-1.5.0/gdbstub.c:2510 2510 gdbserver_state->c_cpu = env; Missing separate debuginfos, use: debuginfo-install SDL-1.2.15-3.fc18.x86_64 cyrus-sasl-lib-2.1.23-37.fc18.x86_64 glib2-2.34.2-2.fc18.x86_64 glibc-2.16-28.fc18.x86_64 libX11-1.5.0-3.fc18.x86_64 libXau-1.0.6-4.fc18.x86_64 libXcursor-1.1.13-2.fc18.x86_64 libXext-1.3.1-2.fc18.x86_64 libXfixes-5.0-3.fc18.x86_64 libXrandr-1.4.0-1.fc18.x86_64 libXrender-0.9.7-2.fc18.x86_64 libpng-1.5.13-1.fc18.x86_64 libxcb-1.9-1.fc18.x86_64 nss-softokn-freebl-3.14.3-1.fc18.x86_64…
Read more

2013/06/12 0

peter-dwarf can support 32 bits elf only

There is a western friend told me he can’t use peter-dwarf to parse his 64 bits elf file, after i trace my code, i finally found my peter-dwarf library only support 32 bits elf. I need some time to enhance it and make it 64 bits.

2013/04/26 2

qemu debug server hang after breakpoint is hit

If you are developing a debug server for qemu, after qemu hit a breakpoint, your server have to remove the breakpoint manually and re-insert it after the cpu passed that EIP, otherwise the cpu will forever stay in the EIP and can’t single-step/cont to the next instruction. If you take a look the gdbstub.c, gdb…
Read more

2013/03/21 0

Restructuring the debugger

At the moment, i am facing 2 big problems of bochs, the first one is unsolvable, bochs running too slow. It is ok if you are doing a hobby OS development, but if you are trying to use bochs to run a full feature Linux kernel or a windows 7, it is just so slow.…
Read more

2013/03/13 0

qemu single step will fail if current EIP hit a breakpoint

I use the following code to insert a breakpoint in physical address 0x1600000 qemu successfully hit the breakpoint and stop, then i try to single-step by the following code: Nothing happened, the EIP still stay in 0x1600000, but if i delete the breakpoint, the single step just work again. Am I missed something?

2013/02/14 0

A great qemu development link

2012/12/07 0