Category: Debugger

GKD symbol parsing engine failed to parse c++ symbol

GKD symbol parsing engine failed to parse c++ symbol read count : 11


2016/04/05 0

Description of the first few entries in GOT table

Description of the first few entries in GOT table GOT[0] : The table’ s entry zero is reserved to hold the address of the dynamic structure, referenced with the symbol _DYNAMIC . This allows a program, such as the dynamic linker, to fi nd its own dynamic structure without having yet processed its relocation entries. This is especially…
Read more


2016/02/06 0

Enhancement of the OS debug format, support scripting

OS debug format https://code.google.com/p/peter-bochs/wiki/OSDebugStandard is a xml based document stays in memory of the emulator, brining out the debug information in real time to the debugger, make the debugger understand what data structure they want to debug. In the early stage of kernel debugger, people rely on printk to dump out the debug information. At that…
Read more


2015/09/05 0

http://www.kaizou.org/2015/01/linux-libraries/

Originally from http://www.kaizou.org/2015/01/linux-libraries/ , it is a super professional article that explain the LD process. 08 Jan 2015 by David Corvoysier A few months ago I stumbled upon a linking problem with secondary dependencies I couldn’t solved without overlinking the corresponding libraries. I only realized today in a discussion with my friend Yann E. Morin that not only did I use the…
Read more


2015/09/02 0

gcc can’t handle too much #if macro

gcc can’t handle too much macro (#if, #define), the output dwarf will have wrong line number. So when you disassemble the assembly with c/c++ source, everything are wrong, including wrong line number, wrong assembly code to c source code, duplicated c/c++ line. https://github.com/gcc-mirror/gcc/blob/master/libgcc/libgcc2.c   In GKD, i add an on/off button to filter out those…
Read more


2015/08/02 1

Getting the parameters by parsing the dwarf directly

I used another two months to getting correct location of each parameter of a functions. Mission sounds stupid, the timeframe i spent sounds stupid. If I use GDB, i perhaps never know how parameters are stored in memory. Now i know how computer ACTUALLY works. People think the parameters are store in the stack, and…
Read more


2015/07/07 0

How to lookup the value of each parameter from dwarf and memory location

Here are the steps to lookup the parameter value 1) Look into the “info” section from dwarf, “objdump –dwarf=info”. There is a die DW_AT_LOCATION (DW_OP_freg:0), telling you the offset to the frame register. 2) Look at the CIE from .eh_frames section, “objdump –dwarf=frames”. It will tell you the formula of calculating the CFA, such as…
Read more


2015/06/18 1

Decoded first two instructions of .eh_frame

Decoded first two instructions of .eh_frame, dwarf spec is lack of detail, need to hack into the objdump to understand each byte, it is time consuming. read count : 305


2015/05/12 1

I finally understand why “DW_OP_fbreg: 0” is possible

In the following function kmalloc2, take a look the first parameter, the memory location of that parameter is stated by dwarf “DW_AT_location : 2 byte block: 91 0 (DW_OP_fbreg: 0)”, where “DW_OP_fbreg: 0” means stack+0. I was thinking why it is possible. Because when cpu executed call instruction, it already pushed 4 bytes into the…
Read more


2015/04/14 0

I finally understand why same parameter even has multiple locations

I finally understand why same parameter even has multiple locations. My pass concept is parameter stay in the stack. But after hacking the dwarf, it show me same parameter have multiple location during execution. Take a look below image, I wrote a function call kmalloc2 (blue arrow), the third parameter “size” has three locations (yellow…
Read more


2015/04/07 1

Finally can dump out the parameter type from dwarf standard

Finally can dump out the parameter type from dwarf standard. Some parameter is store recursively, so need to read out DW_AT_type and get the right die and decode again. Personally I think dwarf is just too hard to parse. Here is the code https://sourceforge.net/p/peter-dwarf/code/254/tree//trunk/src/main/java/com/peterdwarf/dwarf/DwarfLib.java https://sourceforge.net/p/peter-dwarf/code/254/tree//trunk/src/main/java/com/peterdwarf/dwarf/Dwarf.java read count : 240


2015/03/29 0

This is how to decode dwarf DT_Type

This is how to decode dwarf DT_Type read count : 327


2015/03/23 1

heading toward to decode the range address of dwarf

heading toward to decode the range address of dwarf, this job is killing me. And I found the information in die is not always meaningful, see below. read count : 275


2015/03/22 1

Peter-dwarf library can show hierarchy data for compile unit now

Peter-dwarf library can show hierarchy data for compile unit now read count : 340


2015/02/15 1

now is good enough

now is good enough, can focus on library things read count : 318


2015/01/22 0

Elf is having duplicate compile unit, why ld doesn’t clear it out?

Elf is having duplicate compile unit, why ld doesn’t clear it out? read count : 224


2015/01/09 0

make bochs runs faster

Without “CXXFLAGS=-O3”, boots can only runs 20M ips on my i5 mbpr. With that, now is 57M ips. read count : 251


2014/12/14 0

bochs problem again

I am unable to get the “” from the input stream. Please help. In command line, when i start bochs, I saw “”, which is very normal. But if i use java to read it out, i never got the . I tried different classes (BufferedReader, InputStream), none of them success. read count : 208


2014/11/22 0

Tutorial : Add a debug command in bochs

This tutorial teach you how to add a debug command in boots, you need to touch these files only: debug.h dbg_main.cc lexer.l parser.y Step 1) First of all, you need to add your command (see below) to lexer.l, don’t add anything below the line “[A-Za-z_][A-Za-z0-9_]* { bxlval.sval = strdup(bxtext); return(BX_TOKEN_GENERIC); }”, because it will eat…
Read more


2014/11/15 0

bochs can’t compile in mac (solved)

bochs can’t compile in mac because the configure always set gui_debugger=1, just set this variable to 0 in line 22459. Bochs can be compile in mac with “./configure –enable-disasm –with-sdl –enable-debugger” read count : 220


2014/11/15 0

GKD with windows is working

Someone comlpaint GKD dosen’t work with Bochs in windows. Because the bochs path has space. I just tested it in windows 7, this issue doesn’t exist. read count : 310


2014/10/09 0

openocd with arm is working

openocd with arm is working read count : 222


2014/10/05 0

openjtag + openocd + smartarm 2200

Finally connect my openjtag usb device to my old smartarm 2200 development board using openocd. The next step is buy a x86 dev board (intel galileo) and try to use openocd with it. Then port peter-bochs to support openocd, finally i will have a hardware debug platform for os dev. http://www.zlgmcu.com is a development board…
Read more


2014/10/01 0

find out what’s wrong in your page table

People always ask me why their virtual address is not pointing to the right physical address. Almost every time is the page table get wrong. But there are few possibilities, such as PD, CR address and etc.. You can use these step to find out. 1) First, set the physical point and run until the…
Read more


2014/09/20 0

A little bit better – Showing the MBR

A little bit better – Showing the MBR Here is the java code to read MBR out: read count : 263


2014/07/28 0

GKD dependency tree graph

GKD dependency tree graph read count : 231


2014/07/11 0

gdb protocol, “g” command

This is the tcpflow dump for the gdb protocol “g” command, it contains all register values. Let’s parse it: After the trace: target.c::debug_print_register gdbarch.c::gdbarch_register_name i386-tdep.c::i386_register_names The register packet can be decode by: read count : 232


2014/04/19 0

i may know why the gdb command “x” only request one byte each time

I am playing the gdbstub in qemu, i found a bug there http://peter.kingofcoders.com/?p=859 , if i invoke the function cpu_physical_memory_rw(0xffff0, mem_buf, 50, 0) , qemu crashes. Then, i tested the gdb command “x /20bx 0xffff0” and use tcpflow to capture the gdb packet, i found out gdb send 20 command and each time request one byte only.…
Read more


2013/10/08 0

qemu 1.6.0 rc2 has bug

I found a bug in qemu, version 1.6.0 rc2. When i invoke: where addr=0xffff0 and noOfBytes=50, qemu will has segmentation fault. I called the cpu_physical_memory_rw right after the qemu is started (haven’t run yet) with gdb. The vm was in real mode, i am not sure it is crossing memory boundary problem. But i just…
Read more


2013/10/07 0

QMP Supported Commands

QMP Supported Commands:   This document describes all commands currently supported by QMP. Most of the time their usage is exactly the same as in the user Monitor, this means that any other document which also describe commands (the manpage, QEMU’s manual, etc) can and should be consulted. QMP has two types of commands: regular…
Read more


2013/09/22 0

Qemu + GDB, the single step speed is not fast

In bochs, i can invokes around 40 single step commands in my 2012 mac air. People think qemu is much faster than bochs, it is truth but not for single step. I wrote a java program and keep sending single-step command to qemu through socket (GDB protocol, the average speed is 32 commands per seconds.…
Read more


2013/08/18 0

GDB two-breakpoints inter-communication between gdb and gdbstub of qemu

$tcpflow -c -i lo0 port 1234 tcpflow[5508]: 127.000.000.001.01234-127.000.000.001.58366: new flow 127.000.000.001.58366-127.000.000.001.01234: + 127.000.000.001.58366-127.000.000.001.01234: $qSupported:multiprocess+;xmlRegisters=i386;qRelocInsn+#b5 127.000.000.001.01234-127.000.000.001.58366: + 127.000.000.001.01234-127.000.000.001.58366: $PacketSize=1000#f1 127.000.000.001.58366-127.000.000.001.01234: + 127.000.000.001.58366-127.000.000.001.01234: $Hg0#df 127.000.000.001.01234-127.000.000.001.58366: + 127.000.000.001.01234-127.000.000.001.58366: $OK#9a 127.000.000.001.58366-127.000.000.001.01234: + 127.000.000.001.58366-127.000.000.001.01234: $?#3f 127.000.000.001.01234-127.000.000.001.58366: + 127.000.000.001.01234-127.000.000.001.58366: $T05thread:01;#07 127.000.000.001.58366-127.000.000.001.01234: + 127.000.000.001.58366-127.000.000.001.01234: $Hc-1#09 127.000.000.001.01234-127.000.000.001.58366: + 127.000.000.001.01234-127.000.000.001.58366: $OK#9a 127.000.000.001.58366-127.000.000.001.01234: + 127.000.000.001.58366-127.000.000.001.01234: $qC#b4 127.000.000.001.01234-127.000.000.001.58366: + 127.000.000.001.01234-127.000.000.001.58366: $QC1#c5 127.000.000.001.58366-127.000.000.001.01234: + 127.000.000.001.58366-127.000.000.001.01234: $qAttached#8f 127.000.000.001.01234-127.000.000.001.58366:…
Read more


2013/06/16 0

gdb – qemu : two breakpoints flowchart

This is the flowchart for qemu-gdb after i insert two breakpoints at 0x7c00 and 0x7c01, you can see everytime gdb hit a breakpoints, it will remove all breakpoints. And if the current address is the address that hit the breakpoint, when you want to “cont”, gdb will send a “s” command first. read count :…
Read more


2013/06/12 0

gdb crash, for another debug server

if you are create your own debug server,  gdb will crash, take a look: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffebfff700 (LWP 32202)] 0x000055555577632b in gdb_set_stop_cpu (env=env@entry=0x5555564f6d20) at /root/workspace/qemu-1.5.0/gdbstub.c:2510 2510 gdbserver_state->c_cpu = env; Missing separate debuginfos, use: debuginfo-install SDL-1.2.15-3.fc18.x86_64 cyrus-sasl-lib-2.1.23-37.fc18.x86_64 glib2-2.34.2-2.fc18.x86_64 glibc-2.16-28.fc18.x86_64 libX11-1.5.0-3.fc18.x86_64 libXau-1.0.6-4.fc18.x86_64 libXcursor-1.1.13-2.fc18.x86_64 libXext-1.3.1-2.fc18.x86_64 libXfixes-5.0-3.fc18.x86_64 libXrandr-1.4.0-1.fc18.x86_64 libXrender-0.9.7-2.fc18.x86_64 libpng-1.5.13-1.fc18.x86_64 libxcb-1.9-1.fc18.x86_64 nss-softokn-freebl-3.14.3-1.fc18.x86_64…
Read more


2013/06/12 0

peter-dwarf can support 32 bits elf only

There is a western friend told me he can’t use peter-dwarf to parse his 64 bits elf file, after i trace my code, i finally found my peter-dwarf library only support 32 bits elf. I need some time to enhance it and make it 64 bits. read count : 486


2013/04/26 2

qemu debug server hang after breakpoint is hit

If you are developing a debug server for qemu, after qemu hit a breakpoint, your server have to remove the breakpoint manually and re-insert it after the cpu passed that EIP, otherwise the cpu will forever stay in the EIP and can’t single-step/cont to the next instruction. If you take a look the gdbstub.c, gdb…
Read more


2013/03/21 0

Restructuring the debugger

At the moment, i am facing 2 big problems of bochs, the first one is unsolvable, bochs running too slow. It is ok if you are doing a hobby OS development, but if you are trying to use bochs to run a full feature Linux kernel or a windows 7, it is just so slow.…
Read more


2013/03/13 0

qemu single step will fail if current EIP hit a breakpoint

I use the following code to insert a breakpoint in physical address 0x1600000 qemu successfully hit the breakpoint and stop, then i try to single-step by the following code: Nothing happened, the EIP still stay in 0x1600000, but if i delete the breakpoint, the single step just work again. Am I missed something? read count…
Read more


2013/02/14 0

Peter-bochs – State chart diagram

read count : 380


2012/12/22 0

A great qemu development link

http://people.cs.nctu.edu.tw/~chenwj/dokuwiki/doku.php?id=qemu read count : 336


2012/12/07 0