bochs 调试

bochs 基本调试

基本操作

Bochs 调试指令
行为	指令	举例
在某物理地址设置断点	b addr	b 0x7c00
显示当前所有断点信息	info break	info break
继续执行，直至遇到断点	c	c
单步执行	s	s
单步执行（遇到函数跳过）	n	n
查看寄存器信息	info cpu
r
fp
sreg
creg	info cpu
r
fp
sreg
cre
查看堆栈	print-stack	print-stack
查看内存物理地址内容	xp /nuf addr	xp /40bx 0x9013e
查看线性地址内容	x /nuf addr	x /40bx 0x13e
反汇编一段内存	u start end	u 0x30400 0x3040d
反汇编执行的每一条指令	trace-on	trace-on
每执行一条指令就打印 CPU 信息	trace-reg	trace-reg

 b 0x7c00
 c
(0) Breakpoint 1, 0x00007c00 in ?? ()
Next at t=12943099
(0) [0x00007c00] 0000:7c00 (unk. ctxt): mov ax, cx                ; 89c8
 sreg
es:0x0000, dh=0x00009300, dl=0x0000ffff, valid=1
	Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
cs:0x0000, dh=0x00009300, dl=0x0000ffff, valid=1
	Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
ss:0x0000, dh=0x00009300, dl=0x0000ffff, valid=7
	Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
ds:0x0000, dh=0x00009300, dl=0x0000ffff, valid=1
	Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
fs:0x0000, dh=0x00009300, dl=0x0000ffff, valid=1
	Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
gs:0x0000, dh=0x00009300, dl=0x0000ffff, valid=1
	Data segment, base=0x00000000, limit=0x0000ffff, Read/Write, Accessed
ldtr:0x0000, dh=0x00008200, dl=0x0000ffff, valid=1
tr:0x0000, dh=0x00008b00, dl=0x0000ffff, valid=1
gdtr:base=0x000fb997, limit=0x30
idtr:base=0x00000000, limit=0x3ff
 r
eax: 0x0000aa55 43605
ecx: 0x00000000 0
edx: 0x00000000 0
ebx: 0x00000000 0
esp: 0x0000ffd6 65494
ebp: 0x00000000 0
esi: 0x000e32f8 930552
edi: 0x0000ffac 65452
eip: 0x00007c00
eflags 0x00000082: id vip vif ac vm rf nt IOPL=0 of df if tf SF zf af pf cf
 blist
Num Type           Disp Enb Address
  1 pbreakpoint    keep y   0x00007c00

# A bootsect, which print a string by BIOS interrupt video services(int 0x10)
.section .text
.global _start
.code16
_start:
	movw	%cx,	%ax
	movw	%ax,	%ds
	movw	%ax,	%es
	movw	$msgstr,%bp
	movw	len,	%cx
	movb	$0x05,	%dh
	movb	$0x08,	%dl
	movb	$0x01,	%al
	movb	$0x13,	%ah
	movb	$0x01,	%bl
	movb	$0x00,	%bh
	int		$0x10
1:
	jmp		1b
msgstr:
	.asciz	"Hello babyos(print by BIOS int 0x10:0x13, mode 0x01)!"
len:
	.int	. - msgstr
	.org	0x1fe,	0x90
	.word	0xaa55
makefile:
all: boot.img
boot.o: boot.s
	as -o $@ $<
boot: boot.o
	ld --oformat binary -N -Ttext 0x7c00 -o $@ $<
boot.img: boot
	dd if=boot of=boot.img bs=512 count=1
 
clean:
	rm ./boot ./boot.img ./boot.o

 u 0x7c00
00007c00: (                    ): mov ax, cx                ; 89c8
 u 0x7c00 0x7c00+512
00007c00: (                    ): mov ax, cx                ; 89c8
00007c02: (                    ): mov ds, ax                ; 8ed8
00007c04: (                    ): mov es, ax                ; 8ec0
00007c06: (                    ): mov bp, 0x7c1d            ; bd1d7c  0x7c1d 是msg地址
00007c09: (                    ): mov cx, word ptr ds:0x7c53 ; 8b0e537c
00007c0d: (                    ): mov dh, 0x05              ; b605
00007c0f: (                    ): mov dl, 0x08              ; b208
00007c11: (                    ): mov al, 0x01              ; b001
00007c13: (                    ): mov ah, 0x13              ; b413
00007c15: (                    ): mov bl, 0x01              ; b301
00007c17: (                    ): mov bh, 0x00              ; b700
00007c19: (                    ): int 0x10                  ; cd10
00007c1b: (                    ): jmp .-2                   ; ebfe
00007c1d: (                    ): dec ax                    ; 48   要输出的字符从这里开始
00007c1e: (                    ): insb byte ptr es:[di], dx ; 656c
00007c20: (                    ): insb byte ptr es:[di], dx ; 6c
00007c21: (                    ): outsw dx, word ptr ds:[si] ; 6f
00007c22: (                    ): and byte ptr ss:[bp+si+97], ah ; 206261
00007c25: (                    ): bound di, ds:[bx+di+111]  ; 62796f
00007c28: (                    ): jnb .+40                  ; 7328
00007c2a: (                    ): jo .+114                  ; 7072
00007c2c: (                    ): imul bp, word ptr ss:[bp+116], 0x6220 ; 696e742062
00007c31: (                    ): jns .+32                  ; 7920
00007c33: (                    ): inc dx                    ; 42
00007c34: (                    ): dec cx                    ; 49
00007c35: (                    ): dec di                    ; 4f
00007c36: (                    ): push bx                   ; 53
00007c37: (                    ): and byte ptr ds:[bx+di+110], ch ; 20696e
00007c3a: (                    ): jz .+32                   ; 7420
00007c3c: (                    ): xor byte ptr ds:[bx+si+49], bh ; 307831
00007c3f: (                    ): xor byte ptr ss:[bp+si], bh ; 303a
00007c41: (                    ): xor byte ptr ds:[bx+si+49], bh ; 307831
00007c44: (                    ): xor bp, word ptr ds:[si]  ; 332c
00007c46: (                    ): and byte ptr ds:[di+111], ch ; 206d6f
00007c49: (                    ): and byte ptr gs:[bx+si], dh ; 64652030
00007c4d: (                    ): js .+48                   ; 7830
00007c4f: (                    ): xor word ptr ds:[bx+di], bp ; 3129
00007c51: (                    ): and word ptr ds:[bx+si], ax ; 2100
00007c53: (                    ): add byte ptr ss:[bx+si], al ; 360000   这里这个 36 是字符长度
00007c56: (                    ): add byte ptr ds:[bx+si-28528], dl ; 00909090
00007c5a: (                    ): nop                       ; 90
00007c5b: (                    ): nop                       ; 90

页映射相关
查看一个地址所属的物理页，查看相应的页表项，以及看该地址所具备的属性。
格式 page addr

 page 0x90000
PML4: 0x0000000000102027    ps         A pcd pwt U W P
PDPE: 0x0000000000103023    ps         A pcd pwt S W P
 PDE: 0x00000000000000e3    PS g pat D A pcd pwt S W P
linear page 0x0000000000090000 maps to physical page 0x000000090000
 page 0xffff800000105b60
PML4: 0x0000000000102027    ps         A pcd pwt U W P
PDPE: 0x0000000000103023    ps         A pcd pwt S W P
 PDE: 0x00000000000000e3    PS g pat D A pcd pwt S W P
linear page 0xffff800000105000 maps to physical page 0x000000105000
 page 0xffff800000a00000
PML4: 0x0000000000102027    ps         A pcd pwt U W P
PDPE: 0x0000000000103023    ps         A pcd pwt S W P
 PDE: 0x00000000e0000083    PS g pat d a pcd pwt S W P
linear page 0xffff800000a00000 maps to physical page 0x0000e0000000

查看断点

 blist
Num Type           Disp Enb Address
  1 pbreakpoint    keep y   0x000000010000
  2 pbreakpoint    keep y   0x000000100000
  3 pbreakpoint    keep y   0x000000100048
  4 pbreakpoint    keep y   0xffff8000001000bb
  5 pbreakpoint    keep y   0x0000001000c2
  6 pbreakpoint    keep y   0xffff8000001000c2

特殊寄存器查看

 creg
CR0=0xe0000011: PG CD NW ac wp ne ET ts em mp PE
CR2=page fault laddr=0x0000000000000000
CR3=0x000000101000
    PCD=page-level cache disable=0
    PWT=page-level write-through=0
CR4=0x00000020: pke smap smep osxsave pcid fsgsbase smx vmx osxmmexcpt umip osfxsr pce pge mce PAE pse de tsd pvi vme
CR8: 0x0
EFER=0x00000500: ffxsr nxe LMA LME sce
XCR0=0x00000001: pkru hi_zmm zmm_hi256 opmask bndcfg bndregs ymm sse FPU
 sreg
es:0x0010, dh=0x00009300, dl=0x00000000, valid=1
	Data segment, base=0x00000000, limit=0x00000000, Read/Write, Accessed
cs:0x0008, dh=0x00209900, dl=0x00000000, valid=1
	Code segment, base=0x00000000, limit=0x00000000, Execute-Only, Non-Conforming, Accessed, 64-bit
ss:0x0010, dh=0x00009300, dl=0x00000000, valid=1
	Data segment, base=0x00000000, limit=0x00000000, Read/Write, Accessed
ds:0x0010, dh=0x00009300, dl=0x00000000, valid=1
	Data segment, base=0x00000000, limit=0x00000000, Read/Write, Accessed
fs:0x0010, dh=0x00009300, dl=0x00000000, valid=1
	Data segment, base=0x00000000, limit=0x00000000, Read/Write, Accessed
gs:0x0010, dh=0x00009300, dl=0x00000000, valid=1
	Data segment, base=0x00000000, limit=0x00000000, Read/Write, Accessed
ldtr:0x0000, dh=0x00008200, dl=0x0000ffff, valid=1
tr:0x0000, dh=0x00008b00, dl=0x0000ffff, valid=1
gdtr:base=0xffff800000105b60, limit=0x87
idtr:base=0xffff800000105bf2, limit=0xfff