1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
|
<HTML>
<HEAD>
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="GLOBAL">
<META NAME="description" CONTENT="Bochs command line debugger">
<META NAME="copyright" CONTENT="Copyright 2001 by MandrakeSoft S.A.">
<META NAME="keywords" CONTENT="pc emulation, x86 emulation, emulator">
<META NAME="Author" CONTENT="Kevin Lawton">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1">
<TITLE>Bochs Debugger</TITLE>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#ececec" LINK="#3333cc" VLINK="#666666">
<CENTER><H1>Debugger</H1></CENTER>
<P>
Note, if you are looking for a graphical front-end for the
bochs debugger, you may want to check out
<a href="http://www.qzx.com/bfe/">BFE</a>. This is a
package written by a bochs user which can interface with
the text based bochs debugger. No linking is necessary.
It's not part of bochs, but you may find it useful.
<P>
You can now conditionally compile in a GDB like command line debugger, that
allows you to set breakpoints, step through instructions, and other
useful functions. If there isn't a command for something you believe
is generally useful for the debugger, let me know and I'll implement
it if possible.
<P>
To use the debugger, you must configure bochs with the
'--enable-debugger' and '--enable-disasm' flags. For example:
<PRE>
./configure --enable-debugger --enable-disasm
</PRE>
NOTE: You must use flex version 2.5.4 or greater. I have heard that
version 2.5.2 will not work.
<P>
When you first start up bochs, you will see the command line prompt
<PRE>
bochs:1>
</PRE>
From here, you may use the following commands:
<H3>Execution Control</H3>
<PRE>
c Continue executing
stepi [count] execute count instructions, default is 1
si [count] execute count instructions, default is 1
step [count] execute count instructions, default is 1
s [count] execute count instructions, default is 1
Ctrl-C stop execution, and return to command line prompt
Ctrl-D if at empty line on command line, exit
quit quit debugger and execution
q quit debugger and execution
</PRE>
<H3>BreakPoints</H3>
<PRE>
NOTE: The format of 'seg', 'off', and 'addr' in these descriptions,
are as follows. I don't have any way to set the current radix.
hexidecimal: 0xcdef0123
decimal: 123456789
octal: 01234567
vbreak seg:off Set a virtual address instruction breakpoint
vb seg:off
lbreak addr Set a linear address instruction breakpoint
lb addr
pbreak [*] addr Set a physical address instruction breakpoint
pb [*] addr (the '*' is optional for GDB compatibility)
break [*] addr
b [*] addr
info break Display state of all current breakpoints
delete n Delete a breakpoint
del n
d n
</PRE>
<H3>Manipulating Memory</H3>
<PRE>
x /nuf addr Examine memory at linear address addr
xp /nuf addr Examine memory at physical address addr
n Count of how many units to display
u Unit size; one of
b Individual bytes
h Halfwords (2 bytes)
w Words (4 bytes)
g Giant words (8 bytes)
NOTE: these are *not* typical Intel nomenclature sizes,
but they are consistent with GDB convention.
f Printing format. one of
x Print in hexadecimal
d Print in decimal
u Print in unsigned decimal
o Print in octal
t Print in binary
n, f, and u are optional parameters. u and f default to the last values
you used, or to w(words) and x(hex) if none have been supplied.
n currently defaults to 1. If none of these optional parameters are
used, no slash should be typed. addr is also optional. If you don't
specify it, it will be the value the next address (as if you had
specified n+1 in the last x command).
setpmem addr datasize val Set physical memory location of size
datasize to value val.
crc addr1 addr2 Show CRC for physical memory range addr1..addr2
info dirty Show physical pages dirtied (written to) since last display
Values displayed are the top 20 bits only (page addresses)
</PRE>
<H3>Info</H3>
<PRE>
info program Execution status of the program
info registers List of CPU integer registers and their contents
info break Information about current breakpoint status
</PRE>
<H3>Manipulating CPU Registers</H3>
<PRE>
set $reg = val Change a CPU register to value val. Registers may be one of:
eax, ecx, edx, ebx, esp, ebp, esi, edi.
Currently, you may not change:
eflags, cs, ss, ds, es, fs, gs.
Examples: set $eax = 0x01234567
set $edx = 25
info registers See Info section
dump_cpu Dump complete CPU state
set_cpu Set complete CPU state
Format of "dump_cpu" and "set_cpu":
"eax:0x%x\n"
"ebx:0x%x\n"
"ecx:0x%x\n"
"edx:0x%x\n"
"ebp:0x%x\n"
"esi:0x%x\n"
"edi:0x%x\n"
"esp:0x%x\n"
"eflags:0x%x\n"
"eip:0x%x\n"
"cs:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
"ss:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
"ds:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
"es:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
"fs:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
"gs:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
"ldtr:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
"tr:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
"gdtr:base=0x%x, limit=0x%x\n"
"idtr:base=0x%x, limit=0x%x\n"
"dr0:0x%x\n"
"dr1:0x%x\n"
"dr2:0x%x\n"
"dr3:0x%x\n"
"dr4:0x%x\n"
"dr5:0x%x\n"
"dr6:0x%x\n"
"dr7:0x%x\n"
"tr3:0x%x\n"
"tr4:0x%x\n"
"tr5:0x%x\n"
"tr6:0x%x\n"
"tr7:0x%x\n"
"cr0:0x%x\n"
"cr1:0x%x\n"
"cr2:0x%x\n"
"cr3:0x%x\n"
"cr4:0x%x\n"
"inhibit_int:%u\n"
"done\n"
Notes:
- s is the selector
- dl is the shadow descriptor low dword (4 byte quantitiy)
- dh is the shadow descriptor high dword (4 byte quantitiy)
- valid denotes if the segment register holds a validated shadow descriptor
- inhibit_int is set if the previous instruction was one which delays the
acceptance of interrupts by one instruction (STI, MOV SS)
- any errors encountered by the set_cpu command, are reported by
"Error: ...". They may be reported after any of the input lines,
or after the "done" line, during limit checks.
- A successful set_cpu command ends with the separate line:
"OK".
</PRE>
<H3>Disassembly commands</H3>
<PRE>
disassemble start end Disassemble instructions in given linear address
range, inclusive of start, exclusive of end.
Use "set $disassemble_size =" to tell
debugger desired segment size. Use a value for
end of less than start (or zero) if you only
want the first instruction disassembled.
set $disassemble_size = n Tell debugger what segment size to use when
the "disassemble" command is used. Use values
of 16 or 32 for n. Default is 32.
set $auto_disassemble = n Cause debugger to disassemble current instruction
every time execution stops if n=1. Default is 0.
Segment size of current CPU context is used for
disassembly, so variable "$disassemble_size" is
ignored.
</PRE>
<H3>Instrumentation</H3>
<PRE>
To use instrumentation features in bochs, you must compile in support for it.
You should build a custom instrumentation library in a separate directory in
the "instrument/" directory. To tell configure which instrumentation library
you want to use, use the "--enable-instrumentation" option.
The default library consists of a set of stubs, and the following are
equivalent:
./configure [...] --enable-instrumentation
./configure [...] --enable-instrumentation="instrument/stubs"
You could make a separate directory with your custom library,
for example "instrument/myinstrument", copy the contents of
the "instrument/stubs" directory to it, then customize it. Use:
./configure [...] --enable-instrumentation="instrument/myinstrument"
</PRE>
<H3>Instrumentation commands</H3>
<PRE>
instrument start calls bx_instr_start()
instrument stop calls bx_instr_stop()
instrument reset calls bx_instr_reset()
instrument print calls bx_instr_print()
</PRE>
<HR>
<h2>New Commands</h2>
<h3>trace-on</h3>
Disassemble every executed instruction. Note that instructions that
cause exceptions are not really executed, and therefore not traced.
<h3>trace-off</h3>
Disable tracing.
<h3>ptime</h3>
Print the current time (number of ticks since start of simulation
(modulo 2^32)).
<h3>sb <i>delta</i></h3>
Insert a time break point <i>delta</i> instructions into the future.
<h3>sba <i>time</i></h3>
Insert a time break point at <i>time</i>.
<h3>record <i>filename</i></h3>
Record console input to file <i>filename</i>. The file consists of
zero or more lines of the form "%s %d %x", where the first word is the
event type, the second is a time stamp and the third is event specific
data.
<h3>playback <i>filename</i></h3>
Playback console input from file <i>filename</i>. Additional input can
be given directly in the console window. Events in the file will be
played back at times relative to the time when the playback command
was executed.
<h3>print-stack [<i>num words</i>]</h3>
Print the <i>num words</i> top 16-bit words on the stack. <i>Num
words</i> defaults to 16. Only works reliably in protected mode when
the base address of the stack segment is zero.
<h3>watch stop</h3>
Stop the simulation (and return to prompt) when a watch point is
encountered.
<h3>watch continue</h3>
Do not stop the simulation when watch points are encountered. They will
still be logged.
<h3>watch</h3>
Print current watch point status.
<h3>unwatch</h3>
Remove all watch points.
<h3>watch read <i>address</i></h3>
Insert a read watch point at physical address <i>address</i>.
<h3>watch write address</h3>
Insert a write watch point at physical address <i>address</i>.
<h3>unwatch read <i>address</i></h3>
Remove read watch point from physical address <i>address</i>.
<h3>unwatch write <i>address</i></h3>
Remove write watch point from physical address <i>address</i>.
<h3>modebp [<i>string</i>]</h3>
Insert documentation here.
<h3>load-symbols [global] <i>filename</i> [<i>offset</i>]</h3>
Load symbols from file <i>filename</i>. If the global keyword is
added, then the the symbols will be visible in all contexts for which
symbols have not been loaded. <i>Offset</i> (default is 0) is added to
every symbol entry. The symbols are loaded in the current (executing)
context.<p>
The symbol file consists of zero or more lines of the format <tt>"%x
%s"</tt>.
<h3>show [<i>string</i>]</h3>
Insert documentation here.
<p>
<p>
<p>
<h2>Resource file extensions</h2>
<h3>time0: <i>time</i></h3>
Specifies the start (boot) time of the virtual machine. Use a
<i>time</i> value as returned by the time(2) system call. <i>Time</i>
equal to 1 is a special case which starts the virtual machine at the
current time of the simulator host.
<h3>cdromd: dev=<i>device</i>, status=(inserted|ejected)</h3>
LoseNT needs a CD in order to boot properly. Our simulated CD-ROM unit
communicates directly with the CD-ROM driver in Linux. <i>Device</i>
is a device special file to which the CD-ROM driver is connected
(typically /dev/hdc). <i>Device</i> is ignored if status=ejected.
<HR>
<P>
Related Links:
<UL>
<LI><A HREF="cosimulation.html">Cosimulation</A>
<LI><A HREF="instrumentation.html">Instrumentation</A>
</UL>
</BODY>
</HTML>
|
