Debugging with Bochs

[yee1]

Hey,
I am checking out Bochs's debugger and got some problems with using it...

My Boch's is compiled to use debugger and it's working, but when my .img is chosen I don't see these instructions i have writen at debugger.

I have prepared my bootloader that is working correctly

=======================================================================
Bochs x86 Emulator 2.4.5
Build from CVS snapshot, on April 25, 2010
========================================================================
00000000000i[ ] reading configuration from bochsrc
00000000000i[ ] Ignoring magic break points
------------------------------
Bochs Configuration: Main Menu
------------------------------

This is the Bochs Configuration Interface, where you can describe the
machine that you want to simulate. Bochs has already searched for a
configuration file (typically called bochsrc.txt) and loaded it if it
could be found. When you are satisfied with the configuration, go
ahead and start the simulation.

You can also start bochs with the -q option to skip these menus.

1. Restore factory default configuration
2. Read options from...
3. Edit options
4. Save options to...
5. Restore the Bochs state from...
6. Begin simulation
7. Quit now

Please choose one: [6]
Next at t=0
(0) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b ; ea5be000f0
<bochs:1> s
Next at t=1
(0) [0x000fe05b] f000:e05b (unk. ctxt): xor ax, ax ; 31c0
<bochs:2>
Next at t=2
(0) [0x000fe05d] f000:e05d (unk. ctxt): out 0x0d, al ; e60d
<bochs:3>
Next at t=3
(0) [0x000fe05f] f000:e05f (unk. ctxt): out 0xda, al ; e6da
<bochs:4>
Next at t=4
(0) [0x000fe061] f000:e061 (unk. ctxt): mov al, 0xc0 ; b0c0
<bochs:5>
Next at t=5
(0) [0x000fe063] f000:e063 (unk. ctxt): out 0xd6, al ; e6d6
<bochs:6>
Next at t=6
(0) [0x000fe065] f000:e065 (unk. ctxt): mov al, 0x00 ; b000
<bochs:7>
...

These instructions weren't writen by me.
What is going on ? How to debug my instructions ? Shall I modify bochsrc config file in some kind of way ?

Please help me, becouse I am quite confused about it, thank you

[Minoto]

These instructions weren't writen by me.
What is going on ? How to debug my instructions ? Shall I modify bochsrc config file in some kind of way ?

Please help me, becouse I am quite confused about it, thank you

You've just started the simulation -- so execution begins in the BIOS, as it does the necessary work to set up the machine. There's a lot that it has to do before it loads your boot sector and jumps to it to begin executing your loader. You can skip over this by setting a breakpoint at your bootloader's start address, and letting the simulation run normally until it hits that address; then it will drop back into the debugger and you can single step through your own code.

[yee1]

These instructions weren't writen by me.
What is going on ? How to debug my instructions ? Shall I modify bochsrc config file in some kind of way ?

Please help me, becouse I am quite confused about it, thank you

You've just started the simulation -- so execution begins in the BIOS, as it does the necessary work to set up the machine. There's a lot that it has to do before it loads your boot sector and jumps to it to begin executing your loader. You can skip over this by setting a breakpoint at your bootloader's start address, and letting the simulation run normally until it hits that address; then it will drop back into the debugger and you can single step through your own code.

Shall I make break point at 0x7c00 (address where bootsector is being loaded after 19h bios's interrupt) ?

Is it possible to make breakpoint when using gui debugger ?

I trying manual "step n" and i got into code where displays text at screen and there was no my code, there were needed many instructions like 500 to display 1 letter. How about that ? Is it still BIOS's instructions ? How to feature my instructions of my bootloader in that way ? Is BIOS still working after it does 19h interrupt ?

[Minoto]

Shall I make break point at 0x7c00 (address where bootsector is being loaded after 19h bios's interrupt) ?

You have a computer in front of you. Why not try it and see what happens for yourself?

Is it possible to make breakpoint when using gui debugger ?

I've only used the text mode debugger, so I honestly don't know. I think the gui version would be a pretty poor tool if it didn't allow you to set breakpoints, though. Why don't you read the documentation and see what it says?

I trying manual "step n" and i got into code where displays text at screen and there was no my code, there were needed many instructions like 500 to display 1 letter. How about that ? Is it still BIOS's instructions ? How to feature my instructions of my bootloader in that way ? Is BIOS still working after it does 19h interrupt ?

Let's suppose that your bootloader starts off with the following code (not a recommendation, just an example), to set 80x25 text mode in case the BIOS has done something different first:

Code: Select all

00007C00 B80300  mov ax, 0x0003
00007C03 CD10    int 0x10
00007C05 90      nop

If you step through that starting from the first instruction, you'll see your code moving 0 into ah and 3 into al. Next, you'll see your code calling int 0x10. At that point, you've asked the BIOS to do something, so yes, it's going to execute however many instructions it takes to do what you've asked it to do before returning to the next instruction in your code. If you don't care to watch it, then set a breakpoint at that next instruction (0x7C05 in this example), and when you get to 0x7C03, tell the debugger to continue rather than single-step. That way, it will run through the BIOS code on its own, then drop back into the debugger once it's finished with that and is back to your code.

[Even]

I've also got a question and don't want to start a new topic.

When I start debugging with Bochs I get a prompt:

Code: Select all

Next at t=0
(0) [0x0000fffffff0] f000:fff0 (unk. ctxt): (invalid)                 ; ffff
<bochs:1> s
Next at t=1
(0) [0x000000000000] 0000:0000 (unk. ctxt): add byte ptr ds:[bx+si], al ; 0000
<bochs:2> 

The first instruction must be:

Code: Select all

Next at t=0
(0) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b ; ea5be000f0

as mentioned above.

The parameters in .bochsrc:

Code: Select all

romimage: file=$BXSHARE/BIOS-bochs-legacy, address=0xf0000
cpu: count=1, ips=10000000
megs: 32
vgaromimage: file=$BXSHARE/VGABIOS-lgpl-latest
vga: extension=none
ata0: enabled=1, ioaddr1=0x1f0, ioaddr2=0x3f0, irq=14
ata0-master: type=disk, mode=flat, path=".kernel.img", cylinders=100, heads=10, spt=10
boot: disk
clock: sync=realtime, time0=local
floppy_bootsig_check: disabled=0
log: bochs.log
panic: action=ask
error: action=report
info: action=ignore
debug: action=ignore
debugger_log: -
parport1: enabled=1, file="/dev/stdout"
keyboard_serial_delay: 250
keyboard_paste_delay: 100000
mouse: enabled=0
private_colormap: enabled=0
keyboard_mapping: enabled=0, map=

The virtual machine even doesn't start BIOS.

Bochs was compiled with such parameters:

Code: Select all

./configure --with-x11 \
--enable-cpu-level=6 \
--enable-x86-64 \
--enable-x86-debugger \
--enable-a20-pin \
--enable-cdrom \
--enable-idle-hack \
--enable-all-optimizations \
--enable-debugger \
--enable-readline \
--enable-disasm \
--enable-iodebug \
--enable-pci \
--enable-pcidev \
--disable-plugins \
--disable-debugger-gui

I tried Bochs 2.6.2 (25.09.2013) and Bochs 2.6.1. It didn't help.
I've found the same question on StackOverflow ( http://stackoverflow.com/questions/1005 ... rned-error ) but the answer is really poor there.

[dozniak]

What's the bochs output? Especially about the romimage?

[Even]

What's the bochs output? Especially about the romimage?

Bochs output:

Code: Select all

00000000000i[     ] reading configuration from .bochsrc
00000000000e[     ] .bochsrc:506: 'keyboard_serial_delay' will be replaced by new 'keyboard' option.
00000000000e[     ] .bochsrc:523: 'keyboard_paste_delay' will be replaced by new 'keyboard' option.
00000000000e[     ] .bochsrc:632: 'keyboard_mapping' will be replaced by new 'keyboard' option.

bochs.log:

Code: Select all

0000000000e[SPEAK] Failed to open /dev/console: Permission denied
00000000000e[SPEAK] Deactivating beep on console

That's all I've found.

[dozniak]

Do the bios files in $BXSHARE exist?
Make bochs not ignore the various log lines and post full bochs output from the console (the lines like "debug: ignore" remove certain lines from the log, change them to "report")

[Even]

Do the bios files in $BXSHARE exist?
Make bochs not ignore the various log lines and post full bochs output from the console (the lines like "debug: ignore" remove certain lines from the log, change them to "report")

Files in $BXSHARE exist. And I tried also files from other versions but nothing changed.

Changed .bochsrc file:

Code: Select all

panic: action=ask
error: action=report
info: action=report
debug: action=report

That's what I've got:

Code: Select all

========================================================================
                     Bochs x86 Emulator 2.6.2.svn
              Built from SVN snapshot after release 2.6.2
                  Compiled on Sep 25 2013 at 09:19:38
========================================================================
00000000000i[     ] reading configuration from .bochsrc
00000000000e[     ] .bochsrc:506: 'keyboard_serial_delay' will be replaced by new 'keyboard' option.
00000000000e[     ] .bochsrc:523: 'keyboard_paste_delay' will be replaced by new 'keyboard' option.
00000000000e[     ] .bochsrc:632: 'keyboard_mapping' will be replaced by new 'keyboard' option.
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'logfn' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'restore' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'logfn' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'config_interface' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'config_interface' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'start_mode' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'start_mode' in list 'general'
------------------------------
Bochs Configuration: Main Menu
------------------------------

This is the Bochs Configuration Interface, where you can describe the
machine that you want to simulate.  Bochs has already searched for a
configuration file (typically called bochsrc.txt) and loaded it if it
could be found.  When you are satisfied with the configuration, go
ahead and start the simulation.

You can also start bochs with the -q option to skip these menus.

1. Restore factory default configuration
2. Read options from...
3. Edit options
4. Save options to...
5. Restore the Bochs state from...
6. Begin simulation
7. Quit now

Please choose one: [6] 
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'restore' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'plugin_ctrl' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'plugin_ctrl' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'plugin_ctrl' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'plugin_ctrl' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'plugin_ctrl' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'plugin_ctrl' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'plugin_ctrl' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'plugin_ctrl' in list 'general'
00000000000d[CTRL ] searching for component 'general' in list 'bochs'
00000000000d[CTRL ] searching for component 'config_interface' in list 'general'
00000000000d[CTRL ] searching for component 'display' in list 'bochs'
00000000000d[CTRL ] searching for component 'display_library' in list 'display'
00000000000i[     ] installing x module as the Bochs GUI
00000000000d[CTRL ] searching for component 'cpu' in list 'bochs'
00000000000d[CTRL ] searching for component 'n_processors' in list 'cpu'
00000000000d[CTRL ] searching for component 'cpu' in list 'bochs'
00000000000d[CTRL ] searching for component 'n_cores' in list 'cpu'
00000000000d[CTRL ] searching for component 'cpu' in list 'bochs'
00000000000d[CTRL ] searching for component 'n_threads' in list 'cpu'
00000000000d[CTRL ] searching for component 'cpuid' in list 'bochs'
00000000000d[CTRL ] searching for component 'apic' in list 'cpuid'
00000000000d[CTRL ] searching for component 'cpu' in list 'bochs'
00000000000d[CTRL ] searching for component 'ips' in list 'cpu'
00000000000d[SYS  ] ips = 10000000
00000000000d[CTRL ] searching for component 'log' in list 'bochs'
00000000000d[CTRL ] searching for component 'filename' in list 'log'
00000000000d[CTRL ] searching for component 'log' in list 'bochs'
00000000000d[CTRL ] searching for component 'filename' in list 'log'
00000000000i[     ] using log file bochs.log
00000000000d[CTRL ] searching for component 'log' in list 'bochs'
00000000000d[CTRL ] searching for component 'filename' in list 'log'
00000000000d[IO   ] Opened log file 'bochs.log'.
Next at t=0
(0) [0x0000fffffff0] f000:fff0 (unk. ctxt): (invalid)                 ; ffff
<bochs:1> s
Next at t=1
(0) [0x000000000000] 0000:0000 (unk. ctxt): add byte ptr ds:[bx+si], al ; 0000
<bochs:2> 

[Minoto]

I've also got a question and don't want to start a new topic.

When I start debugging with Bochs I get a prompt:

Code: Select all

Next at t=0
(0) [0x0000fffffff0] f000:fff0 (unk. ctxt): (invalid)                 ; ffff

The parameters in .bochsrc:

Code: Select all

romimage: file=$BXSHARE/BIOS-bochs-legacy, address=0xf0000

Note that execution begins at 0xfffffff0, well above where you're loading the BIOS.

[stlw]

Note that execution begins at 0xfffffff0, well above where you're loading the BIOS.

Good catch. Minoto!

The Bochs BIOS became 128K a while ago and 128K BIOS should be loaded at different address.
From .bochsrc example:

#=======================================================================
# ROMIMAGE:
# The ROM BIOS controls what the PC does when it first powers on.
# Normally, you can use a precompiled BIOS in the source or binary
# distribution called BIOS-bochs-latest. The ROM BIOS is usually loaded
# starting at address 0xf0000, and it is exactly 64k long. Another option
# is 128k BIOS which is loaded at address 0xe0000.
# You can also use the environment variable $BXSHARE to specify the
# location of the BIOS.
# The usage of external large BIOS images (up to 512k) at memory top is
# now supported, but we still recommend to use the BIOS distributed with
# Bochs. The start address optional, since it can be calculated from image size.
#=======================================================================
romimage: file=$BXSHARE/BIOS-bochs-latest

Also pay attention to "start address is optional" thing.

Stanislav

[Even]

Note that execution begins at 0xfffffff0, well above where you're loading the BIOS.

The Bochs BIOS became 128K a while ago and 128K BIOS should be loaded at different address.

But I use BIOS-bochs-legacy. The legacy version of the Bochs BIOS is exactly 64k long.
From bochs documentation:

4.2.6. romimage

Examples:

romimage: file=bios/BIOS-bochs-latest, address=0xe0000
romimage: file=$BXSHARE/BIOS-bochs-legacy, address=0xf0000
romimage: file=mybios.bin, address=0xfff80000
romimage: file=mybios.bin

The ROM BIOS controls what the PC does when it first powers on. Normally, you can use a precompiled BIOS in the source or binary distribution called BIOS-bochs-latest. The default ROM BIOS is usually loaded starting at address 0xe0000, and it is exactly 128k long. The legacy version of the Bochs BIOS is usually loaded starting at address 0xf0000, and it is exactly 64k long. You can also use the environment variable $BXSHARE to specify the location of the BIOS. The usage of external large BIOS images (up to 512k) at memory top is now supported, but we still recommend to use the BIOS distributed with Bochs. The start address is optional, since it can be calculated from image size.

With:

Code: Select all

romimage: file=bios/BIOS-bochs-latest

it works but I need 64K BIOS version.

[stlw]

It works for also with

Code: Select all

romimage: file=$BXSHARE/BIOS-bochs-legacy

[Even]

It works for also with

Code: Select all

romimage: file=$BXSHARE/BIOS-bochs-legacy

Hmmm... Yeap, it works. Thanks.
But why it doesn't work with "address=0xf0000" string like in an example in documentation? Bug?

[kutkloon7]

Shall I make break point at 0x7c00 (address where bootsector is being loaded after 19h bios's interrupt) ?

Is it possible to make breakpoint when using gui debugger ?

I trying manual "step n" and i got into code where displays text at screen and there was no my code, there were needed many instructions like 500 to display 1 letter. How about that ? Is it still BIOS's instructions ? How to feature my instructions of my bootloader in that way ? Is BIOS still working after it does 19h interrupt ?

I don't know if you have figured this out in the meantime, but you can use the same commands in the gui debugger as in the textmode debugger. I prefer the GUI debugger, just because it dissassembles everything, so you can scroll down to see which instructions are ahead of you.
Anyway, just type b 0x7c00 to set a breakpoint on 0x7c00.
Also, you can doubleclick on a dissassembled instruction to set a breakpoint, type 's', to execute one instruction, type 'n <number>' to execute a number of instructions, then break again, or type 'c' to runn all instructions until the next breakpoint.