Introduction and question about bootloader/toykernel debugging
-
- Posts: 10
- Joined: Wed Aug 28, 2024 4:03 am
Introduction and question about bootloader/toykernel debugging
Nice to meet you all, Highschool teacher here.
I've been studying x86 architecture, bootloaders and BIOS specs to be able to teach my students stuff that I deem important, but that nobody seems to care students to learn.
First of all, your website is great
Now to my question and request for guidance.
I have Windows 10
I have IDA Pro 7.7
I have QEMU
I have a binary file comprised of a bootloader, a kernel entry (both in NASM) and a toy kernel file (C language), just printing an "X" to screen.
I merge all files with cat command.
The assembly code manages 16bit real mode to 32bit protected mode transition and far jump.
I'm able to produce .elf files with symbols.
I start QEMU with my disk image (merged bootloader, kernel entry and toy kernel) and with options required for remote GDB debugging.
I start IDA Pro 7.7 and attach a remote GDB debugger to QEMU.
If before doing this I drag and drop on IDA Pro 7.7 window one of my .elf (DWARF) files containing symbols, then IDA Pro recognizes my function names.
This way I have to choose whether I want function names for the bootloader or from a toy kernel and I have to manually setup memory regions for mixed 16bit and 32bit code.
Can you please teach me how to be able to have symbols from both .elf files imported in a single remote GDB debug session with IDA Pro, so to be able to follow the flow of the whole code (comprising multiple binary files merged with cat comand)?
Thank you very much in advance!
I've been studying x86 architecture, bootloaders and BIOS specs to be able to teach my students stuff that I deem important, but that nobody seems to care students to learn.
First of all, your website is great
Now to my question and request for guidance.
I have Windows 10
I have IDA Pro 7.7
I have QEMU
I have a binary file comprised of a bootloader, a kernel entry (both in NASM) and a toy kernel file (C language), just printing an "X" to screen.
I merge all files with cat command.
The assembly code manages 16bit real mode to 32bit protected mode transition and far jump.
I'm able to produce .elf files with symbols.
I start QEMU with my disk image (merged bootloader, kernel entry and toy kernel) and with options required for remote GDB debugging.
I start IDA Pro 7.7 and attach a remote GDB debugger to QEMU.
If before doing this I drag and drop on IDA Pro 7.7 window one of my .elf (DWARF) files containing symbols, then IDA Pro recognizes my function names.
This way I have to choose whether I want function names for the bootloader or from a toy kernel and I have to manually setup memory regions for mixed 16bit and 32bit code.
Can you please teach me how to be able to have symbols from both .elf files imported in a single remote GDB debug session with IDA Pro, so to be able to follow the flow of the whole code (comprising multiple binary files merged with cat comand)?
Thank you very much in advance!
-
- Posts: 10
- Joined: Wed Aug 28, 2024 4:03 am
Re: Introduction and question about bootloader/toykernel debugging
Good morning; being new to this forum and seeing that my post hasn't gotten replies (it looks to me that other posts get your attention pretty quick), may I ask you if this is just a matter of waiting a bit more or if my original wording needs to be changed or enriched with more information?
In any case, just please ask me and I will do my best to provide you with additional details if you need those to be able to answer; it's important
Thanks!
In any case, just please ask me and I will do my best to provide you with additional details if you need those to be able to answer; it's important
Thanks!
Re: Introduction and question about bootloader/toykernel debugging
I suspect that the reason you have got no replies is that few people here use IDA Pro. Personally, I just use gdb when debugging kernel code. I have never found an IDE that works as well. Is there a forum devoted to the software that you could post your question on (e.g.https://forum.hex-rays.com/ )?
-
- Posts: 10
- Joined: Wed Aug 28, 2024 4:03 am
Re: Introduction and question about bootloader/toykernel debugging
Nice to meet you and thanks a lot By the way, a couple of questions:
Is there another debugger using gdb as visually powerful (command line shows few things at once) as IDA?
What procedure would you use with your GDB?
By the way, I will also ask on hexrays
Is there another debugger using gdb as visually powerful (command line shows few things at once) as IDA?
What procedure would you use with your GDB?
By the way, I will also ask on hexrays
Re: Introduction and question about bootloader/toykernel debugging
Hi.
IDA pro is really a different beast. I am not sure if you can connect it live to the thing running inside of qemu. QEMU implements a GDB-server, which actually lets you connect to that, and debug the code being emulated. I am not sure if IDA pro can connect to a GDB-server to do similar things.
There is some references to gdbserver and iDA, maybe this can help you:
https://hex-rays.com/products/ida/suppo ... 1343.shtml
It would likely amount to, within IDA pro, doing the remote connection to the GDB server inside of QEMU.
If it's not natively supported, you could ask around IDA communities to see if this is something that can be scripted into IDA, or try yourself to script it.
IDA pro is really a different beast. I am not sure if you can connect it live to the thing running inside of qemu. QEMU implements a GDB-server, which actually lets you connect to that, and debug the code being emulated. I am not sure if IDA pro can connect to a GDB-server to do similar things.
There is some references to gdbserver and iDA, maybe this can help you:
https://hex-rays.com/products/ida/suppo ... 1343.shtml
It would likely amount to, within IDA pro, doing the remote connection to the GDB server inside of QEMU.
If it's not natively supported, you could ask around IDA communities to see if this is something that can be scripted into IDA, or try yourself to script it.
Re: Introduction and question about bootloader/toykernel debugging
Xgdb provides a graphical interface to gdb. It’s not the most attractive interface and, as far as I know, is only available on Linux or BSD, but it lets you display a lot of information at the same time. It is possible to use gdb in combination with Visual Studio Code, but I’ve never tried this with bare-metal stuff. I do use VS Code as my editor, then run gdb in a separate terminal for debugging.
TBH, I find the command-line interface to gdb fills my needs, albeit with a little more work than an IDE.
I’m not familiar with IDA but I suspect that none of these solutions provides as slick an interface. On the other hand, simpler toolsets seem a better fit with low-level development than slick IDEs.
TBH, I find the command-line interface to gdb fills my needs, albeit with a little more work than an IDE.
I’m not familiar with IDA but I suspect that none of these solutions provides as slick an interface. On the other hand, simpler toolsets seem a better fit with low-level development than slick IDEs.
-
- Posts: 10
- Joined: Wed Aug 28, 2024 4:03 am
Re: Introduction and question about bootloader/toykernel debugging
Please, see my screencast:sh42 wrote: ↑Thu Aug 29, 2024 6:49 am Hi.
IDA pro is really a different beast. I am not sure if you can connect it live to the thing running inside of qemu. QEMU implements a GDB-server, which actually lets you connect to that, and debug the code being emulated. I am not sure if IDA pro can connect to a GDB-server to do similar things.
There is some references to gdbserver and iDA, maybe this can help you:
https://hex-rays.com/products/ida/suppo ... 1343.shtml
It would likely amount to, within IDA pro, doing the remote connection to the GDB server inside of QEMU.
If it's not natively supported, you could ask around IDA communities to see if this is something that can be scripted into IDA, or try yourself to script it.
https://filebin.net/aaja6c28vglavje5/Vi ... 201548.wmv
this is what I do (disregard the fact that for brevity I didn't set-up memory regions for 16bit real mode code decompiling).
In the screencast I import symbols into IDA from the kernel elf file. I could import symbols from the bootloader's elf file.
BUT I WANT SYMBOLS FOR BOTH IN THE SAME DEBUGGING SESSION
Last edited by StormSeeker on Thu Aug 29, 2024 12:35 pm, edited 1 time in total.
-
- Posts: 10
- Joined: Wed Aug 28, 2024 4:03 am
Re: Introduction and question about bootloader/toykernel debugging
Could you please provide me with a link to this XGDB?iansjack wrote: ↑Thu Aug 29, 2024 7:31 am Xgdb provides a graphical interface to gdb. It’s not the most attractive interface and, as far as I know, is only available on Linux or BSD, but it lets you display a lot of information at the same time. It is possible to use gdb in combination with Visual Studio Code, but I’ve never tried this with bare-metal stuff. I do use VS Code as my editor, then run gdb in a separate terminal for debugging.
TBH, I find the command-line interface to gdb fills my needs, albeit with a little more work than an IDE.
I’m not familiar with IDA but I suspect that none of these solutions provides as slick an interface. On the other hand, simpler toolsets seem a better fit with low-level development than slick IDEs.
Could you please tell me which steps you would follow to achieve what I need in this XGDB?
By the way, Google sucks; it was such a good search engine...they ruined it:
Please, look at the screenshot below:
https://filebin.net/82efqwozvs2ajul9/GO ... ENSHOT.JPG
Re: Introduction and question about bootloader/toykernel debugging
Sorry, my mistake. It’s xdbg (not xgdb, which is something different).
Googling xdbg should give you some more information.
Googling xdbg should give you some more information.
-
- Member
- Posts: 426
- Joined: Tue Apr 03, 2018 2:44 am
Re: Introduction and question about bootloader/toykernel debugging
I quite like gdbtui. I grew up on GDB, and while seemingly more primitive than competitors, I find it immensely useful and the text UI makes it even more usable.StormSeeker wrote: ↑Thu Aug 29, 2024 6:13 am Nice to meet you and thanks a lot By the way, a couple of questions:
Is there another debugger using gdb as visually powerful (command line shows few things at once) as IDA?
What procedure would you use with your GDB?
By the way, I will also ask on hexrays
https://www.youtube.com/watch?v=PorfLSr3DDI
Other front ends to GDB include DDD, which is nice and pointy and clicky, but I've never got on with it.
Re: Introduction and question about bootloader/toykernel debugging
Oh dear, I am really having a senior moment.
It was ddd that I was thinking of in the first place. Ignore all references t x***.
It’s just a graphical front end but allows you to display several items of gdb output at the same time.
It was ddd that I was thinking of in the first place. Ignore all references t x***.
It’s just a graphical front end but allows you to display several items of gdb output at the same time.
-
- Posts: 10
- Joined: Wed Aug 28, 2024 4:03 am
Re: Introduction and question about bootloader/toykernel debugging
Ok...so I should disregard references to XGDB and to XDBG...could you post a screenshot of the visual setup that you like of this DDD? Just to have a feel of how information is organized
Re: Introduction and question about bootloader/toykernel debugging
Have a look here: https://www.gnu.org/software/ddd/ for information about ddd and some screenshots.
Re: Introduction and question about bootloader/toykernel debugging
Apologies about the misunderstanding! I don't go to filebin or such sites. "i'm a bit paranoid i'm afraid". fileformats are silly and client side media players contain lots of bugs...StormSeeker wrote: ↑Thu Aug 29, 2024 12:23 pmPlease, see my screencast:sh42 wrote: ↑Thu Aug 29, 2024 6:49 am Hi.
IDA pro is really a different beast. I am not sure if you can connect it live to the thing running inside of qemu. QEMU implements a GDB-server, which actually lets you connect to that, and debug the code being emulated. I am not sure if IDA pro can connect to a GDB-server to do similar things.
There is some references to gdbserver and iDA, maybe this can help you:
https://hex-rays.com/products/ida/suppo ... 1343.shtml
It would likely amount to, within IDA pro, doing the remote connection to the GDB server inside of QEMU.
If it's not natively supported, you could ask around IDA communities to see if this is something that can be scripted into IDA, or try yourself to script it.
https://filebin.net/aaja6c28vglavje5/Vi ... 201548.wmv
this is what I do (disregard the fact that for brevity I didn't set-up memory regions for 16bit real mode code decompiling).
In the screencast I import symbols into IDA from the kernel elf file. I could import symbols from the bootloader's elf file.
BUT I WANT SYMBOLS FOR BOTH IN THE SAME DEBUGGING SESSION
youtube might be a somewhat more trusted way to share video content. you can upload privately and share a link.
You might try to get your tools to load the right symbols based on the offsets it's trying to execute (trace instruction pointer and load based on certain change(s)) as it's likely your bootloader will be loaded in a totally different range as the toy kernel. For gdb this would likely boil down to fully scripting your debugging run, which is not impossible but 'playing around' will be a bit more difficult/tedious. For IDA i can't find a load-symbol-file IDC command to script it. maybe it's there on paid versions, but unlikely.
You can also check out Ghidra, which is free to use and supports a lot more than the free IDA versions. As it's open-source, its more likely someone ran into this problem and added code or features to support it.
It can also connect to gdb-server and perhaps have a different way to manage multiple files / debugging symbol sources. You can definitely load multiple binaries, and symbol files for each, just unsure how that will work when using gdb-server and connecting into QEMU. https://ghidra-sre.org/
Re: Introduction and question about bootloader/toykernel debugging
Just as an aside, you can always import symbols with gdb in the middle of a debugging session. A little inconvenient if swapping between files a lot, but I understand that in your case it is just a handover from the boot loader to the kernel. So you just have to load the symbols when you get to the kernel code, which will overwrite the, no longer needed, bootloader symbols.