OSDev.org

I removed the test registers because they are now obsolete.
M.

this is an amazing frontend to the bochs debugger!

I found it to be very useful and easy to use. The physical memory dump is great. Thanks

Hi,

Your frontend is great ;> I'm looking forward to the releasing of the source code.

About the feature requests.. here are some stuff I would find useful:

1. Could You add ctrl+g shortcut that would allow to go to a different address in the currently selected subwindow (Assembler, dumps). It would require some popup window that the user would use to enter the address. (just like IDA (g) and OllyDbg (cltr+g) have).

2. Word highlighting? You place your mouse and click on let's say AL, and it hilights all the AL registers on the screen.

3. Ascii/Memory dump combined ? Like hex editors have

4. Memory dump view mode selection - byte, word, dword, qword, float, double, etc.

5. Copying of text/data from dumps ? (assembly and memory)

6. Multiply breakpoints - you are allowed to select multiply assembly lines, yet F9 creates only one breakpoint.

7. Breakpoint list / menu ?

8. Breakpoints on memory access ?

9. Font selection ;DDDD

Hmm, thats all that comes to my mind for now...

Hi,

I agree with the general sentiments - this is an extremely useful Bochs Debugger frontend and has already saved me a huge amount of time. It makes bugs stand out much more than in the Bochs debugger console.

Cheers,
Adam

Update 1.04 (Do update from menu Help).

* Added Ctrl+G. When the focus is in dissassembly, it goes to an address (regs supported, e.g. cs:eip). When the focus is in data dump, it performs like F7 - it goes to an address.

* Added option for dump to display both hex and ascii (Ctrl+F7 for switching between modes)

* Added option for dump to display bytes (alt+1) , words (alt+2) , dwords (alt+4) , qwords (alt+8) and dqwords (alt+6). For using in big-endian, try shift+alt+1, shift+alt+2 etc.

* Added option to set font. To keep the EXE small, my XML Library (http://www.codeproject.com/KB/recipes/F ... arser.aspx for anyone interested) is not attached, so the font is not saved to disk at the moment.

* Added Ctrl+F option. When focus is in dissassembly, it searches for opcodes and hilites them. Wildcards are supported, for example rep* or mov *,eax. When focus is in data dump, you can either search for hex (without 0x, for example CD21AFED) or ascii (without quotes).

Because bochs commands do not allow for data breakpoints, I will implement later my hardware breakpoint technique to add it to the debugger if supported. (anyone interested, see http://www.codeproject.com/KB/debug/har ... point.aspx).

Best Regards.

WindowsNT wrote:
Because bochs commands do not allow for data breakpoints, I will implement later my hardware breakpoint technique to add it to the debugger if supported. (anyone interested, see http://www.codeproject.com/KB/debug/har ... point.aspx).

Best Regards.

Bochs debugger commands for data breakpoints called 'watch'.
> watch read 0xabcde
> watch write 0x12345

Do to not invent a bicycle before you actually need it

Thanks,
Stanislav

Ah ok, didn't notice Will include it in next update.

it keeps getting better:
but this one, is a good thing to include:
"Breakpoint list / menu "
second: could it be possible to write "current" in the address dump.
or else I don't got more.

KMT dk

@WindowsNT

My gosh You ARE fast...

btw update failed, it downloaded some file, placed a bochs_bed.exe.new in my dir with:

Error 404

FILE NOT FOUND
------------------------------------
Thank you for visiting http://WWW.TURBOIRC.COM.
Unfortunately, the page you were looking for has been moved, or it is no longer available.

Please visit one of the following TurboIRC.COM locations from the site map below:

Edit:
OK I updated by hand ;>

Some feedback and more feature requests:
1. ctrl+g feature is cool ;> But what do You think about the idea to make the shoutcut work in the subwindow u last clicked (like in OllyDbg) ? Currently cltr+g is bind to the Assembler subwindow, and to go somewhere in the memory dump I need to user (Ctrl/Shift)+F7. The idea is for ctrl+g to work in the window last clicked. It's not a big deal, but since it's the thing that other debuggers use, it might be cool to keep up with this "standard".

2. U've added font changing support ;> Wow cool ;> The columns resize after changing the view. Could they resize automagically after font change ?

3. I don't know if it's a Vista only bug, but looks like unprintable characters are not shown at all in the ascii dump, what makes the visual assigning of a char to a code kinda troublesome. (see screenshot below). Maybe changing by hand the chars to a whitespace is a good bugfix ?


4. Very good that u have added both LE and BE display! Awesome!

5. Speaking about fonts. Checking the console (bottom of the screen) font would also be cool ;>

6. Not-for-now: themes ? It's decoration only, I know ;> But color themes are cool ;> Hackish bitmap backgrounds too ;>

7. After using ctrl+g to go to some different assembler location, and setting a breakpoint, the assembler display returns to the EIP location. It of course should stay on the same spot.

8. The find function works great. Could you do later a find function that would search for a signature / ascii string in the whole physical / linear / etc memory ?

9. A separate subwindow for the stack ? (WORD/DWORDs only, depending on the cpu mode)

10. Tabbed assembler and data windows (just like in a browser ;>)

11. Code following - for example u have "JMP FAR F000:E05B" - u double-click it and it takes the listing to F000:E05B.

12. Follow history - like above, but letting u get back (for example by pressing backspace, or sth)

13. Address history in Ctrl+G, F7, etc (combo box ;>)

Hmm.. that all that comes to mi mind ;>
Keep the fire burning

Gynvael wrote:@WindowsNT

My gosh You ARE fast...

btw update failed, it downloaded some file, placed a bochs_bed.exe.new in my dir with:

Error 404

FILE NOT FOUND
------------------------------------
Thank you for visiting http://WWW.TURBOIRC.COM.
Unfortunately, the page you were looking for has been moved, or it is no longer available.

Please visit one of the following TurboIRC.COM locations from the site map below:

Edit:
OK I updated by hand ;>

Some feedback and more feature requests:
1. ctrl+g feature is cool ;> But what do You think about the idea to make the shoutcut work in the subwindow u last clicked (like in OllyDbg) ? Currently cltr+g is bind to the Assembler subwindow, and to go somewhere in the memory dump I need to user (Ctrl/Shift)+F7. The idea is for ctrl+g to work in the window last clicked. It's not a big deal, but since it's the thing that other debuggers use, it might be cool to keep up with this "standard".

2. U've added font changing support ;> Wow cool ;> The columns resize after changing the view. Could they resize automagically after font change ?

3. I don't know if it's a Vista only bug, but looks like unprintable characters are not shown at all in the ascii dump, what makes the visual assigning of a char to a code kinda troublesome. (see screenshot below). Maybe changing by hand the chars to a whitespace is a good bugfix ?


4. Very good that u have added both LE and BE display! Awesome!

5. Speaking about fonts. Checking the console (bottom of the screen) font would also be cool ;>

6. Not-for-now: themes ? It's decoration only, I know ;> But color themes are cool ;> Hackish bitmap backgrounds too ;>

7. After using ctrl+g to go to some different assembler location, and setting a breakpoint, the assembler display returns to the EIP location. It of course should stay on the same spot.

8. The find function works great. Could you do later a find function that would search for a signature / ascii string in the whole physical / linear / etc memory ?

9. A separate subwindow for the stack ? (WORD/DWORDs only, depending on the cpu mode)

10. Tabbed assembler and data windows (just like in a browser ;>)

11. Code following - for example u have "JMP FAR F000:E05B" - u double-click it and it takes the listing to F000:E05B.

12. Follow history - like above, but letting u get back (for example by pressing backspace, or sth)

13. Address history in Ctrl+G, F7, etc (combo box ;>)

Hmm.. that all that comes to mi mind ;>
Keep the fire burning

1. Will try.

2. Will try.

3. I will replace 0x00 printing with dots

5. I didn't do that because having the bochs output window to a fixed-precision font seems wise.

6. Yea , perhaps

7. I will put an option to "pause" the current dissassembly

8. This is very difficult, if not impossible, because the debugger does not actually see the memory ; it takes it from bochs interface, which means that taking the entire memory could be a *very* slow process.

9. Yea I think i 'll try that too.

10. Perhaps

11,12. This is difficult because I have to decode the instructions and detect where is a reference to a memory. Might try it when [] s are found.

13. Will do.


Give me a few days because I am out of office and also very busy with 2 other projects. Keep in touch.

5. Oh, now I noticed. It's another Vista bug - the font is different then on Your screenshots:

Thats why I've asked for this feature too - I would like FixedSys or something instead of this font ;>

8. I don't believe it's impossible ;> Imho it's very doable. Hmm, sometimes waiting for a few minutes to find something is not a bad thing. It could always be done in a separate thread that would not block everything. On the otherhand, maybe a small patch on the bochs core would allow the debugger to directly access the memory map/list/whateverithas.

11,12. Imho parsing the assembler is easier then decoding the opcodes. When working on text it comes down to writing some parsing+expression value calculating routine.

Take care ;>

Gynvael wrote: 10. Tabbed assembler and data windows (just like in a browser ;>)

I strongly disagree. The entire point of using this is that I want to be able to see BOTH windows AT THE SAME TIME.

well
i would like it this way:
a option, to activate the separation of the windows.
and as "bewing" said; that is the point of it.

KMT dk

@bewing

Maybe You misunderstood me. I'll try to be more precise.
The idea is for both the Data and Assembly window to be visible at the same time. And Both windows should have separate tabs.
One group of tabs for Data window (so u can "mark" different data locations), and one group of tabs for the Assembly window.

Gynvael wrote:
11,12. Imho parsing the assembler is easier then decoding the opcodes. When working on text it comes down to writing some parsing+expression value calculating routine.

With very small patch for Bochs disassembler I could make it to detect memory references and provide register names participated in it.
Bochs debugger already has expression calulcator so the rest is trivial as well.
Just define the requirements !

Stanislav