[Qemu-devel] Trouble with GDB & Some 'Can it be done' Debugging questions

[Qemu-devel] Trouble with GDB & Some 'Can it be done' Debugging questions

[Steve Ellenoff]

Hi -

I'm having a bit of trouble getting gdb to do what I was hoping it would 
with qemu. Following the instructions in the docs:

#1) I launch qemu with -S -s flags ( since I want to trace the bootloader 
code )
It says: Waiting gdb connection on port 1234 - which is correct, and it 
opens the monitor window.

#2) I open a second terminal window and type gdb vmlinux
It displays:
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...vmlinux: No such file 
or directory.

Notice the last part saying it can't find file or directory vmlinux. What am 
I doing wrong here?

#3) Anytime I try to dump the instruction at the current IP such as:
(gdb) x /10i $eip

I get this - which means it's not actually reading or displaying the memory 
properly, since those look to be what you would see if it was all 0 in 
memory (or maybe it's all 0xff - whichever).l

0xe05f: add    %al,(%eax)
0xe061: add    %al,(%eax)
0xe063: add    %al,(%eax)
0xe065: add    %al,(%eax)
0xe067: add    %al,(%eax)
0xe069: add    %al,(%eax)
0xe06b: add    %al,(%eax)
0xe06d: add    %al,(%eax)
0xe06f: add    %al,(%eax)
0xe071: add    %al,(%eax)

So what is the problem here? If I use the QEMU monitor, the dump is correct 
and shows real instructions.

This leads to my next question:

#4) Can you use gdb to debug and set breakpoints on binary code you don't 
have any source code or other file for the binary, except the binary file 
itself? Everything I've read so far on GDB (and especially any GDB Gui front 
end) seems to suggest it's not possible. That would really suck.

This is easy as pie to do in Bochs since it has a built in debugger (similar 
to monitor, but far more capable, such as setting break points and stuff).

After hours of googling I'm beginning to wonder if it can be done in GDB - 
ESPECIALLY setting breakpoints on the code hitting certain memory addresses, 
ie, the EIP hitting certain values such as 0xc000 for example. Surely it 
must be able to do this, and i'm just too unfamiliar with gdb to know how.

PS - I'm still quite new to qemu and also linux, so please keep that in 
mind. QEMU was actually the first time I really had a good reason to sit 
down and check out linux. I'm glad I did, I like a lot of things about it so 
far, though being a novice sucks, when I'm used to being a superguru in 
Windoze.

I hope someone can shed some light for me on these many questions!

Thank you for any help-
-Steve

Re: [Qemu-devel] Trouble with GDB & Some 'Can it be done' Debugging questions

[Mulyadi Santosa]

Hi Steve...

> Hi -
>
> I'm having a bit of trouble getting gdb to do what I was hoping it
> would with qemu. Following the instructions in the docs:
>
> #1) I launch qemu with -S -s flags ( since I want to trace the
> bootloader code )
> It says: Waiting gdb connection on port 1234 - which is correct, and
> it opens the monitor window.
>
> #2) I open a second terminal window and type gdb vmlinux
>[cut]...
> "i386-redhat-linux-gnu"...vmlinux: No such file or directory.

This message obviously said: either you don't actually have "vmlinux" 
file or you don't give correct path to the vmlinux file.  Can you 
confirm that you had given correct path? Also, it is possible that its 
name isn't vmlinux (since one is free to rename it)...

> #3) Anytime I try to dump the instruction at the current IP such as:
> (gdb) x /10i $eip
>
> I get this - which means it's not actually reading or displaying the
> memory properly, since those look to be what you would see if it was
> all 0 in memory (or maybe it's all 0xff - whichever).l

are you sure you had executed this command in gdb?:
target remote localhost:1234

Seems like gdb is dumping a wrong address space...

> This leads to my next question:
>
> #4) Can you use gdb to debug and set breakpoints on binary code you
> don't have any source code or other file for the binary, except the
> binary file itself? Everything I've read so far on GDB (and
> especially any GDB Gui front end) seems to suggest it's not possible.
> That would really suck.

Well, you can, but of course you can't set the breakpoint at certain 
source code's line, but instead put the breakpoint explicitly as memory 
address.

Anyway, i really suggest to read more about gdb by typing:
info gdb
in your shell prompt. It will display the complete gdb manual.

Don't be hesitate to ask (we're all still learning after all)...

regards,

Mulyadi

Re: [Qemu-devel] Trouble with GDB & Some 'Can it be done' Debugging questions

[Steve Ellenoff]

[-- Attachment #1: Type: text/html, Size: 4021 bytes --]

Re: [Qemu-devel] Trouble with GDB & Some 'Can it be done' Debugging questions

[Daniel Jacobowitz]

On Wed, Jul 19, 2006 at 08:43:57AM +0000, Steve Ellenoff wrote:
> #3) Anytime I try to dump the instruction at the current IP such as:
> (gdb) x /10i $eip
> 
> I get this - which means it's not actually reading or displaying the memory 
> properly, since those look to be what you would see if it was all 0 in 
> memory (or maybe it's all 0xff - whichever).l
> 
> 0xe05f: add    %al,(%eax)

qemu doesn't report memory errors to GDB.  It reports -1 values
instead.  This is annoying.  I think I posted a patch for it once and
never followed up when it was ignored.

It might be reading the wrong address; it might be confused due to
segmenting; it might be looking at something that would require a TLB
fault.

> #4) Can you use gdb to debug and set breakpoints on binary code you don't 
> have any source code or other file for the binary, except the binary file 
> itself? Everything I've read so far on GDB (and especially any GDB Gui 
> front end) seems to suggest it's not possible. That would really suck.

Sure you can.  It will just work.

-- 
Daniel Jacobowitz
CodeSourcery

Re: [Qemu-devel] Trouble with GDB & Some 'Can it be done' Debugging questions

[Fabrice Bellard]

Daniel Jacobowitz wrote:
> On Wed, Jul 19, 2006 at 08:43:57AM +0000, Steve Ellenoff wrote:
> 
>>#3) Anytime I try to dump the instruction at the current IP such as:
>>(gdb) x /10i $eip
>>
>>I get this - which means it's not actually reading or displaying the memory 
>>properly, since those look to be what you would see if it was all 0 in 
>>memory (or maybe it's all 0xff - whichever).l
>>
>>0xe05f: add    %al,(%eax)
> 
> 
> qemu doesn't report memory errors to GDB.  It reports -1 values
> instead.  This is annoying.  I think I posted a patch for it once and
> never followed up when it was ignored.

This is not correct: an error is correctly reported by the QEMU gdb stub...

Regards,

Fabrice.

Re: [Qemu-devel] Trouble with GDB & Some 'Can it be done' Debugging questions

[Daniel Jacobowitz]

On Thu, Jul 20, 2006 at 11:04:01PM +0200, Fabrice Bellard wrote:
> Daniel Jacobowitz wrote:
> >On Wed, Jul 19, 2006 at 08:43:57AM +0000, Steve Ellenoff wrote:
> >
> >>#3) Anytime I try to dump the instruction at the current IP such as:
> >>(gdb) x /10i $eip
> >>
> >>I get this - which means it's not actually reading or displaying the 
> >>memory properly, since those look to be what you would see if it was all 
> >>0 in memory (or maybe it's all 0xff - whichever).l
> >>
> >>0xe05f: add    %al,(%eax)
> >
> >
> >qemu doesn't report memory errors to GDB.  It reports -1 values
> >instead.  This is annoying.  I think I posted a patch for it once and
> >never followed up when it was ignored.
> 
> This is not correct: an error is correctly reported by the QEMU gdb stub...

Must've been fixed then!  Sorry.  In that case, Steve, you're probably
reading the wrong address (maybe segmentation-related?).

-- 
Daniel Jacobowitz
CodeSourcery