Lab_1:练习2——使用qemu执行并调试lab1中的软件
一、实验内容
为了熟悉使用qemu和gdb进行的调试工作,我们进行如下的小练习:
(一)从CPU加电后执行的第一条指令开始,单步跟踪BIOS的执行。
(二)在初始化位置0x7c00设置实地址断点,测试断点正常。
(三)从0x7c00开始跟踪代码运行,将单步跟踪反汇编得到的代码与bootasm.S和 bootblock.asm进行比较。
(四)自己找一个bootloader或内核中的代码位置,设置断点并进行测试。
二、实验步骤
补充材料:
我们主要通过硬件模拟器qemu来进行各种实验。在实验的过程中我们可能会遇上各种各样的问题,调试是必要的。qemu支持使用gdb进行的强大而方便的调试。所以用好qemu和gdb是完成各种实验的基本要素
默认的gdb需要进行一些额外的配置才进行qemu的调试任务。qemu和gdb之间使用网络端口1234进行通讯。在打开qemu进行模拟之后,执行gdb并输
target remote :1234
即可连接qemu,此时qemu会进入停止状态,听从gdb的命令
另外,我们可能需要qemu在一开始便进入等待模式,则我们不再使用make qemu开始系统的运行,而使用make debug来完成这项工作。这样qemu便不会在gdb尚未连接的时候擅自运行了。
gdb的地址断点
在gdb命令行中,使用b *[地址]便可以在指定内存地址设置断点,当qemu中的cpu执行到指定地址时,便会将控制权交给gdb。
(一)从CPU加电后执行的第一条指令开始,单步跟踪BIOS的执行
1.修改gdbinit文件
首先,在 /moocos/ucore_lab/labcodes_answer/lab1_result/tools 目录下,修改gdbinit文件
进入目录:
cd ./moocos/ucore_lab/labcodes_answer/lab1_result/tools
修改方法为:
输入vim gdbinit
用D删除gdbinit中原有的内容(D为删除整行,x或X为删除单个字符)
#include <asm.h>
# Start the CPU: switch to 32-bit protected mode, jump into C.
# The BIOS loads this code from the first sector of the hard disk into
# memory at physical address 0x7c00 and starts executing in real mode
# with %cs=0 %ip=7c00.
.set PROT_MODE_CSEG, 0x8 # kernel code segment selector
.set PROT_MODE_DSEG, 0x10 # kernel data segment selector
.set CR0_PE_ON, 0x1 # protected mode enable flag
# start address should be 0:7c00, in real mode, the beginning address of the running bootloader
.globl start
start:
.code16 # Assemble for 16-bit mode
cli # Disable interrupts
cld # String operations increment
# Set up the important data segment registers (DS, ES, SS).
xorw %ax, %ax # Segment number zero
movw %ax, %ds # -> Data Segment
movw %ax, %es # -> Extra Segment
movw %ax, %ss # -> Stack Segment
# Enable A20:
# For backwards compatibility with the earliest PCs, physical
# address line 20 is tied low, so that addresses higher than
# 1MB wrap around to zero by default. This code undoes this.
seta20.1:
inb $0x64, %al # Wait for not busy(8042 input buffer empty).
testb $0x2, %al
jnz seta20.1
movb $0xd1, %al # 0xd1 -> port 0x64
outb %al, $0x64 # 0xd1 means: write data to 8042's P2 port
seta20.2:
inb $0x64, %al # Wait for not busy(8042 input buffer empty).
testb $0x2, %al
jnz seta20.2
movb $0xdf, %al # 0xdf -> port 0x60
outb %al, $0x60 # 0xdf = 11011111, means set P2's A20 bit(the 1 bit) to 1
# Switch from real to protected mode, using a bootstrap GDT
# and segment translation that makes virtual addresses
# identical to physical addresses, so that the
# effective memory map does not change during the switch.
lgdt gdtdesc
movl %cr0, %eax
orl $CR0_PE_ON, %eax
movl %eax, %cr0
# Jump to next instruction, but in 32-bit code segment.
# Switches processor into 32-bit mode.
ljmp $PROT_MODE_CSEG, $protcseg
.code32 # Assemble for 32-bit mode
protcseg:
# Set up the protected-mode data segment registers
movw $PROT_MODE_DSEG, %ax # Our data segment selector
movw %ax, %ds # -> DS: Data Segment
movw %ax, %es # -> ES: Extra Segment
movw %ax, %fs # -> FS
movw %ax, %gs # -> GS
movw %ax, %ss # -> SS: Stack Segment
# Set up the stack pointer and call into C. The stack region is from 0--start(0x7c00)
movl $0x0, %ebp
movl $start, %esp
call bootmain
# If bootmain returns (it shouldn't), loop.
spin:
jmp spin
# Bootstrap GDT
.p2align 2 # force 4 byte alignment
gdt:
SEG_NULLASM # null seg
SEG_ASM(STA_X|STA_R, 0x0, 0xffffffff) # code seg for bootloader and kernel
SEG_ASM(STA_W, 0x0, 0xffffffff) # data seg for bootloader and kernel
gdtdesc:
.word 0x17 # sizeof(gdt) - 1
.long gdt # address gdt
bootasm.S
bootblock.asm的完整代码为:
obj/bootblock.o: file format elf32-i386 Disassembly of section .text: 00007c00 <start>: # start address should be 0:7c00, in real mode, the beginning address of the running bootloader .globl start start: .code16 # Assemble for 16-bit mode cli # Disable interrupts 7c00: fa cli cld # String operations increment 7c01: fc cld # Set up the important data segment registers (DS, ES, SS). xorw %ax, %ax # Segment number zero 7c02: 31 c0 xor %eax,%eax movw %ax, %ds # -> Data Segment 7c04: 8e d8 mov %eax,%ds movw %ax, %es # -> Extra Segment 7c06: 8e c0 mov %eax,%es movw %ax, %ss # -> Stack Segment 7c08: 8e d0 mov %eax,%ss 00007c0a <seta20.1>: # Enable A20: # For backwards compatibility with the earliest PCs, physical # address line 20 is tied low, so that addresses higher than # 1MB wrap around to zero by default. This code undoes this. seta20.1: inb $0x64, %al # Wait for not busy(8042 input buffer empty). 7c0a: e4 64 in $0x64,%al testb $0x2, %al 7c0c: a8 02 test $0x2,%al jnz seta20.1 7c0e: 75 fa jne 7c0a <seta20.1> movb $0xd1, %al # 0xd1 -> port 0x64 7c10: b0 d1 mov $0xd1,%al outb %al, $0x64 # 0xd1 means: write data to 8042's P2 port 7c12: e6 64 out %al,$0x64 00007c14 <seta20.2>: seta20.2: inb $0x64, %al # Wait for not busy(8042 input buffer empty). 7c14: e4 64 in $0x64,%al testb $0x2, %al 7c16: a8 02 test $0x2,%al jnz seta20.2 7c18: 75 fa jne 7c14 <seta20.2> movb $0xdf, %al # 0xdf -> port 0x60 7c1a: b0 df mov $0xdf,%al outb %al, $0x60 # 0xdf = 11011111, means set P2's A20 bit(the 1 bit) to 1 7c1c: e6 60 out %al,$0x60 # Switch from real to protected mode, using a bootstrap GDT # and segment translation that makes virtual addresses # identical to physical addresses, so that the # effective memory map does not change during the switch. lgdt gdtdesc 7c1e: 0f 01 16 lgdtl (%esi) 7c21: 6c insb (%dx),%es:(%edi) 7c22: 7c 0f jl 7c33 <protcseg+0x1> movl %cr0, %eax 7c24: 20 c0 and %al,%al orl $CR0_PE_ON, %eax 7c26: 66 83 c8 01 or $0x1,%ax movl %eax, %cr0 7c2a: 0f 22 c0 mov %eax,%cr0 # Jump to next instruction, but in 32-bit code segment. # Switches processor into 32-bit mode. ljmp $PROT_MODE_CSEG, $protcseg 7c2d: ea 32 7c 08 00 66 b8 ljmp $0xb866,$0x87c32 00007c32 <protcseg>: .code32 # Assemble for 32-bit mode protcseg: # Set up the protected-mode data segment registers movw $PROT_MODE_DSEG, %ax # Our data segment selector 7c32: 66 b8 10 00 mov $0x10,%ax movw %ax, %ds # -> DS: Data Segment 7c36: 8e d8 mov %eax,%ds movw %ax, %es # -> ES: Extra Segment 7c38: 8e c0 mov %eax,%es movw %ax, %fs # -> FS 7c3a: 8e e0 mov %eax,%fs movw %ax, %gs # -> GS 7c3c: 8e e8 mov %eax,%gs movw %ax, %ss # -> SS: Stack Segment 7c3e: 8e d0 mov %eax,%ss # Set up the stack pointer and call into C. The stack region is from 0--start(0x7c00) movl $0x0, %ebp 7c40: bd 00 00 00 00 mov $0x0,%ebp movl $start, %esp 7c45: bc 00 7c 00 00 mov $0x7c00,%esp call bootmain 7c4a: e8 b1 00 00 00 call 7d00 <bootmain> 00007c4f <spin>: # If bootmain returns (it shouldn't), loop. spin: jmp spin 7c4f: eb fe jmp 7c4f <spin> 7c51: 8d 76 00 lea 0x0(%esi),%esi 00007c54 <gdt>: ... 7c5c: ff (bad) 7c5d: ff 00 incl (%eax) 7c5f: 00 00 add %al,(%eax) 7c61: 9a cf 00 ff ff 00 00 lcall $0x0,$0xffff00cf 7c68: 00 92 cf 00 17 00 add %dl,0x1700cf(%edx) 00007c6c <gdtdesc>: 7c6c: 17 pop %ss 7c6d: 00 54 7c 00 add %dl,0x0(%esp,%edi,2) ... 00007c72 <readseg>: /* * * readseg - read @count bytes at @offset from kernel into virtual address @va, * might copy more than asked. * */ static void readseg(uintptr_t va, uint32_t count, uint32_t offset) { 7c72: 55 push %ebp 7c73: 89 e5 mov %esp,%ebp 7c75: 57 push %edi 7c76: 56 push %esi 7c77: 89 c6 mov %eax,%esi 7c79: 53 push %ebx uintptr_t end_va = va + count; 7c7a: 8d 04 10 lea (%eax,%edx,1),%eax // round down to sector boundary va -= offset % SECTSIZE; 7c7d: 31 d2 xor %edx,%edx /* * * readseg - read @count bytes at @offset from kernel into virtual address @va, * might copy more than asked. * */ static void readseg(uintptr_t va, uint32_t count, uint32_t offset) { 7c7f: 53 push %ebx uintptr_t end_va = va + count; 7c80: 89 45 f0 mov %eax,-0x10(%ebp) // round down to sector boundary va -= offset % SECTSIZE; 7c83: 89 c8 mov %ecx,%eax 7c85: f7 35 e4 7d 00 00 divl 0x7de4 7c8b: 29 d6 sub %edx,%esi // translate from bytes to sectors; kernel starts at sector 1 uint32_t secno = (offset / SECTSIZE) + 1; 7c8d: 8d 58 01 lea 0x1(%eax),%ebx // If this is too slow, we could read lots of sectors at a time. // We'd write more to memory than asked, but it doesn't matter -- // we load in increasing order. for (; va < end_va; va += SECTSIZE, secno ++) { 7c90: 3b 75 f0 cmp -0x10(%ebp),%esi 7c93: 73 65 jae 7cfa <readseg+0x88> static inline void ltr(uint16_t sel) __attribute__((always_inline)); static inline uint8_t inb(uint16_t port) { uint8_t data; asm volatile ("inb %1, %0" : "=a" (data) : "d" (port)); 7c95: ba f7 01 00 00 mov $0x1f7,%edx 7c9a: ec in (%dx),%al struct elfhdr * ELFHDR = ((struct elfhdr *)0x10000) ; // scratch space /* waitdisk - wait for disk ready */ static void waitdisk(void) { while ((inb(0x1F7) & 0xC0) != 0x40) 7c9b: 83 e0 c0 and $0xffffffc0,%eax 7c9e: 3c 40 cmp $0x40,%al 7ca0: 75 f3 jne 7c95 <readseg+0x23> : "memory", "cc"); } static inline void outb(uint16_t port, uint8_t data) { asm volatile ("outb %0, %1" :: "a" (data), "d" (port)); 7ca2: b2 f2 mov $0xf2,%dl 7ca4: b0 01 mov $0x1,%al 7ca6: ee out %al,(%dx) 7ca7: 0f b6 c3 movzbl %bl,%eax 7caa: b2 f3 mov $0xf3,%dl 7cac: ee out %al,(%dx) 7cad: 0f b6 c7 movzbl %bh,%eax 7cb0: b2 f4 mov $0xf4,%dl 7cb2: ee out %al,(%dx) waitdisk(); outb(0x1F2, 1); // count = 1 outb(0x1F3, secno & 0xFF); outb(0x1F4, (secno >> 8) & 0xFF); outb(0x1F5, (secno >> 16) & 0xFF); 7cb3: 89 d8 mov %ebx,%eax 7cb5: b2 f5 mov $0xf5,%dl 7cb7: c1 e8 10 shr $0x10,%eax 7cba: 0f b6 c0 movzbl %al,%eax 7cbd: ee out %al,(%dx) outb(0x1F6, ((secno >> 24) & 0xF) | 0xE0); 7cbe: 89 d8 mov %ebx,%eax 7cc0: b2 f6 mov $0xf6,%dl 7cc2: c1 e8 18 shr $0x18,%eax 7cc5: 83 e0 0f and $0xf,%eax 7cc8: 83 c8 e0 or $0xffffffe0,%eax 7ccb: ee out %al,(%dx) 7ccc: b0 20 mov $0x20,%al 7cce: b2 f7 mov $0xf7,%dl 7cd0: ee out %al,(%dx) static inline void ltr(uint16_t sel) __attribute__((always_inline)); static inline uint8_t inb(uint16_t port) { uint8_t data; asm volatile ("inb %1, %0" : "=a" (data) : "d" (port)); 7cd1: ba f7 01 00 00 mov $0x1f7,%edx 7cd6: ec in (%dx),%al struct elfhdr * ELFHDR = ((struct elfhdr *)0x10000) ; // scratch space /* waitdisk - wait for disk ready */ static void waitdisk(void) { while ((inb(0x1F7) & 0xC0) != 0x40) 7cd7: 83 e0 c0 and $0xffffffc0,%eax 7cda: 3c 40 cmp $0x40,%al 7cdc: 75 f3 jne 7cd1 <readseg+0x5f> // wait for disk to be ready waitdisk(); // read a sector insl(0x1F0, dst, SECTSIZE / 4); 7cde: 8b 0d e4 7d 00 00 mov 0x7de4,%ecx return data; } static inline void insl(uint32_t port, void *addr, int cnt) { asm volatile ( 7ce4: 89 f7 mov %esi,%edi 7ce6: ba f0 01 00 00 mov $0x1f0,%edx 7ceb: c1 e9 02 shr $0x2,%ecx 7cee: fc cld 7cef: f2 6d repnz insl (%dx),%es:(%edi) uint32_t secno = (offset / SECTSIZE) + 1; // If this is too slow, we could read lots of sectors at a time. // We'd write more to memory than asked, but it doesn't matter -- // we load in increasing order. for (; va < end_va; va += SECTSIZE, secno ++) { 7cf1: 03 35 e4 7d 00 00 add 0x7de4,%esi 7cf7: 43 inc %ebx 7cf8: eb 96 jmp 7c90 <readseg+0x1e> readsect((void *)va, secno); } } 7cfa: 58 pop %eax 7cfb: 5b pop %ebx 7cfc: 5e pop %esi 7cfd: 5f pop %edi 7cfe: 5d pop %ebp 7cff: c3 ret 00007d00 <bootmain>: /* bootmain - the entry of bootloader */ void bootmain(void) { // read the 1st page off disk readseg((uintptr_t)ELFHDR, SECTSIZE * 8, 0); 7d00: a1 e4 7d 00 00 mov 0x7de4,%eax 7d05: 31 c9 xor %ecx,%ecx } } /* bootmain - the entry of bootloader */ void bootmain(void) { 7d07: 55 push %ebp 7d08: 89 e5 mov %esp,%ebp 7d0a: 56 push %esi // read the 1st page off disk readseg((uintptr_t)ELFHDR, SECTSIZE * 8, 0); 7d0b: 8d 14 c5 00 00 00 00 lea 0x0(,%eax,8),%edx 7d12: a1 e0 7d 00 00 mov 0x7de0,%eax } } /* bootmain - the entry of bootloader */ void bootmain(void) { 7d17: 53 push %ebx // read the 1st page off disk readseg((uintptr_t)ELFHDR, SECTSIZE * 8, 0); 7d18: e8 55 ff ff ff call 7c72 <readseg> // is this a valid ELF? if (ELFHDR->e_magic != ELF_MAGIC) { 7d1d: a1 e0 7d 00 00 mov 0x7de0,%eax 7d22: 81 38 7f 45 4c 46 cmpl $0x464c457f,(%eax) 7d28: 75 3a jne 7d64 <bootmain+0x64> } struct proghdr *ph, *eph; // load each program segment (ignores ph flags) ph = (struct proghdr *)((uintptr_t)ELFHDR + ELFHDR->e_phoff); 7d2a: 8b 58 1c mov 0x1c(%eax),%ebx 7d2d: 01 c3 add %eax,%ebx eph = ph + ELFHDR->e_phnum; 7d2f: 0f b7 40 2c movzwl 0x2c(%eax),%eax 7d33: c1 e0 05 shl $0x5,%eax 7d36: 8d 34 03 lea (%ebx,%eax,1),%esi for (; ph < eph; ph ++) { 7d39: 39 f3 cmp %esi,%ebx 7d3b: 73 18 jae 7d55 <bootmain+0x55> readseg(ph->p_va & 0xFFFFFF, ph->p_memsz, ph->p_offset); 7d3d: 8b 43 08 mov 0x8(%ebx),%eax struct proghdr *ph, *eph; // load each program segment (ignores ph flags) ph = (struct proghdr *)((uintptr_t)ELFHDR + ELFHDR->e_phoff); eph = ph + ELFHDR->e_phnum; for (; ph < eph; ph ++) { 7d40: 83 c3 20 add $0x20,%ebx readseg(ph->p_va & 0xFFFFFF, ph->p_memsz, ph->p_offset); 7d43: 8b 4b e4 mov -0x1c(%ebx),%ecx 7d46: 8b 53 f4 mov -0xc(%ebx),%edx 7d49: 25 ff ff ff 00 and $0xffffff,%eax 7d4e: e8 1f ff ff ff call 7c72 <readseg> 7d53: eb e4 jmp 7d39 <bootmain+0x39> } // call the entry point from the ELF header // note: does not return ((void (*)(void))(ELFHDR->e_entry & 0xFFFFFF))(); 7d55: a1 e0 7d 00 00 mov 0x7de0,%eax 7d5a: 8b 40 18 mov 0x18(%eax),%eax 7d5d: 25 ff ff ff 00 and $0xffffff,%eax 7d62: ff d0 call *%eax asm volatile ("outb %0, %1" :: "a" (data), "d" (port)); } static inline void outw(uint16_t port, uint16_t data) { asm volatile ("outw %0, %1" :: "a" (data), "d" (port)); 7d64: b8 00 8a ff ff mov $0xffff8a00,%eax 7d69: 89 c2 mov %eax,%edx 7d6b: 66 ef out %ax,(%dx) 7d6d: b8 00 8e ff ff mov $0xffff8e00,%eax 7d72: 66 ef out %ax,(%dx) 7d74: eb fe jmp 7d74 <bootmain+0x74>bootblock.asm
反汇编得到的代码是:
下图是bootasm.S中14到28行的代码:
下面是bootblock.asm中10到25行的代码
比较可知,三者基本一致。
(四)自己找一个bootloader或内核中的代码位置,设置断点并进行测试
略
- 使用VIM开发软件项目 - (15) 在VIM中使用GDB调试 (一)
- 使用ClickOnce部署,强制要求用户使用最新发布版本才可以执行软件的方法
- 使用cli(命令行)方式执行php程序进行高效的程序调试
- 串口调试程序软件GraphdCommDebugger V1.0 与使用手册
- 使用qemu + KGDB调试内核
- 实验 8 数组2 1、程序调试,按照“分析结果、设置断点、使用单步执行并观察变量、分析变量结果、修改程序”五个阶段调试和改正程序;
- Android 软件开发之如何使用Eclipse Debug调试程序详解(十二)
- 在Oralce存储过程中使用游标来逐行处理数据示例并执行调试
- 如何使用gdb结合qemu调试linux内核源码
- 使用qemu调试linux内核
- 如何使用gdb结合qemu调试linux内核源码
- 使用 GDB 调试 Linux 软件
- Android 软件开发之如何使用Eclipse Debug调试程序详解
- zend studio调试php程序(使用xdebug),cli,cgi,sapi,php程序执行流程
- Android 软件开发之如何使用Eclipse Debug调试程序详解
- 使用GDB调试Linux软件
- 使用SQLyog软件(执行存储过程)的一个怪异问题!!!
- 使用 GDB 调试 Linux 软件(转)
- Android 软件开发之如何使用Eclipse Debug调试程序详解(十二)
- 掌握 Linux 调试技术 使用 GDB 调试 Linux 软件