Debug Windows XP with bochs

Link: http://bbs.pediy.com/archive/index.php? T-131591.html

 

Bochs is an open source Simulator Based on IA-32 (x86) that can simulate various hardware configurations. Bochs simulates the entire PC platform, including I/O devices, memory and bios. It is even interesting that bochs can be run without PC hardware. In fact, it can simulate x86 hardware on any platform that compiles and runs bochs. After you have a basic understanding of it, you can start to install ** ochs. The version of my experiment is bochs2.4.2. First, install ** ochs2.4.2. After the installation, let's take a look at the programs in the bochs Folder:
Bochs.exe -----------------------> bochs main program
Bochsdbg.exe ---------------------> main program debugged by bochs
Bximage.exe -------------------------> Create a disk/Floppy image program. Pay attention to the several types of file generation (flat)
Bxcommit.exe -----------------------> undo the logging program of Disk Image
Because bochs needs to start the system in the format of input files, you must write the bxrc file for execution. below is what I wrote through disk image (simulating hard disks through files) the file to start is as follows:
# Set the default system BIOS Rom Module
Romimage: file = $ bxshare/BIOS-bochs-Latest

# Set CPU Parameters
CPU: Count = 1, IPS = 22100000, reset_on_triple_fault = 1, cpuid_limit_winnt = 0, MSRs = "MSRs. Def"

# Set the memory size
Megs: 512

# Set the default VGA Rom Module
Vgaromimage: file = $ bxshare/vgabios-lgpl-Latest
# VGA: Extension
VGA: Extension = VBE

# Hard Disk
Ata0: enabled = 1, ioaddr1 = 0x1f0, ioaddr2 = 0x3f0, IRQ = 14
Ata0-master: TYPE = disk, mode = flat, Path = "C. IMG", cylinders = 16644, heads = 16, SPT = 63

# CDROM
# Ata0-slave: TYPE = CDROM, Path = "WINXP. ISO", status = inserted

# Select the boot device.
Boot: Disk

# Disable logs
Log: NUL

# Log controls
Panic: Action = ask
Error: Action = Report
Info: Action = Report
Debug: Action = ignore

# Debugger_log:
Debugger_log :-

# Set up a serial channel that can be connected to windbg
# Com2: enabled = 1, mode = pipe-server, Dev =\\. \ PIPE \ com_2

# Vga_update_interval
Vga_update_interval: 300000

# Keyboard_serial_delay
Keyboard_serial_delay: 250

# Keyboard_paste_delay
Keyboard_paste_delay: 100000

# Mouse
Mouse: enabled = 0

# Private_colormap
Private_colormap: enabled = 0

# Keyboard_mapping
Keyboard_mapping: enabled = 0, map =

# End of WINXP. bxrc configuration information
The above is all content, # represents the comment line. Pay attention to the following boot: Disk
, Start by disk. You can also enter boot: floppy or boot: CDROM here;
If you are only debugging MBR or ntldr, use floppy = xxx. You can use an IMG to start the device first. But here I use disk image to start it. First, we use winhex to clone the C disk (primary partition) or the entire hard disk. This can be cloned from VMware, after cloning, you will get the logical size of the primary partition or hard disk. Pay attention to this statement:
Ata0-master: TYPE = disk, mode = flat, Path = "C. IMG", cylinders = 16644, heads = 16, SPT = 63
Here cylinders refers to the number of cylinders, heads refers to the number of magnetic heads, and SPT refers to the number of clusters/sectors. The values of these three parameters must meet the conditions before bochs can load the image. This is a very troublesome problem. First, I will check the harddrv IN THE iodev project of bochs source code. C (void bx_hard_drive_c: Init (void) function) has a process in which the C/h/S parameter is obtained by comparing "type" to = bx_ata_device_disk, by comparing the types, harddrv points to the corresponding class. For example, if the flat format is default_image_t, if it is not found, it is returned to the user that the virtual hard disk type cannot be matched, however, I still cannot find the condition for determination, but the source code contains the following sentence: bit64u
Disk_size = (bit64u) CYL * heads * SPT * 512; Always Prompt: ata0-0 disk size doesn't match specified geometry (Disk size cannot match the specified number ), there is no other way. I really want to encounter a bottleneck. After a day, no matter how I calculate it, I can't meet the conditions, the Help file and the source code have also been read several times, and the Internet has been constantly searching for information and asking people everywhere, which still cannot be solved. Is there really no way to solve this problem? I stopped my eye on the bximage.exe process. This process is used to create a disk image and there are conditions in it. I think I can first create a DiskImage with valid conditions, then write the cloned image file to the created disk.
Image, as shown in:
55680
You can obtain the file size based on the following parameters: cyl, heads, and sectors per track. The file size can be larger than the image system file, and then be written using winhex. I am in the source code, the conversion rules for the following CHS and logical size are also found:
Int hdsize, cyl, heads = 16, SPT = 63;
// How to convert cy1, hdsize is the size of the created Disk
Cyl = (INT) (hdsize * 1024.0*1024.0/16.0/63.0/512.0 );
Assert (CYL <65536); Limit the maximum number of cyles <65536
Sectors = CYL * heads * SPT; Total number of sectors
................................
// Create a disk image file according to the conditions
Make_image (sectors, filename, write_function );
Printf ("\ ni wrote % LLD bytes to % S. \ n", sectors * 512, filename );
Imagesize = sectors * 512; // final file size (Disk size)
Steps:
1. First, use bximage.exe to create a large and small image file (two types of images are used to configure cyl1_heads1_spt. the image size allocated by bximage.exe is used in one way. 2. The source code is used to calculate the image size)
2. cloned image2
3. Write iamge2 content into the image
4. Compile BAT to load disk image and start Windows XP
The batch processing content is as follows:
Set bxshare = E: \ Bochs-2.4.2
% Bxshare % \ bochs.exe-Q-F bochsrc.txt
Pause
The effect is as follows:
55678
Finally, we can use the master partition of the clone Win XP system for bochs debugging. However, bochs does not have a symbol table, so we have to combine windbg and bochs, but I have not succeeded yet, according to an article on the internet, I added a name for the pipeline communication code in the bochs source code, and also said that the bochs serial port speed is too fast. I hope you can give me some ideas. Thank you!