Use bochs to debug MBR

Author: Cryin
Date: 2010.03.27

Connection: http://hi.baidu.com/justear
I. Environment Configuration:
Operating System: Microsoft Windows XP Professional Service Pack 3
Debugging tool: bochs 2.4.0.0
1. Install bochs:
Bochs is a very lightweight open source IA-32 (x86) Computer simulator written using c ++ that can run on the most popular platform. It simulates intel x86 CPUs, common I/O devices, and customized BIOS. Currently, Bochs can be compiled to simulate 386, 486, Pentium/PentiumII/PentiumIII/Pentium4 or x86-64-bit CPUs, including optional MMX, SSEx, and 3DNow commands. Many operating systems such as Linux, DOS, Windows 95/98/NT/2000/XP, and Windows Vista can be run in the Bochs simulation environment. Bochs was compiled by Kevin Lawton and is currently maintained by the Bochs project team of http://bochs.sourceforge.net.
Bochs is far inferior to other virtual machines such as VMware in terms of performance, but bochs is superior to other virtual machines in terms of debugging. This article describes how to configure the bochs debugging environment and how to use bochs to debug the MBR program. This section focuses on the Environment configuration and simple MBR instance debugging. The MBR debugging is not analyzed in detail. It is mainly to make a document record. Because I have been exploring for a long time in the process of using bochs for debugging, and I have taken many detours. Therefore, this document can be helpful to some people. In addition, it is always messy every time you re-build bochs. Therefore, write this article for reference in the future!
The latest release of Bochs can be downloaded from the bochs home http://bochs.sourceforge.net, or from the site to get bochs documentation and source code. In this example, bochs 2.4.0.0 is used.
. Since bochs itself is a virtual machine, first install a system. In this example, win 2 K system is used.
1) create a virtual hard disk:
Run bximage.exe to create a 4G, flat mode virtual hard disk file disk. img. This will generate a 4G disk. imgfile in the current directory. Operations

2) install the system:
You can use a Windows 2 K system disk to directly install or create an ISO image file. Considering the speed of the bochs virtual machine, you are not recommended to install the system yourself, it is best to directly copy the disk that has been installed on the operating system with others. imgfile.
3) create win2k. bxrc:
Main content:
# Win2k. bxrc configuration information
# Set the default system bios rom Module
Romimage: file = $ BXSHARE/BIOS-bochs-latest
# Set CPU Parameters
Cpu: count = 1, ips = 22100000, reset_on_triple_fault = 1, cpuid_limit_winnt = 0, msrs = "msrs. def"
# Set the memory. You can select 8, 16, 32, 64, 128, or 512.
Megs: 512
# Set the default vga rom Module
Vgaromimage: file = $ BXSHARE/VGABIOS-lgpl-latest
# Vga: extension
Vga: extension = vbe
# Select and set disk drive A. Note that the mbr file is changed to a. img during debugging.
Floppya: 44 = a. img, status = inserted
# ATA controller for hard disks and cdroms
Ata0: enabled = 1, ioaddr1 = 0x1f0, ioaddr2 = 0x3f0, irq = 14
Ata1: enabled = 1, ioaddr1 = 0x170, ioaddr2 = 0x370, irq = 15
Ata2: enabled = 0, ioaddr1 = 0x1e8, ioaddr2 = 0x3e0, irq = 11
Ata3: enabled = 0, ioaddr1 = 0x168, ioaddr2 = 0x360, irq = 9
# Selecting a boot device
Boot: floppy, disk
# Enables or disables the 0xaa55 signature check on boot floppies
Floppy_bootsig_check: disabled = 0
# Disable logs
Log: nul
# LOG CONTROLS
Panic: action = ask
Error: action = report
Info: action = report
Debug: action = ignore
# DEBUGGER_LOG:
Debugger_log :-
# Set up a serial channel that can be connected to windbg. In this example, you do not need to comment it out.
Com2: enabled = 1, mode = pipe-server, dev = \. pipecom_2
# VGA_UPDATE_INTERVAL
Vga_update_interval: 300000
# KEYBOARD_SERIAL_DELAY
Keyboard_serial_delay: 250
# KEYBOARD_PASTE_DELAY
Keyboard_paste_delay: 100000
# MOUSE
Mouse: enabled = 0
# Private_colormap
Private_colormap: enabled = 0
# Set Nic Information
Ne2k: ioaddr = 0x300, irq = 10, mac = 00: 1B: 77: 59: AC: 28, ethmod = win32,

Ethdev = DeviceNPF _ {5175FF64-AD7E-4B75-A4E0-540FA4AAF493}
# Pnic: Bochs/Etherboot pseudo-NIC
Pnic: enabled = 1, mac = 00: 26: 55: 36: ec: AE, ethmod = vnet
# KEYBOARD_MAPPING
Keyboard_mapping: enabled = 0, map =
# Set the video card and nic of the hardware device.
I440fxsupport: enabled = 1, slot1 = pcivga, slot2 = ne2k
# Set the PCI device code and vendor code. It seems that you can write it at will.
Pcidev: vendor = 0x1234, device = 0x5678
# End of win2k. bxrc configuration information

Prepare to obtain the relevant information. In this example, the local Nic information is used. The figure shows several Nic information due to the installation of VMware.


4) create a batch file running bochs
Create and run the bochs batch file "Run. bat". Main content:
Set BXSHARE = F: ochs repository path of the bochs.exe
When bxw.w.w.ochsdbg.exe-q-f win2k. bxrc
Rem ready bxshareincludebug32.exe-q-f win2k. bxrc
# Win2k. bxrc: The win2k. bxrc configuration file created in the previous step.
5) Use bochs to start debugging:
Now you can use bochs for debugging. Double-click "run. bat "batch file to open the bochs debugger, if there is. in the imgfile, bochs starts the operating system as a disc; if there is no. imgfile, bochs will start the operating system in the form of a hard disk, of course. the img name can be in win2k. modify the bxrc configuration file as per your preferences.
Ii. Use bochs to debug MBR
1) Compile the MBR program:
In this example, the MBR applet "MBR-based system logon password verification program" I have previously written is used to demonstrate how to debug MBR using bochs. For details, see html "> explain.
2) Bochs debugging command:
In view of the topic of this article, we will only briefly introduce some of the most commonly used bochs Debugging commands. This is enough for getting started. For more information, refer to the relevant instructions of bochs. There is also a lot of information about bochs Debugging commands on the Internet. The following describes only the commands used in this example;
Run the c command to run the program, which is equivalent to the g of windbg and the F9 of OD.
The command s is step, and the program is executed in one step.
Command p: One-step execution, step through Function
Run q to exit bochs and shut down the VM.
Run the breakpoint command under command B. In this example, B 0x7c00
Command blist to display the breakpoint status
Command watch displays all read/write breakpoints currently
Command r: display the register value
Command u disassembly code to set the start and end positions
The command info displays relevant information based on different parameters.
3) start to debug MBR
Copy the MBR program written in step 1 to the bochs debugger folder and change it to. img, double-click to run. bat starts debugging. If you see the following interface, it indicates that everything works normally and you can start debugging;


The specific debugging code is as follows:

F: ochs> set BXSHARE = F: ochs

F: ochs> F: ochsochsdbg.exe-q-f win2k. bxrc
201710000000i [APIC0] local apic 0 initializing
========================================================== ======================================
Bochs x86 Emulator 2.4
Build from CVS snapshot on May 3, 2009
======================================