Debug-Qemu

Debug bootloader and OS kernel via qemu and gdb

Prepare boot disk

Create an empty disk image

$ qemu-img create imagefile.img 4M

Create an empty floppy disk with FAT format and file system

$ mkfs.msdos -C /path/imagefile.img 1440

Boot sector

$ dd if=ipl.bin of=floppy.img bs=512 count=1 conv=notrunc
# conv=notrunc must be included in order to preserve the rest space

The system itself

# with file system
$ sudo mkdir /media/floppy1/
$ sudo mount -o loop f.img /media/floppy1/
$ sudo cp system.sys /media/floopy1/
$ sudo umount /media/floppy1/

# raw disk
$ dd if=system.sys of=imagefile.img bs=1 count=[size of system.sys] seek=[offset on disk] conv=notrunc
# you can place system.sys code anywhere you like on the disk, except the first sector
# so seek should larger than or equals to 512
# remember to jmp to the right address in memory at the end of your boot sector

Start Qemu

$ qemu-system-x86_64 -fda imagefile.img -s -S
# '-s' option makes qemu listen on port tcp::1234
# '-S' option makes Qemu stop execution until you give the continue command

Connect to gdb

$ gdb
(gdb) target remote localhost:1234
(gdb) b *0x7c00
(gdb) c
(gdb) si
...

Other tips

How to view the codes ?

For now, I just view the raw instructions out of gdb, maybe I will load some gdb scripts later example

$ nasm ipl.s -o ipl.bin -l ipl.lst
$ less ipl.lst

GDB memory dump

This is useful when you want to search for some bytes in the whole memory

(gdb) dump memory /path/to/file.dump [start] [end]
(gdb) dump memory ~/Desktop/mem.dump 0x80000 0xc4000

GDB disassemble code in memory out of a function

(gdb) x /i 0xaddress

• gdb will disassemble using the ISA in tune with the architecture, you can set the architecture before connect to the target via set arch [cpu]
• Beware that the disassembled instructions may not be very accurate

Viewing source code in gdb

source level debug in qemu