Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Debugging with gdbserver and qemu, how to set watchpoint on a control register, cr3

Tags:

qemu

breakpoints

kernel

gdb

watchpoint

I'm debugging a kernel and i want to know when the cr3 register is changed. I know how to set a watchpoint on a general purpose register like eax and others.

The problem is, since gdb does not have access to control registers, setting a watchpoint on cr3 does not work.

So, is it possible to set a watchpoint from the qemu monitor? If yes, how?

like image 585
Mahouk Avatar asked Jul 30 '15 08:07

Mahouk

People also ask

How to attach GDB to QEMU?

To enable connection to the GDB server, you need to pass in a parameter to QEMU that specify the hostname and port it should listen on. Makes QEMU's GDB server listen on host hostname on port port. Generally the hostname is "localhost" and the port can be anything, as long as you can connect to it.

How do I add a watchpoint in GDB?

Set a watchpoint that will break when watch expr is read by the program. Set a watchpoint that will break when expr is either read or written into by the program. This command prints a list of watchpoints, breakpoints, and catchpoints; it is the same as info break . GDB sets a hardware watchpoint if possible.

How do I debug QEMU?

Setup a debugger connection to a Windows Image on QEMUDownload and install QEMU on Windows. Configure a target QEMU Virtual Windows Image to launch with the required network and BIOS/UEFI settings for debugging. Start the QEMU environment, using the configured launch script. Start the gdbserver on QEMU.

What is hardware watchpoint?

Hardware watchpoints - allow execution to halt when a read or write access is made to a data variable address. Count Event - can be used to measure clock cycles between two points in the code. Data Access Count - can be used to determine the number of times a data variable address has been accessed.

1 Answers

Sorry, there's no way to do this from the QEMU monitor. (If you look at target-i386/helper.c:cpu_x86_update_cr3() in the QEMU sources you'll see that it doesn't do anything that would notify anybody about CR3 updates, it just puts the new value into the internal CPU state structure.)

The best you can do for this sort of thing is to run with two debuggers (one connected to QEMU's gdbstub to talk to the guest, and one directly debugging QEMU itself). Then you can put a breakpoint on cpu_x86_update_cr3() in QEMU and see what's going on then. You need to know a fair amount about QEMU's internals to be able to do this effectively, though...

like image 60
Peter Maydell Avatar answered Oct 10 '22 11:10

Peter Maydell
Sign in to Comment

Related questions

How to send arbitary bytes to STDIN of a program in gdb?
Why gdb is not working for this simple hello world program?
gdb reverse debugging avx2
Could not run debugger for fortran. Visual Studio Code
How to understand address for array of pointers?
Emacs 23.1.1 with gdb - forcing source windows
Details on gdb memory access complaint
Emacs gdb - display arrow when debugging assembly
Cleaner, prettier stack traces in GDB for C++ template (mostly boost)-heavy code
Program terminates early with valgrind memcheck
Understanding some C++ coding practice [closed]
Debugging with GDB Cannot Lookup D Program symbols
"not stripped" but "no debug symbols"
How to debug a raw binary with gdb
Are using a debugger and heavy usage of C++ templates incompatible in the long run?
Understanding Stack Frames in C
GDB crashes at start (internal error: follow_die_offset)
Can GDB correctly parse C-style hexadecimal floating-point numbers?
Weird behaviour of GDB
Set a breakpoint into LibC with gdb

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!