qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 00/43] Windbg supporting

From: Ladi Prosek
Subject: Re: [Qemu-devel] [PATCH v2 00/43] Windbg supporting
Date: Mon, 6 Nov 2017 16:15:47 +0100 
On Mon, Oct 23, 2017 at 10:31 AM, Ladi Prosek <address@hidden> wrote:
> On Tue, Oct 17, 2017 at 3:08 PM, Mihail Abakumov
> <address@hidden> wrote:
>> An update of:
>>
>>         v1: 
>> https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg07092.html
>>
>> We made the debugger module WinDbg (like GDB) for QEMU. This is the 
>> replacement of the remote stub in Windows kernel. Used for remote Windows 
>> kernel debugging without debugging mode.
>>
>> WinDbg is a multipurpose debugger for the Microsoft Windows computer 
>> operating system, distributed by Microsoft. Recent versions of WinDbg have 
>> been and are being distributed as part of the free Debugging Tools for 
>> Windows suite.
>>
>> How to start debugging QEMU using WinDbg:
>>   Run QEMU with next option:
>>     -windbg pipe:<name>
>>   QEMU will start and pause for waiting WinDbg connection.
>>   Run WinDbg with next options:
>>     -b -k com:pipe,baud=115200,port=\\.\pipe\<name>,resets=0
>>   Wait for debugger connect to kernel.
>>
>> Note: You can add Symbol Search Path in WinDbg such as 
>> srv*c:\tmp*http://msdl.microsoft.com/download/symbols.
>>
>> How it works:
>> The WinDbg debugger has the possibility of connecting to a remote debug 
>> service (Kdsrv.exe) in the Windows kernel. Therefore, it is possible to 
>> connect to the guest system running in the QEMU emulator. Kernel debugging 
>> is possible only with the enabled debugging mode, may change at the same 
>> time. Our module of WinDbg debugger for QEMU is an alternative of the remote 
>> debugging service in the kernel. Thus, the debugger connects to the 
>> debugging module, not to the kernel of the operating system. The module 
>> obtains all the necessary information answering debugger requests from the 
>> QEMU emulator. At the same time for debugging there is no need to enable 
>> debugging mode in the kernel. This leads to hidden debugging. Our module 
>> supports all features of WinDbg regarding remote debugging, besides 
>> interception of events and exceptions. Only i386 is supported now.
>>
>> Changed in v2:
>>
>>  - Move target specific code in the 'target/' directory. (Alistair Francis)
>>  - Change 'kd_api_fill_memory'. Made a fill of memory by line segments. 
>> Before that, a full array was immediately collected and written in RAM. 
>> (Ladi Prosek)
>>  - Change 'kd_api_search_memory'. Made a search for memory by line segments. 
>> (Ladi Prosek)
>>  - Change ld* to st* where it needs. (Ladi Prosek)
>>  - Add a additional check of input arguments in 'windbg_read_context' and 
>> 'windbg_read_ks_regs'. (Ladi Prosek)
>>  - Fix typos. (Ladi Prosek)
>>  - Add a fliping back 'windbg_state->is_loaded' after reset VM.
>>  - Add a check to disabled kvm. It is supported yet. (Ladi Prosek)
>>  - Add a check to device in windbg option. Only pipe is supporting now. 
>> (Alistair Francis)
>>  - Add a check to 'ifdef' WINDBG_DEBUG_ON before define it. (Alistair 
>> Francis)
>>  - Replace printf to qemu_log. (Alistair Francis)
>>  - Fix build on s390x host. (patchew)
>>  - Fix code style error. (patchew)
>
> Thank you, I am planning to take a closer look and test the changes in
> a week or two.
>
> Still wondering if it is limited to Windows hosts or if it can be used
> on Linux as well, preferably with KVM.

I haven't been able to make this work.

I've built a 32-bit QEMU for Windows with these patches and used the
command line parameters given above:

  qemu-system-i386.exe run with -windbg pipe:win7_dbg
  windbg -b -k com:pipe,baud=115200,port=\\.\pipe\win7_dbg,resets=0

The guest is a fresh install of Win7 32-bit.

FS base passes all the checks in windbg_on_load() as the guest kernel
loads and it returns true. QEMU then sends some data over the pipe.
Windbg doesn't print anything, it's still showing:

  Opened \\.\pipe\win7_dbg
  Waiting to reconnect...

Is this expected? In regular remote kernel debugging, windbg produces
a bunch of output about the target state when it attaches.

The only thing I can reasonably do at this point is Ctrl+Break. This
results in some data exchange between QEMU and windbg but nothing
really changes -- windbg still says "Waiting to reconnect...". Hitting
Ctrl+Break for the second time kills windbg. I tried running windbg
under windbg and was able to capture this output:

  Debug target initialization failed, 0x8000FFFF

Once I managed to make windbg actually attach (i.e. it generated the
target state output) but the QEMU process died shortly after that. I
don't know why because I haven't been able to reproduce it.

So, what am I doing wrong? Can you post your detailed steps please?

I'm pasting a dump of the pipe traffic as captured with IO Ninja. "<"
is windbg to QEMU, ">" is QEMU to windbg. QEMU initialized the stub at
14:57:48, the first Ctrl+Break was issued at 15:00:32 and the second
one at 15:01:10.

14:56:44   File #1: Client file opened: \win7_dbg
14:56:49 < 0000  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:56:53 < 0010  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:56:56 < 0020  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:00 < 0030  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:03 < 0040  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:07 < 0050  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:11 < 0060  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:14 < 0070  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:18 < 0080  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:22 < 0090  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:26 < 00a0  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:29 < 00b0  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:33 < 00c0  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:37 < 00d0  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:40 < 00e0  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:44 < 00f0  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:48 < 0100  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00
14:57:48 < 0110  69 69 69 69 06 00 00 00 00 00 00 00 00 00 00 00

14:57:48 > 0000  30 30 30 30 07 00 f0 00 00 00 80 80 a9 0f 00 00
14:57:48 > 0010  31 30 00 00 00 00 00 00 01 00 00 00 00 00 00 00
14:57:48 > 0020  80 03 75 82 00 00 00 00 6c 2e 88 82 00 00 00 00
14:57:48 > 0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 0040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 0080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 0090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 00a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 00b0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 00c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
14:57:48 > 00d0  f0 0f ff ff 00 04 00 00 10 00 03 00 c3 90 90 90
14:57:48 > 00e0  90 90 8b ff 53 56 8b f0 57 8d 46 08 08 00 23 00
14:57:48 > 00f0  23 00 30 00 02 02 20 00 00 00 00 00 00 00 00 00
14:57:48 > 0100  aa 69 69 69 69 06 00 00 00 9b 35 18 00 00 00 00
         > 0110  00

15:00:32 < 0000  62

15:00:34 > 0000  30 30 30 30 07 00 f4 00 01 00 80 80 6d 10 00 00
         > 0010  30 30 00 00 00 00 00 00 01 00 00 00 00 00 00 00
         > 0020  98 c7 69 85 00 00 00 00 56 68 11 8c 00 00 00 00
         > 0030  03 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00
         > 0040  56 68 11 8c 00 00 00 00 00 00 00 00 00 00 00 00
         > 0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 0080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 0090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 00a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 00b0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 00c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 00d0  f0 0f ff ff 00 04 00 00 10 00 03 00 22 45 0c 3a
         > 00e0  45 10 74 38 ff d3 2b 7d f8 1b 75 fc 08 00 23 00
         > 00f0  23 00 30 00 46 02 00 00 00 00 00 00 00 00 00 00
15:00:34 > 0100  00 00 00 00 aa

15:01:10 < 0000  69 69 69 69 04 00 00 00 01 00 80 80 00 00 00 00
         < 0010  62

15:01:10 > 0000  30 30 30 30 07 00 f4 00 00 00 80 80 6d 10 00 00
         > 0010  30 30 00 00 00 00 00 00 01 00 00 00 00 00 00 00
         > 0020  98 c7 69 85 00 00 00 00 56 68 11 8c 00 00 00 00
         > 0030  03 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00
         > 0040  56 68 11 8c 00 00 00 00 00 00 00 00 00 00 00 00
         > 0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 0080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 0090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 00a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 00b0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 00c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         > 00d0  f0 0f ff ff 00 04 00 00 10 00 03 00 22 45 0c 3a
         > 00e0  45 10 74 38 ff d3 2b 7d f8 1b 75 fc 08 00 23 00
         > 00f0  23 00 30 00 46 02 00 00 00 00 00 00 00 00 00 00
15:01:10 > 0100  00 00 00 00 aa

15:01:10 < 0000  69 69 69 69 04 00 00 00 00 00 80 80 00 00 00 00
15:01:10 < 0010  30 30 30 30 02 00 38 00 00 00 80 80 62 10 00 00
         < 0020  46 31 00 00 b1 00 c7 6a 03 01 00 00 a8 fa d9 08
         < 0030  00 00 00 00 01 fb d9 08 7f 43 c9 6a 78 26 ba 6a
         < 0040  07 00 00 00 01 00 00 00 18 14 f0 04 68 cd b6 6a
15:01:10 < 0050  98 44 c9 6a 0c 1e 38 00 aa

15:01:10 > 0000  69 69 69 69 04 00 00 00 00 00 80 80 00 00 00 00
15:01:10 > 0010  30 30 30 30 02 00 38 00 01 00 80 80 39 18 00 00
         > 0020  46 31 00 00 b1 00 c7 6a 00 00 00 00 a8 fa d9 08
         > 0030  0f 00 b1 1d 06 00 03 00 4c 01 0c 03 2f 00 00 00
         > 0040  00 b0 61 82 ff ff ff ff 50 58 76 82 ff ff ff ff
15:01:10 > 0050  ec bf 98 82 ff ff ff ff aa

15:01:10 < 0000  69 69 69 69 04 00 00 00 01 00 80 80 00 00 00 00
15:01:10 < 0010  30 30 30 30 02 00 38 00 01 00 80 80 c2 10 00 00
         < 0020  30 31 00 00 20 00 00 00 d8 01 93 04 00 00 93 04
         < 0030  ec bf 98 82 ff ff ff ff 04 00 00 00 7a 3d d0 1c
         < 0040  08 fa d9 08 40 dd 10 77 38 00 00 00 00 00 00 00
15:01:10 < 0050  90 5c 7f 70 38 00 00 00 aa

15:01:10 > 0000  69 69 69 69 04 00 00 00 01 00 80 80 00 00 00 00
15:01:10 > 0010  30 30 30 30 02 00 38 00 00 00 80 80 70 0e 00 00
         > 0020  30 31 00 00 20 00 00 00 01 00 00 c0 00 00 93 04
         > 0030  ec bf 98 82 ff ff ff ff 04 00 00 00 00 00 00 00
         > 0040  08 fa d9 08 40 dd 10 77 38 00 00 00 00 00 00 00
15:01:10 > 0050  90 5c 7f 70 38 00 00 00 aa

15:01:10 < 0000  69 69 69 69 04 00 00 00 00 00 80 80 00 00 00 00
15:01:11   File closed
reply via email to
[Prev in Thread] Current Thread [Next in Thread]