今天早上正式开始做实验五,地址映射与共享。实验五共分为三个部分,今天早上做的是它的第一部分,就是在命令行下,用bochs提供的汇编级调试器对linux内核进行调试,实验里调试的是一个简单的程序:
#include <stdio.h>
int i = 0x12345678;
int main(void)
{
printf("The logical/virtual address of i is 0x%08x", &i);
fflush(stdout);
while (i)
;
return 0;
}
我 们在这里要做的事情是手动找到一个变量的值,然后在程序运行期间当场修改它,使程序的结果发生变化。正常个变量i是一个非零值0x12345678,程序 会在while(i);位置处不停的循环永不停止。当程序运行到while(i);的时候我们把他打断,然后讲i修改为0x00000000,这样 while(i);就会停止循环,然后程序得以终止推出。
这是前两天熟悉汇编级调试做的训练,就是把重要的命令试了一下:
snakehunt2012@Linux:~$ cd oslab/
snakehunt2012@Linux:~/oslab$ ls
a bochsout.txt d e hdc log run
b c dbg-asm gdb hdc-0.11.img mount-hdc rungdb
bochs cscope.out dbg-c gdb-cmd.txt linux-0.11 pc.c
snakehunt2012@Linux:~/oslab$ sudo ./dbg-asm
[sudo] password for snakehunt2012:
========================================================================
Bochs x86 Emulator 2.3.7
Build from CVS snapshot, on June 3, 2008
========================================================================
00000000000i[ ] reading configuration from ./bochs/bochsrc.bxrc
00000000000i[ ] installing x module as the Bochs GUI
00000000000i[ ] using log file ./bochsout.txt
Next at t=0
(0) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b ; ea5be000f0
<bochs:1> break 0x7c00
<bochs:2> continue
(0) Breakpoint 1, 0x00007c00 in ?? ()
Next at t=4967696
(0) [0x00007c00] 0000:7c00 (unk. ctxt): mov ax, 0x07c0 ; b8c007
<bochs:3> help
h|help - show list of debugger commands
h|help command - show short command description
-*- Debugger control -*-
help, q|quit|exit, set, instrument, show, trace, trace-reg,
trace-mem, record, playback, ldsym, slist
-*- Execution control -*-
c|cont|continue, s|step|stepi, p|n|next, modebp
-*- Breakpoint management -*-
vb|vbreak, lb|lbreak, pb|pbreak|b|break, sb, sba, blist,
bpe, bpd, d|del|delete
-*- CPU and memory contents -*-
x, xp, u|disasm|disassemble, setpmem, crc,
r|reg|regs|registers, fp|fpu, mmx, sse, sreg, creg, info,
page, set, ptime, print-stack, watch, unwatch, ?|calc
-*- Working with bochs param tree -*-
show "param", restore
<bochs:4> info break
Num Type Disp Enb Address
1 pbreakpoint keep y 0x00007c00
<bochs:5> info tab
paging off
<bochs:6> print-stack
Stack address size 2
| STACK 0xffdc [0x86a0001]
| STACK 0xffde [0x86a0000]
| STACK 0xffe0 [0x86a0000]
| STACK 0xffe2 [0x86a0000]
| STACK 0xffe4 [0x86a0000]
| STACK 0xffe6 [0x86a0000]
| STACK 0xffe8 [0x86a0000]
| STACK 0xffea [0x86a0000]
| STACK 0xffec [0x86a0000]
| STACK 0xffee [0x86a7c00]
| STACK 0xfff0 [0x86a0000]
| STACK 0xfff2 [0x86a0040]
| STACK 0xfff4 [0x86a0000]
| STACK 0xfff6 [0x86a9fc0]
| STACK 0xfff8 [0x86afff6]
| STACK 0xfffa [0x86aa3f9]
<bochs:7> sreg
cs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ds:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ss:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=7
es:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
fs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
gs:s=0x0000, dl=0x0000ffff, dh=0x00009300, valid=1
ldtr:s=0x0000, dl=0x0000ffff, dh=0x00008200, valid=1
tr:s=0x0000, dl=0x0000ffff, dh=0x00008b00, valid=1
gdtr:base=0x000faeb2, limit=0x30
idtr:base=0x00000000, limit=0x3ff
<bochs:8> creg
CR0=0x60000010: pg CD NW ac wp ne ET ts em mp pe
CR2=page fault laddr=0x00000000
CR3=0x00000000
PCD=page-level cache disable=0
PWT=page-level writes transparent=0
CR4=0x00000000: osxmmexcpt osfxsr pce pge mce pae pse de tsd pvi vme
<bochs:9> regs
eax: 0x0000aa55 43605
ecx: 0x00000000 0
edx: 0x00000000 0
ebx: 0x00000000 0
esp: 0x0000ffdc 65500
ebp: 0x00000000 0
esi: 0xffff0000 -65536
edi: 0x0008fdba 589242
eip: 0x00007c00
eflags 0x00000082
id vip vif ac vm rf nt IOPL=0 of df if tf SF zf af pf cf
<bochs:10> u /10
00007c00: ( ): mov ax, 0x07c0 ; b8c007
00007c03: ( ): mov ds, ax ; 8ed8
00007c05: ( ): mov ax, 0x9000 ; b80090
00007c08: ( ): mov es, ax ; 8ec0
00007c0a: ( ): mov cx, 0x0100 ; b90001
00007c0d: ( ): sub si, si ; 29f6
00007c0f: ( ): sub di, di ; 29ff
00007c11: ( ): rep movsw word ptr es:[di], word ptr ds:[si] ; f3a5
00007c13: ( ): jmp far 9000:0018 ; ea18000090
00007c18: ( ): mov ax, cs ; 8cc8
<bochs:11>
这是真正的实验的完整过程:
root@Linux:/home/snakehunt2012/oslab# ./dbg-asm
========================================================================
Bochs x86 Emulator 2.3.7
Build from CVS snapshot, on June 3, 2008
========================================================================
00000000000i[ ] reading configuration from ./bochs/bochsrc.bxrc
00000000000i[ ] installing x module as the Bochs GUI
00000000000i[ ] using log file ./bochsout.txt
Next at t=0
(0) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b ; ea5be000f0
<bochs:1> c
^CNext at t=92650498
(0) [0x00fcb063] 000f:00000063 (unk. ctxt): cmp dword ptr ds:0x3004, 0x00000000 ; 833d0430000000
<bochs:2> u /8
10000063: ( ): cmp dword ptr ds:0x3004, 0x00000000 ; 833d0430000000
1000006a: ( ): jz .+0x00000004 ; 7404
1000006c: ( ): jmp .+0xfffffff5 ; ebf5
1000006e: ( ): add byte ptr ds:[eax], al ; 0000
10000070: ( ): xor eax, eax ; 31c0
10000072: ( ): jmp .+0x00000000 ; eb00
10000074: ( ): leave ; c9
10000075: ( ): ret ; c3
<bochs:3> sreg
cs:s=0x000f, dl=0x00000002, dh=0x10c0fa00, valid=1
ds:s=0x0017, dl=0x00003fff, dh=0x10c0f300, valid=3
ss:s=0x0017, dl=0x00003fff, dh=0x10c0f300, valid=1
es:s=0x0017, dl=0x00003fff, dh=0x10c0f300, valid=1
fs:s=0x0017, dl=0x00003fff, dh=0x10c0f300, valid=1
gs:s=0x0017, dl=0x00003fff, dh=0x10c0f300, valid=1
ldtr:s=0x0068, dl=0xc2d00068, dh=0x000082f9, valid=1
tr:s=0x0060, dl=0xc2e80068, dh=0x00008bf9, valid=1
gdtr:base=0x00005cb8, limit=0x7ff
idtr:base=0x000054b8, limit=0x7ff
<bochs:4> xp /32w 0x00005cb8
[bochs]:
0x00005cb8 <bogus+ 0>: 0x00000000 0x00000000 0x00000fff 0x00c09a00
0x00005cc8 <bogus+ 16>: 0x00000fff 0x00c09300 0x00000000 0x00000000
0x00005cd8 <bogus+ 32>: 0xa4480068 0x00008901 0xa4300068 0x00008201
0x00005ce8 <bogus+ 48>: 0xf2e80068 0x000089ff 0xf2d00068 0x000082ff
0x00005cf8 <bogus+ 64>: 0xd2e80068 0x000089ff 0xd2d00068 0x000082ff
0x00005d08 <bogus+ 80>: 0x02e80068 0x000089fc 0x02d00068 0x000082fc
0x00005d18 <bogus+ 96>: 0xc2e80068 0x00008bf9 0xc2d00068 0x000082f9
0x00005d28 <bogus+ 112>: 0x00000000 0x00000000 0x00000000 0x00000000
<bochs:5> xp /8w 0x00f9c2d0
[bochs]:
0x00f9c2d0 <bogus+ 0>: 0x00000000 0x00000000 0x00000002 0x10c0fa00
0x00f9c2e0 <bogus+ 16>: 0x00003fff 0x10c0f300 0x00000000 0x00f9d000
<bochs:6> calc ds:0x3004
0x10003004 268447748
<bochs:7> creg
CR0=0x8000001b: PG cd nw ac wp ne ET TS em MP PE
CR2=page fault laddr=0x10002fac
CR3=0x00000000
PCD=page-level cache disable=0
PWT=page-level writes transparent=0
CR4=0x00000000: osxmmexcpt osfxsr pce pge mce pae pse de tsd pvi vme
<bochs:8> xp /68w 0
[bochs]:
0x00000000 <bogus+ 0>: 0x00001027 0x00002007 0x00003007 0x00004027
0x00000010 <bogus+ 16>: 0x00000000 0x00024df8 0x00000000 0x00000000
0x00000020 <bogus+ 32>: 0x00000000 0x00000000 0x00000000 0x00000000
0x00000030 <bogus+ 48>: 0x00000000 0x00000000 0x00000000 0x00000000
0x00000040 <bogus+ 64>: 0x00ffe027 0x00000000 0x00000000 0x00000000
0x00000050 <bogus+ 80>: 0x00000000 0x00000000 0x00000000 0x00000000
0x00000060 <bogus+ 96>: 0x00000000 0x00000000 0x00000000 0x00000000
0x00000070 <bogus+ 112>: 0x00000000 0x00000000 0x00000000 0x00000000
0x00000080 <bogus+ 128>: 0x00ff6027 0x00000000 0x00000000 0x00000000
0x00000090 <bogus+ 144>: 0x00000000 0x00000000 0x00000000 0x00000000
0x000000a0 <bogus+ 160>: 0x00000000 0x00000000 0x00000000 0x00000000
0x000000b0 <bogus+ 176>: 0x00000000 0x00000000 0x00000000 0x00ffa027
0x000000c0 <bogus+ 192>: 0x00fbd027 0x00000000 0x00000000 0x00000000
0x000000d0 <bogus+ 208>: 0x00000000 0x00000000 0x00000000 0x00000000
0x000000e0 <bogus+ 224>: 0x00000000 0x00000000 0x00000000 0x00000000
0x000000f0 <bogus+ 240>: 0x00000000 0x00000000 0x00000000 0x00fbf027
0x00000100 <bogus+ 256>: 0x00fa9027 0x00000000 0x00000000 0x00000000
<bochs:9> xp /w 0+64*4
[bochs]:
0x00000100 <bogus+ 0>: 0x00fa9027
<bochs:10> xp /w 0x00fa9000+3*4
[bochs]:
0x00fa900c <bogus+ 0>: 0x00fa6067
<bochs:11> xp /w 0x00fa6004
[bochs]:
0x00fa6004 <bogus+ 0>: 0x12345678
<bochs:12> setpmem 0x00fa6004 4 0
<bochs:13> c
最后的结果是这样子的:
可以看到程序正常推出:
浙公网安备 33010602011771号