OS-Devs working on hobby projects will probably all know about using GDB to debug their OS, by starting Qemu in the gdbserver mode. In this mode, Qemu halts execution at the beginning of its BIOS code and listens for a connection from a GDB client on port 1234. To those who don’t know of this, you can do this by starting Qemu with the -s and -S options. For example, I’d start it as
$ qemu-system-x86_64 -s -S os.iso
Well this is all cool, and GDB works well with this. (There’s a slight problem with debugging 64-bit kernels, a Remote ‘g’ packet reply is too long: error, which can be solved with a few cool hacks.) So what’s new?
Well, for one, radare2 can now be used as a GDB client for this use case. Consider this session,
where 0x101000
is the address of the entry point of the kernel (which a simple readelf
can tell
us).
$ r2 -e dbg.bpinmaps=false -d gdb://localhost:1234
= attach 6 6
[0x0000fff0]> db 0x101000
[0x0000fff0]> dc
Selecting and continuing: 0
= attach 0 0
got signal...
= attach 0 1
= attach 6 1
[0x0000cda4]> dc
= attach 0 0
got signal...
= attach 0 1
= attach 6 1
[0x00101000]> pd 6
;-- rip:
0x00101000 b fa cli
0x00101001 bc40001100 mov esp, 0x110040
0x00101006 53 push rbx
0x00101007 e835000000 call 0x101041
0x0010100c e838000000 call 0x101049
0x00101011 e847000000 call 0x10105d
[0x00101000]>
This is another reason I started working on r2’s GDB code, by the way. I’m working on my own little hobby kernel, and it would be awesome if I could use r2 to debug it. There are still a few kinks to be ironed out though. Analysis doesn’t work as expected (Looks like an issue with register sizes, from my initial digging around. And yeah, I’m working on it.) Also, there’s an issue with stepping at some points. This seems to be an assumption on the client’s part about instructions that the Qemu stub supports, (since the stub itself provides no information other than its supported PacketSize). If this initial diagnosis turns out to be correct, the solution could be to fall back to legacy commands if modern ones are not supported.