Syslinux - Sep 2005 - bochs or qemu & gdb

HPA,

now that syslinux release madness has calmed down,
could you provide some info on how we syslinux-minions/wannabes
can use bochs and/or qemu to run (sys|pxe|iso|ext)linux
in an emulated environment thats more conducive to
debugging, single-stepping, and ultimately understanding
how the magic happens ?

tia
jimc

Jim Cromie wrote:
> 
> HPA,
> 
> now that syslinux release madness has calmed down,
> could you provide some info on how we syslinux-minions/wannabes
> can use bochs and/or qemu to run (sys|pxe|iso|ext)linux
> in an emulated environment thats more conducive to
> debugging, single-stepping, and ultimately understanding
> how the magic happens ?
> 
Alright... let's start with the basics.

I tend to use Bochs for this; Qemu is "better" in many ways, but I
find
Bochs to be easier to rebuild as needed and I've gotten used to it by 
now.  There is also AMD's SimNow! available now.

The first step is to build Bochs with the x86 debugger enabled.  Last 
time I built it, I used the following options:

./configure --enable-x86-64 --enable-port-e9-hack --enable-readline 
--enable-x86-debugger

Once you have that, you will need to set up a disk image, in the same 
way you would for MEMDISK; this is for SYSLINUX or EXTLINUX testing.  To 
test ISOLINUX, you need a .iso which you build in the usual way (with 
mkisofs).  Bochs contains a configuration editor which I've found often 
to work poorly; in general I find the need to go in and edit the 
configuration file manually.

I haven't yet found a way to test PXELINUX in simulation (back when I 
worked for Transmeta I had access to in-circuit emulation, though.) 
It's probably possible now when Etherboot does PXE since most emulators 
have some sort of network card emulation, usually NE2000/RTL8029.

Once the emulator starts, you want to intercept the actual boot.  The 
easy way to do that is to set breakpoint at 0x7c00 ("lb 0x7c00") and
run
("c").  That will land you at the first instruction of the bootloader.

At that point, your best friend ends up being the list file and the map 
file.  Note that the list file shows the addresses from the beginning of 
the text segment, so if the list file says a particular subroutine is at 
address 0x1234 the real eip at that point is 0x1234+0x7c00 = 0x8e34.

In addition to tracing through the program, use the "x" command to 
examine data structures in memory, and keep track of the stack pointer. 
  In assembly a common source of error is forgetting where your stack 
pointer is.

	-hpa