October 12, 2011 · 1:10 pm
Jump to Comments

Tip: Debugging the early boot process with qemu and gdb

Update: A much easier way is to use gdbserver.

Start qemu with the following parameters:

$ qemu-system-x86_64 -s -S -m 512 -hda winxp.img

And connect with gdb like this:

$ gdb
(gdb) target remote localhost:1234
(gdb) set architecture i8086
(gdb) break *0x7c00
(gdb) cont

This will breakpoint at 0x7c00, which is when the boot sector has been loaded into memory by the BIOS and control is passed to the boot sector.

You can use ordinary gdb commands to disassemble and debug the guest.

3 Comments

Filed under Uncategorized

Tagged as , , , ,

3 responses to “Tip: Debugging the early boot process with qemu and gdb

  1. Chris
    October 28, 2011 at 6:15 am

    Thanks for this. I was really struggling trying to figure out why i was always ending up at 0xfff0 instead of 0x7c00. The breakpoint did the trick. Interestingly, I had a ‘layout asm’ in there before the breakpoint and nothing at all seems to work in that mode.

    Reply

  2. Pingback: ForbiddenBITS CTF 2013 – Old 50 Write up | sysexit

  3. Pingback: Tip: Poor man’s qemu breakpoint | Richard WM Jones

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.