ida_pro_tracing
====== Differences ====== This shows you the differences between two versions of the page.
|
ida_pro_tracing [2013/05/21 08:48] xvilka [Preparations] |
ida_pro_tracing [2013/05/21 20:39] (current) xvilka |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| 1. IDA Pro 6.0 and above | 1. IDA Pro 6.0 and above | ||
| - | 2. installed qemu-0.14 and above | + | |
| + | 2. installed qemu-1.4.0 and above | ||
| ==== Preparations ==== | ==== Preparations ==== | ||
| Line 10: | Line 11: | ||
| 2 Run relocate script | 2 Run relocate script | ||
| - | 3. Place bios.rom, vgacirrus-bios.bin (from qemu site), bios_name.idb, linux.img in the current folder | + | 3. Place bios.bin, vgacirrus-bios.bin (from qemu site), bios_name.idb, linux.img in the current folder |
| - | 4. Start qemu in debugging mode "qemu -s -S -L . -m 256 -hda linux.img | + | 4. Start qemu in debugging mode "qemu-system-i386 -s -S -L . -m 256 -hda linux.img |
| -localtime -M pc -nographic" | -localtime -M pc -nographic" | ||
| Line 33: | Line 34: | ||
| Then open debugger options dialog | Then open debugger options dialog | ||
| {{1.png}} | {{1.png}} | ||
| - | |||
| Check “Stop on debugging start” , enable logging of all events. check “Reconstruct the stack”, “Show debugger breakpoint instructions” | Check “Stop on debugging start” , enable logging of all events. check “Reconstruct the stack”, “Show debugger breakpoint instructions” | ||
| Line 56: | Line 56: | ||
| Here we can see an example of tracing WritePCI_SL function (SL means for me “StackLess”) | Here we can see an example of tracing WritePCI_SL function (SL means for me “StackLess”) | ||
| {{6.png}} | {{6.png}} | ||
| + | |||
| + | Usually i’m using database notepad for saving some PCI, PNP, IOports information about your BIOS platform (for example outputs of lscpi, dmesg, lsusb, dmidecode, etc...): | ||
| + | {{7.png}} | ||
| + | |||
| + | ==== Examples ==== | ||
| + | |||
| + | 1 Recognize pci_writes: | ||
| + | |||
| + | We already find WritePCI functions | ||
| + | {{8.png}} | ||
| + | then we need find values, which bios write ot the pci port: | ||
| + | |||
| + | so, let this piece of code run: | ||
| + | {{9.png}} | ||
| + | then go to the trace window and find value of eax in the out 0xCF8, eax line: | ||
| + | {{10.png}} | ||
| + | as we can see eax=0x80003B60. It is 00:07.3 device register BAR2 | ||
| + | Also. for example we want to know, all calls of WritePCI_SL function, and values which it write somewhere. This is very simple - just add breakpoint to this function: | ||
| + | {{11.png}} | ||
| + | all calls we can see in the function calls window: | ||
| + | {{12.png}} | ||
| + | As we can see, we need add meaningfull comments in the line, where we can see “jmp WritePCI_SL” , so we can see these comments in each line in the function calls window | ||
ida_pro_tracing.1369126095.txt.gz · Last modified: 2013/05/21 08:48 by xvilka
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
