Want to Join Us ?

you'll be able to discuss, share and send private messages.

Release Many debuggers for ida remote GDB with Qemu

Discussion in 'Debuggers' started by storm shadow, Feb 9, 2013.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    this was hell to find out so hope you can use it.

    first you need the qemu package from

    http://homepage3.nifty.com/takeda-toshiya/qemu/


    these debuggers , are the settings down below , is for.


    ARM_versatilepb
    ARM Versatile/PB
    ARM Integrator/CP
    ARM Linux kernel
    MIPS Malta Core LV (for snippets)
    Linux mipsel (full Linux system)
    PowerPC 405e (for snippets)
    PPC (full Linux system)



    Edit the gadb_arch.cfg in ida cfg folder and set the path so it match yours.
    set QEMUFLAGS if you are using older version.
    Code (Text):
    ; configurations for "run external program" option
     
    .default ARM_versatilepb
     
    ; set various common parameters
    set QEMUPATH  %ProgramFiles%\QEMU
    set QEMUFLAGS  -S -gdb tcp::%p,ipv4
    ; use the following line for QEMU <= 0.10
    ; set QEMUFLAGS  -S -s -p %p
     
    .ARM_versatilepb
    name      QEMU: ARM Versatile/PB
    cpu        arm
    area      DATA RAM    0x00000000:0x08000000
    area      IO  SYSREGS 0x10000000:0x10200000
    initial_sp 0x08000000
     
    ; %i - input file from "Process Options" dialog
    ; %e - temporary ELF file created from database contents
    ; %p - port number
     
    cmdline    "$(QEMUPATH)/qemu-system-arm" $(QEMUFLAGS) -kernel "%e" -M versatilepb -cpu cortex-a8
     
    .ARM_integratorcp
    name QEMU: ARM Integrator/CP
    cpu  arm
    area DATA RAM    0x00000000:0x08000000
    area IO  SYSREGS 0x10000000:0x20000000
    area DATA RAM    0x80000000:0xc0000000
    initial_sp 0x08000000
    cmdline "$(QEMUPATH)/qemu-system-arm" $(QEMUFLAGS) -kernel "%e" -M integratorcp -cpu cortex-a8
     
    .ARM_Linux
    name QEMU: ARM Linux kernel
    cpu  arm
    area DATA RAM    0x00000000:0x08000000
    area IO  SYSREGS 0x10000000:0x20000000
    area DATA RAM    0x80000000:0xc0000000
    initial_sp 0x08000000
    cmdline "$(QEMUPATH)/qemu-system-arm" $(QEMUFLAGS) -kernel "%i" -initrd arm_root.img -cpu cortex-a8
     
    .mipsel_Malta
    name QEMU: MIPS Malta Core LV (for snippets)
    cpu  mips
    area DATA RAM    0x00000000:0x08000000
    area IO  ISABASE 0x10000000:0x14000000
    area IO  ISAIO  0x14000000:0x14010000
    area DATA RAM    0x1fbf0000:0x1fc00000
    area DATA BIOS    0x1fc00000:0x20000000
    area DATA kseg0  0x80000000:0xA0000000
    area IO  kseg1  0xA0000000:0xC0000000
    ;area DATA kseg2  0xC0000000:0xFFFFFFFE
    initial_sp 0x08000000
    cmdline "$(QEMUPATH)/qemu-system-mipsel" $(QEMUFLAGS) -S -gdb tcp::%p,ipv4 -cpu 4Km -kernel "%e"
     
    .mipsel_Linux
    name QEMU: Linux mipsel (full Linux system)
    cpu  mips
    area DATA RAM    0x00000000:0x08000000
    area IO  ISABASE 0x10000000:0x14000000
    area IO  ISAIO  0x14000000:0x14010000
    area DATA RAM    0x1fbf0000:0x1fc00000
    area DATA BIOS    0x1fc00000:0x20000000
    area DATA kseg0  0x80000000:0xA0000000
    area IO  kseg1  0xA0000000:0xC0000000
    area DATA kseg2  0xC0000000:0xFFFFFFFE
    initial_sp 0x08000000
    cmdline "$(QEMUPATH)/qemu-system-mipsel" $(QEMUFLAGS) -L . -M mips -kernel "%i" -initrd initrd.gz -hda hda.img -append "root=/dev/ram console=ttyS0"
     
    .ppc_405e
    name QEMU: PowerPC 405e (for snippets)
    cpu  ppc
    area DATA RAM    0x00000000:0x08000000
    area IO  ISABASE 0x80000000:0x81000000
    area IO  ISAIO  0xfe000000:0xfe200000
    area IO  PCIIO  0xfec00000:0xfff00000
    area DATA PROM    0xfff00000:0xFFFFFFFE
    initial_sp 0x08000000
    cmdline "$(QEMUPATH)/qemu-system-ppc" $(QEMUFLAGS) -kernel "%e"
     
    .ppc_Linux
    name QEMU: Linux PPC (full Linux system)
    cpu  ppc
    area DATA RAM    0x00000000:0x08000000
    area IO  ISABASE 0x80000000:0x81000000
    area IO  ISAIO  0xfe000000:0xfe200000
    area IO  PCIIO  0xfec00000:0xfff00000
    area DATA PROM    0xfff00000:0xFFFFFFFE
    initial_sp 0x08000000
    cmdline "$(QEMUPATH)/qemu-system-ppc" $(QEMUFLAGS) -L . -hdc debian_lenny_powerpc_small.qcow
     
    small tut

    1) load ida

    2) load ELF mips file.

    3) under options >>>> debugger options, there is an field called set specific options , press that.

    [​IMG]

    the settings pops up we configured the gdb_arch.cfg.

    choose wich you want.

    4) go to options >>>> Proccesser option .

    set the host to localhost and port 1234.

    start debugging.



    Code (Text):
    qemu-system-ppc64.exe" -gdb tcp::%p,ipv4 "%e
    have tried these settings for debugging PPC executable. still little buggy.
    So cant set breakpoint in memory and run.
    Works for code execution though.
     
    roocoon and Rip Cord like this.
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    roocoon and Rip Cord like this.
Top