当前位置: 首页 > 工具软件 > shoelace > 使用案例 >

shoelace源代码分析,bochs调试过程 -- loadbuilt()函数

徐阳炎
2023-12-01
<bochs:12> s
Next at t=78037287
(0) [0x0006091d] 6000:091d (unk. ctxt): inc sp                    ; 44
<bochs:13> s
Next at t=78037288
(0) [0x0006091e] 6000:091e (unk. ctxt): lea bx, word ptr ss:[bp+0xfe62] ; 8d9e62fe
<bochs:14> s
Next at t=78037289
(0) [0x00060922] 6000:0922 (unk. ctxt): push bx                   ; 53
<bochs:15> s
Next at t=78037290
(0) [0x00060923] 6000:0923 (unk. ctxt): call 0xca7                ; e88103
<bochs:16> s
Next at t=78037291
(0) [0x00060ca7] 6000:0ca7 (unk. ctxt): push bp                   ; 55

<bochs:17>


所以我们可以在0x00060ca7下断点,直接到达loadbuilt()函数

也就是第八个断点!


第九个断点:0x60df4 对应函数loadimage()函数


<bochs:19> b 0x60df4
<bochs:20> c
(0) Breakpoint 4, 0x60df4 in ?? ()
Next at t=78037328
(0) [0x00060df4] 6000:0df4 (unk. ctxt): push bp                   ; 55
<bochs:21>


如果你直接在0x60df4 对应函数loadimage()函数,下断点,第一次是加载kernel

第二次是加载boot,我们这里是Image


第十个断点:


00060cd5: (                    ): mov ax, 0x600             ; b80006
00060cd8: (                    ): xor bx, bx                ; 31db
00060cda: (                    ): mov [ds:0x9f08], ax       ; a3089f
00060cdd: (                    ): mov word ptr [ds:0x9f0a], bx ; 891e0a9f
00060ce1: (                    ): mov al, 0x1               ; b001
00060ce3: (                    ): mov byte ptr [ds:0x9f0c], al ; a20c9f
00060ce6: (                    ): mov bx, 0xe7e             ; bb7e0e
00060ce9: (                    ): push bx                   ; 53
00060cea: (                    ): push word ptr ss:[bp+0x4] ; ff7604
00060ced: (                    ): call 0xdf4                ; e80401
00060cf0: (                    ): add sp, 0x4               ; 83c404
00060cf3: (                    ): pop si                    ; 5e
00060cf4: (                    ): pop di                    ; 5f
00060cf5: (                    ): pop bp                    ; 5d
00060cf6: (                    ): retn                      ; c3

0x60df4是函数:loadimage()函数,所以 0x60e7e为函数readkernel()函数,

[ds:0x9f08] = LoadPoint    0x69f08   4个字节   long

[ds:0x9f0c] = LoadStart    0x69f0c   一个字节  char

              filesize     0x6aedc

<bochs:30> x 0x6aedc
[bochs]:
0x0006aedc <bogus+       0>:    0x0001ea00
<bochs:31>



<bochs:25> x 0x69f08
[bochs]:
0x00069f08 <bogus+       0>:    0x00010a00
<bochs:26> c
(0) Breakpoint 3, 0x60e7e in ?? ()
Next at t=78068330
(0) [0x00060e7e] 6000:0e7e (unk. ctxt): push bp                   ; 55
<bochs:27> x 0x69f08
[bochs]:
0x00069f08 <bogus+       0>:    0x00010e00
<bochs:28>


可见每运行一次readkernel()函数,LoadPoint的值变增加1024,即一个逻辑块的大小。



<bochs:1> b 0x60e7e
<bochs:2> c
(0) Breakpoint 1, 0x60e7e in ?? ()
Next at t=78053092
(0) [0x00060e7e] 6000:0e7e (unk. ctxt): push bp                   ; 55
<bochs:3> x 0x69f08
[bochs]:
0x00069f08 <bogus+       0>:    0x00000600
<bochs:4> c
(0) Breakpoint 1, 0x60e7e in ?? ()
Next at t=78055605
(0) [0x00060e7e] 6000:0e7e (unk. ctxt): push bp                   ; 55
<bochs:5> x 0x69f08
[bochs]:
0x00069f08 <bogus+       0>:    0x00090400
<bochs:6> x /400 0x90000
[bochs]:
0x00090000 <bogus+       0>:    0x8e07c0b8      0x9000b8d8      0x00b9c08e      0x29f62901
0x00090010 <bogus+      16>:    0xeaa5f3ff      0x90000018      0xd88ec88c      0xd08ec08e
0x00090020 <bogus+      32>:    0xbaff00bc      0x02b90000      0x0200bb00      0xcd0204b8
0x00090030 <bogus+      48>:    0xba0a7313      0x00b80000      0xeb13cd00      0xb800b2e6
0x00090040 <bogus+      64>:    0x13cd0800      0x892e00b5      0xb8013d0e      0xc08e9000
0x00090050 <bogus+      80>:    0xff3003b4      0x18b910cd      0x0007bb00      0xb8013fbd
0x00090060 <bogus+      96>:    0x10cd1301      0x8e1000b8      0x0032e8c0      0x2e00c5e8
0x00090070 <bogus+     112>:    0x3d01fca1      0x17750000      0x3d1e8b2e      0x0208b801
0x00090080 <bogus+     128>:    0x740ffb83      0x021cb80a      0x7412fb83      0x2efeeb02
0x00090090 <bogus+     144>:    0xea01fca3      0x90200000      0x00000005      0xc08c0000
0x000900a0 <bogus+     160>:    0x750fffa9      0x8cdb31fe      0x40003dc0      0x2ec30172
0x000900b0 <bogus+     176>:    0x2b013da1      0x89009806      0x09e1c1c1      0x0973d901
0x000900c0 <bogus+     192>:    0xc0310774      0xe8c1d829      0x0034e809      0x0603c189
0x000900d0 <bogus+     208>:    0x3b2e0098      0x75013d06      0x0001b812      0x009a062b
0x000900e0 <bogus+     224>:    0x06ff0475      0x9aa3009c      0xa3c03100      0xe1c10098
0x000900f0 <bogus+     240>:    0x73cb0109      0x05c08cb2      0xc08e1000      0xa7ebdb31
0x00090100 <bogus+     256>:    0x52515350      0x009c168b      0x00980e8b      0x8bd58841
0x00090110 <bogus+     272>:    0x88009a16      0x8100b2d6      0xb40100e2      0x7213cd02
0x00090120 <bogus+     288>:    0x5b595a05      0x00b8c358      0x0000ba00      0x595a13cd
0x00090130 <bogus+     304>:    0xcceb585b      0x03f2ba52      0x5aee00b0      0x0d0000c3
0x00090140 <bogus+     320>:    0x616f4c0a      0x676e6964      0x73797320      0x206d6574
0x00090150 <bogus+     336>:    0x0d616161      0x000a0d0a      0x00000000      0x00000000
0x00090160 <bogus+     352>:    0x00000000      0x00000000      0x00000000      0x00000000
0x00090170 <bogus+     368>:    0x00000000      0x00000000      0x00000000      0x00000000
0x00090180 <bogus+     384>:    0x00000000      0x00000000      0x00000000      0x00000000
0x00090190 <bogus+     400>:    0x00000000      0x00000000      0x00000000      0x00000000
0x000901a0 <bogus+     416>:    0x00000000      0x00000000      0x00000000      0x00000000
0x000901b0 <bogus+     432>:    0x00000000      0x00000000      0x00000000      0x00000000
0x000901c0 <bogus+     448>:    0x00000000      0x00000000      0x00000000      0x00000000
0x000901d0 <bogus+     464>:    0x00000000      0x00000000      0x00000000      0x00000000
0x000901e0 <bogus+     480>:    0x00000000      0x00000000      0x00000000      0x00000000
0x000901f0 <bogus+     496>:    0x00000000      0x00000000      0x00000000      0xaa550301


所以我们的Image被加载到了0x90000,





 类似资料: