Public bug reported:
Hi.
I would like tracing on OptionROM program in gdb.
I make loop on OptionROM kind:
Label:
nop
nop
nop
nop
jmp Label
I build it for .286 (16 bit mode). I get LST file:
144 00CA Label proc far ; CODE XREF: seg000:0003
145 00CA 90 nop
146 00CB 90 nop
147 00CC 90 nop
148 00CD 90 nop
149 00CE 90 nop
150 00CF EB F9 jmp Label
I run it from QEMU, wait looping and attach GDB.
I saw: (when I type "stepi")
0x000000cb in ?? ()
0x000000cc in ?? ()
0x000000cd in ?? ()
0x000000ce in ?? ()
0x000000cf in ?? ()
0x000000ca in ?? ()
0x000000cb in ?? ()
0x000000cc in ?? ()
It is a loop "nop" cycle.
I make disassable this code and saw:
=> 0x000000ca: add %dh,%al
0x000000cc: push %ebx
0x000000cd: incl (%eax)
0x000000cf: lock push %ebx
0x000000d1: incl (%eax)
0x000000d3: lock push %ebx
0x000000d5: incl (%eax)
0x000000d7: lock push %ebx
(gdb) x /16xw 0xca
0xca: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
0xda: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
0xea: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
0xfa: 0xff53f000 0xec59f000 0xff53f000 0xff53f000
>From QEMU shell I wrote and saw:
(QEMU) x /16w 0xca
000000ca: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
000000da: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
000000ea: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
000000fa: 0xff53f000 0xec59f000 0xff53f000 0xff53f000
I try change source code:
set *0xca=0x90909090
set *0xca=0x90909090
But remained in the cycle turns:
0x000000cf in ?? ()
0x000000ca in ?? ()
0x000000cb in ?? ()
0x000000cc in ?? ()
0x000000cd in ?? ()
0x000000ce in ?? ()
0x000000cf in ?? ()
0x000000ca in ?? ()
Clearly that QEMU executes code in another memory area.
How do I find address? How do I can switch the QEMU on valid offset?
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1235306
Title:
Wrong memory viewer in 16 bit mode (Debugging BIOS OptionROM)
Status in QEMU:
New
Bug description:
Hi.
I would like tracing on OptionROM program in gdb.
I make loop on OptionROM kind:
Label:
nop
nop
nop
nop
jmp Label
I build it for .286 (16 bit mode). I get LST file:
144 00CA Label proc far ; CODE XREF: seg000:0003
145 00CA 90 nop
146 00CB 90 nop
147 00CC 90 nop
148 00CD 90 nop
149 00CE 90 nop
150 00CF EB F9 jmp Label
I run it from QEMU, wait looping and attach GDB.
I saw: (when I type "stepi")
0x000000cb in ?? ()
0x000000cc in ?? ()
0x000000cd in ?? ()
0x000000ce in ?? ()
0x000000cf in ?? ()
0x000000ca in ?? ()
0x000000cb in ?? ()
0x000000cc in ?? ()
It is a loop "nop" cycle.
I make disassable this code and saw:
=> 0x000000ca: add %dh,%al
0x000000cc: push %ebx
0x000000cd: incl (%eax)
0x000000cf: lock push %ebx
0x000000d1: incl (%eax)
0x000000d3: lock push %ebx
0x000000d5: incl (%eax)
0x000000d7: lock push %ebx
(gdb) x /16xw 0xca
0xca: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
0xda: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
0xea: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
0xfa: 0xff53f000 0xec59f000 0xff53f000 0xff53f000
From QEMU shell I wrote and saw:
(QEMU) x /16w 0xca
000000ca: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
000000da: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
000000ea: 0xff53f000 0xff53f000 0xff53f000 0xff53f000
000000fa: 0xff53f000 0xec59f000 0xff53f000 0xff53f000
I try change source code:
set *0xca=0x90909090
set *0xca=0x90909090
But remained in the cycle turns:
0x000000cf in ?? ()
0x000000ca in ?? ()
0x000000cb in ?? ()
0x000000cc in ?? ()
0x000000cd in ?? ()
0x000000ce in ?? ()
0x000000cf in ?? ()
0x000000ca in ?? ()
Clearly that QEMU executes code in another memory area.
How do I find address? How do I can switch the QEMU on valid offset?
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1235306/+subscriptions
