默默的一块石头
分类: LINUX
2019-10-21 11:15:38
下载并编译内核
内核源码可以在 下载,本文使用的内核为3.13。
首先进行内核编译,在内核源码路径下执行:
sudo apt-get install m4 libncurses5-dev -y
make menuconfig(选中
kernel hacking –> Kernel debugging
kernel hacking –> Compile-time checks and compiler options –> compile the kernel with debug info
kernel hacking –> Compile-time checks and compiler options -> compile the kernel with frame pointers
make
拷贝bzImage到我们用来调试的目录,如/opt/kernel-debug
mkdir -p /opt/kernel-debug
cp arch/x86/boot/bzImage /opt/kernel-debug
制作busybox所需要的rootfs
执行以下命令在/opt/kernel-debug下创建rootfs
cd /opt/kernel-debug
dd if=/dev/zero of=rootfs.img bs=1M count=10
mkfs.ext3 rootfs.img
mkdir rootfs
# 将其mount 到新创建到目录上
mount -t ext3 -o loop rootfs.img rootfs
cd rootfs
mkdir dev proc sys
安装qemu(使用apt install下载,无法终端)
下载qemu-1.3.0.tar.bz2到指定目录
apt-get install build-essential libtool automake \
libgmp-dev libnspr4-dev libnss3-dev openssl \
libssl-dev git iasl glib-2.0 libglib2.0-0 \
libglib2.0-dev libtasn1-6-dev tpm-tools \
libfuse-dev libgnutls-dev libsdl1.2-dev \
expect gawk socat libfdt-dev
编译qemu
tar -xjvf qemu-1.3.0.tar.bz2
cd qemu-1.3.0
./configure --enable-kvm --enable-sdl --target-list=x86_64-softmmu
make
make install
安装busybox
wget
tar -xjvf busybox-1.26.1.tar.bz2
cd busybox-1.26.1
make menuconfig
- 选择静态编译:Busybox Settings->Build Busybox as a static binary
- 取消选择Networking utilities->iptunnel (NEW)
- 取消选择Networking utilities->inetd
make
安装到bzImage下的rootfs下
make install CONFIG_PREFIX=/opt/kernel-debug/rootfs
unmount rootfs
cd /opt/kernel-debug
sudo umount rootfs
启动qemu进行调试
启动qemu
cd /opt/kernel-debug
1.使用busybox中的ash.c作为启动入口
qemu-system-x86_64 -S -kernel bzImage -hda rootfs.img -append "root=/dev/sda init=/bin/ash"
2.使用busybox中的init.c作为启动入口
qemu-system-x86_64 -S -kernel bzImage -hda rootfs.img -append "root=/dev/sda init=/sbin/init"
用鼠标点击qemu窗口,然后ctrl+alt+2切换到控制台,输入gdbserver tcp::1234
打开另外一个终端,安装ddd,并运行ddd vmlinux
apt-get install ddd
# 进入linux源码路径,本文路径为/usr/src/linux-3.13-obj
cd /usr/src/linux-3.13-obj
ddd vmlinux
界面为:
在gdb的命令行中输入命令target remote localhost:1234将qemu虚拟机连接到ddd的控制台
自此就可以通过ddd的控制台用gdb的命令来查看源码的运行信息了
在gdb命令中输入continue,出现错误:
(gdb) continue
Continuing.
Continuing.
Remote 'g' packet reply is too long: edffffff00000000ffffffffffffffff0000000000000001000000000000000000000000000000004600000000000000b81ec081ffffffffb81ec081ffffffff000000000000000000000000000000002900000000000000689eea81ffffffff0000000000000000d81fc081ffffffffc022dd81ffffffffd81fc081ffffffff86050581ffffffff8602000010000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f030000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000020202020202020202020202020202020000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000801f0000
(gdb) Quit
解决方案:
下载更高版本的gdb:
wget
tar xzvf gdb-7.11.tar.gz
cd gdb-7.11
vim gdb/remote.c
注释掉
if (buf_len > 2 * rsa->sizeof_g_packet)
error (_(“Remote ‘g’ packet reply is too long: %s”), rs->buf);
在其后加上
if (buf_len > 2 * rsa->sizeof_g_packet) {
rsa->sizeof_g_packet = buf_len;
for (i = 0; i < gdbarch_num_regs (gdbarch); i++) {
if (rsa->regs[i].pnum == -1)
continue;
if (rsa->regs[i].offset >= rsa->sizeof_g_packet)
rsa->regs[i].in_g_packet = 0;
else
rsa->regs[i].in_g_packet = 1;
}
}
安装gdb
apt-get install texinfo
./configure
make
make install
mv /usr/bin/gdb /usr/bin/gdb.bak
ln -s /usr/local/bin/gdb /usr/bin/gdb
再重新 ddd vmlinux后,gdb界面里显示:
(gdb) target remote localhost:1234
Remote debugging using localhost:1234
native_safe_halt () at /usr/src/octa-blockIMA/octa-blockIMA/arch/x86/include/asm/irqflags.h:50
(gdb)
关于ddd的介绍见 http://blog.csdn.net/mirage1993/article/details/50883824
调试示例
在本机上写一段程序:
root@BlockIMATest:~# cat fork.c
#include
int main() {
int fd;
fd = fork();
if(fd == 0) {
printf("I am child\n");
} else if(fd > 0) {
printf("I am parenet\n");
}
return 0;
}
root@BlockIMATest:~#
编译成静态的二进制程序
gcc -c -g -static fork.c
gcc -o test_fork -static fork.o
将该二进制拷贝到/opt/kernel-debug/rootfs/bin下
cd /opt/kernel-debug
# 将其mount 到rootfs上
mount -t ext3 -o loop rootfs.img rootfs
cd rootfs
cp ~/test_fork /opt/kernel-debug/rootfs/bin/
cd ../
sudo umount rootfs
启动qemu
cd /opt/kernel-debug
qemu-system-x86_64 -S -kernel bzImage -hda rootfs.img -append "root=/dev/sda init=/bin/ash"
用鼠标点击qemu窗口,然后ctrl+alt+2切换到控制台,输入gdbserver tcp::1234
另开一个终端,在内核目录下启动ddd vmlinux
在gdb里连接到qemu,让其运行
GNU DDD 3.3.12 (x86_64-pc-linux-gnu), by Dorothea LReading symbols from vmlinux...done.
(gdb) target remote localhost:1234
Remote debugging using localhost:1234
0x0000000000000000 in irq_stack_union ()
(gdb) continue
Continuing.
在qemu窗口,使用ctrl+alt+1切换到虚拟机界面,等待虚拟机启动。虚拟机启动成功后,在ddd界面里source->Breakpoints里添加一个断点,在弹出的Set point at文本框中输入do_fork
回到qemu窗口,执行test_fork,可以看到进入断点了~
