Bochs Debugger

When you first start up bochs, you will see the command line prompt 

  bochs:1>
From here, you may use the following commands:

Execution Control

  c                           Continue executing
  stepi [count]               execute count instructions, default is 1
  si    [count]               execute count instructions, default is 1
  step  [count]               execute count instructions, default is 1
  s     [count]               execute count instructions, default is 1
  Ctrl-C                      stop execution, and return to command line prompt
  Ctrl-D                      if at empty line on command line, exit
  quit                        quit debugger and execution
  q                           quit debugger and execution

BreakPoints

  NOTE: The format of 'seg', 'off', and 'addr' in these descriptions,
        are as follows.  I don't have any way to set the current radix.

        hexidecimal:    0xcdef0123
        decimal:        123456789
        octal:          01234567

  vbreak seg:off              Set a virtual address instruction breakpoint
  vb     seg:off

  lbreak addr                 Set a linear address instruction breakpoint
  lb     addr

  pbreak [*] addr             Set a physical address instruction breakpoint
  pb     [*] addr             (the '*' is optional for GDB compatibility)
  break  [*] addr
  b      [*] addr

  info break                  Display state of all current breakpoints
  delete n                    Delete a breakpoint
  del    n
  d      n

Manipulating Memory

  x  /nuf addr      Examine memory at linear address addr
  xp /nuf addr      Examine memory at physical address addr
     n              Count of how many units to display
     u              Unit size; one of
                      b Individual bytes
                      h Halfwords (2 bytes)
                      w Words (4 bytes)
                      g Giant words (8 bytes)
                      NOTE: these are *not* typical Intel nomenclature sizes,
                            but they are consistent with GDB convention.
     f              Printing format.  one of
                      x Print in hexadecimal
                      d Print in decimal
                      u Print in unsigned decimal
                      o Print in octal
                      t Print in binary

    n, f, and u are optional parameters.  u and f default to the last values
    you used, or to w(words) and x(hex) if none have been supplied.
    n currently defaults to 1.  If none of these optional parameters are
    used, no slash should be typed.  addr is also optional.  If you don't
    specify it, it will be the value the next address (as if you had
    specified n+1 in the last x command).

  setpmem addr datasize val    Set physical memory location of size
                               datasize to value val.

  crc  addr1  addr2            Show CRC for physical memory range addr1..addr2
  info dirty                   Show physical pages dirtied (written to) since last display
                               Values displayed are the top 20 bits only (page addresses)

Info

  info program      Execution status of the program
  info registers    List of CPU integer registers and their contents
  info break        Information about current breakpoint status
  where		    Print the current call stack

Manipulating CPU Registers

  set $reg = val    Change a CPU register to value val.  Registers may be one of:
                      eax, ecx, edx, ebx, esp, ebp, esi, edi.
                    Currently, you may not change:
                      eflags, cs, ss, ds, es, fs, gs.

    Examples: set $eax = 0x01234567
              set $edx = 25

  info registers    See Info section
  dump_cpu          Dump complete CPU state
  set_cpu           Set  complete CPU state

    Format of "dump_cpu" and "set_cpu":
    "eax:0x%x\n"
    "ebx:0x%x\n"
    "ecx:0x%x\n"
    "edx:0x%x\n"
    "ebp:0x%x\n"
    "esi:0x%x\n"
    "edi:0x%x\n"
    "esp:0x%x\n"
    "eflags:0x%x\n"
    "eip:0x%x\n"
    "cs:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
    "ss:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
    "ds:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
    "es:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
    "fs:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
    "gs:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
    "ldtr:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
    "tr:s=0x%x, dl=0x%x, dh=0x%x, valid=%u\n"
    "gdtr:base=0x%x, limit=0x%x\n"
    "idtr:base=0x%x, limit=0x%x\n"
    "dr0:0x%x\n"
    "dr1:0x%x\n"
    "dr2:0x%x\n"
    "dr3:0x%x\n"
    "dr4:0x%x\n"
    "dr5:0x%x\n"
    "dr6:0x%x\n"
    "dr7:0x%x\n"
    "tr3:0x%x\n"
    "tr4:0x%x\n"
    "tr5:0x%x\n"
    "tr6:0x%x\n"
    "tr7:0x%x\n"
    "cr0:0x%x\n"
    "cr1:0x%x\n"
    "cr2:0x%x\n"
    "cr3:0x%x\n"
    "cr4:0x%x\n"
    "inhibit_int:%u\n"
    "done\n"

    Notes:
      - s is the selector
      - dl is the shadow descriptor low  dword (4 byte quantitiy)
      - dh is the shadow descriptor high dword (4 byte quantitiy)
      - valid denotes if the segment register holds a validated shadow descriptor
      - inhibit_int is set if the previous instruction was one which delays the
          acceptance of interrupts by one instruction (STI, MOV SS)
      - any errors encountered by the set_cpu command, are reported by
        "Error: ...".  They may be reported after any of the input lines,
        or after the "done" line, during limit checks.
      - A successful set_cpu command ends with the separate line:
        "OK".

Disassembly commands

  disassemble start end       Disassemble instructions in given linear address
                              range, inclusive of start, exclusive of end.
                              Use "set $disassemble_size =" to tell
                              debugger desired segment size.  Use a value for
                              end of less than start (or zero) if you only
                              want the first instruction disassembled.
  set $disassemble_size = n   Tell debugger what segment size to use when
                              the "disassemble" command is used.  Use values
                              of 16 or 32 for n.  Default is 32.

  set $auto_disassemble = n   Cause debugger to disassemble current instruction
                              every time execution stops if n=1.  Default is 0.
                              Segment size of current CPU context is used for
                              disassembly, so variable "$disassemble_size" is
                              ignored.

New Commands

trace-on

Disassemble every executed instruction. Note that instructions that cause exceptions are not really executed, and therefore not traced.

trace-off

Disable tracing.

ptime

Print the current time (number of ticks since start of simulation (modulo 2^32)).

sb delta

Insert a time break point delta instructions into the future.

sba time

Insert a time break point at time.

record filename

Record console input to file filename. The file consists of zero or more lines of the form "%s %d %x", where the first word is the event type, the second is a time stamp and the third is event specific data.

playback filename

Playback console input from file filename. Additional input can be given directly in the console window. Events in the file will be played back at times relative to the time when the playback command was executed.

print-stack [num words]

Print the num words top 16-bit words on the stack. Num words defaults to 16. Only works reliably in protected mode when the base address of the stack segment is zero.

watch stop

Stop the simulation (and return to prompt) when a watch point is encountered.

watch continue

Do not stop the simulation when watch points are encountered. They will still be logged.

watch

Print current watch point status.

unwatch

Remove all watch points.

watch read address

Insert a read watch point at physical address address.

watch write address

Insert a write watch point at physical address address.

unwatch read address

Remove read watch point from physical address address.

unwatch write address

Remove write watch point from physical address address.

modebp [string]

Insert documentation here.

load-symbols [global] filename [offset]

Load symbols from file filename. If the global keyword is added, then the the symbols will be visible in all contexts for which symbols have not been loaded. Offset (default is 0) is added to every symbol entry. The symbols are loaded in the current (executing) context.

The symbol file consists of zero or more lines of the format "%x %s".

show [string]

Insert documentation here.

 

 

 

Resource file extensions

time0: time

Specifies the start (boot) time of the virtual machine. Use a time value as returned by the time(2) system call. Time equal to 1 is a special case which starts the virtual machine at the current time of the simulator host.

cdromd: dev=device, status=(inserted|ejected)

LoseNT needs a CD in order to boot properly. Our simulated CD-ROM unit communicates directly with the CD-ROM driver in Linux. Device is a device special file to which the CD-ROM driver is connected (typically /dev/hdc). Device is ignored if status=ejected.