Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

[solved] IDA 6.1 and Bochs

Questions concerning tools (other than OllyDbg) - IDA Pro, SoftIce, member contributions, etc.
<b>NOTE:</b> You must <b>always</b> make sure you cannot find what you are looking for in our <a href="/collaborative/tools">Collaborative RCE Tool Library</a> before asking for <b>any</b> tools that can do this or that though!
Locked
deepzero
Member
Posts: 35
Joined: Sun Oct 30, 2011 6:27 am

[solved] IDA 6.1 and Bochs

Post by deepzero »

Hi,

i am trying to setup IDA PRO to run with Bochs, but no luck.

OS: xp sp3 x86 VM
IDA: IDA PRO 6.1 (leaked version, no way i can afford the real deal...yet)
Bochs: latest 2.6.2 (but i also tried some older versions)

Trouble starts when i try to setup Bochs. According to the bochs tutorial on the IDA homepage, i am suppsoed to speicify the path to bochdbg.exe in the advanced debugger options.
Tough luck, that option simply does not exist (see screenshot).

When i select IDB mode and try to run it anyways, i get two error messages ("failed to run bochs...", see screenshot). IDA freezes for several settings, dumps below text to the output and presents me with debugger settings (screenshot).
Ida output:

Starting emulation at 40102E ending emulation at 40104E
00000000000i[ ] reading configuration from C:\Documents and Settings\admin\Desktop\custom.bochsrc
00000000000p[CTRL ] >>PANIC<< optional plugin 'vga_update_interval' not found
00000000000e[CTRL ] notify called, but no bxevent_callback function is registered
========================================================================
Bochs is exiting with the following message:
[CTRL ] optional plugin 'vga_update_interval' not found
========================================================================
00000000000i[CPU0 ] CPU is in real mode (active)
00000000000i[CPU0 ] CS.mode = 16 bit
00000000000i[CPU0 ] SS.mode = 16 bit
00000000000i[CPU0 ] EFER = 0x00000000
00000000000i[CPU0 ] | EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000
00000000000i[CPU0 ] | ESP=00000000 EBP=00000000 ESI=00000000 EDI=00000000
00000000000i[CPU0 ] | IOPL=0 id vip vif ac vm rf nt of df if tf sf ZF af PF cf
00000000000i[CPU0 ] | SEG sltr(index|ti|rpl) base limit G D
00000000000i[CPU0 ] | CS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | DS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | SS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | ES:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | FS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | GS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | EIP=00000000 (00000000)
00000000000i[CPU0 ] | CR0=0x00000000 CR2=0x00000000
00000000000i[CPU0 ] | CR3=0x00000000 CR4=0x00000000
00000000000i[CTRL ] quit_sim called with exit code 1
Screenshot:

Image

What do i do wrong? Wrong Bochs version?
As i said, ai tried a couple of older ones, too. Which version is advised for 6.1 use?


Hope someone can help me out here!

d.
User avatar
Aimless
Senior Member
Posts: 869
Joined: Thu Sep 13, 2001 3:11 am

Post by Aimless »

Hello,

Cannot make anything from your screenshots. They are too small and cannot be enlarged.

Perhaps a better screenshots?

Have Phun
Blame Microsoft, get l337 !!
deepzero
Member
Posts: 35
Joined: Sun Oct 30, 2011 6:27 am

Post by deepzero »

wired, it shows in full-res here.

try opening the link directly:
deepzero
Member
Posts: 35
Joined: Sun Oct 30, 2011 6:27 am

Post by deepzero »

I read somewhere that bochs 252 is compatible with ida 6.1, so i tried that.

At first, bochs complained about an unknown parameter "pass" on line 38 of the boch cfg file. After commenting out the line, it now starts, displays the bochs windows, prints "Debugging with ida" and then pops up a messagebox:
"Failed to inspect registers"
Followed by a termination of bochs and the "check parameters" dialog.

Hope somone can shed some light on all of this... :/
deepzero
Member
Posts: 35
Joined: Sun Oct 30, 2011 6:27 am

Post by deepzero »

Confirmed: bochs seems to work outside of IDA. It's just that ida pops up that damn "failed to inspect registers" error... :(
deepzero
Member
Posts: 35
Joined: Sun Oct 30, 2011 6:27 am

Post by deepzero »

Another one: Running IDA 6.1 with bohs 2.6 complains about a different "plugin" missing:


Starting emulation at 409540 ending emulation at 40955D
00000000000i[ ] reading configuration from C:\\protection_id.bochsrc
00000000000e[ ] C:\\id.bochsrc:22: 'vga_update_interval' will be replaced by new 'vga: update_freq' option.
00000000000e[ ] C:\\id.bochsrc:24: 'keyboard_serial_delay' will be replaced by new 'keyboard' option.
00000000000e[ ] C:\\id.bochsrc:25: 'keyboard_paste_delay' will be replaced by new 'keyboard' option.
00000000000p[CTRL ] >>PANIC<< optional plugin 'pnic' not found
00000000000e[CTRL ] notify called, but no bxevent_callback function is registered
========================================================================
Bochs is exiting with the following message:
[CTRL ] optional plugin 'pnic' not found
========================================================================
00000000000i[CPU0 ] CPU is in real mode (active)
00000000000i[CPU0 ] CS.mode = 16 bit
00000000000i[CPU0 ] SS.mode = 16 bit
00000000000i[CPU0 ] EFER = 0x00000000
00000000000i[CPU0 ] | EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000
00000000000i[CPU0 ] | ESP=00000000 EBP=00000000 ESI=00000000 EDI=00000000
00000000000i[CPU0 ] | IOPL=0 id vip vif ac vm rf nt of df if tf sf ZF af PF cf
00000000000i[CPU0 ] | SEG sltr(index|ti|rpl) base limit G D
00000000000i[CPU0 ] | CS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | DS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | SS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | ES:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | FS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | GS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | EIP=00000000 (00000000)
00000000000i[CPU0 ] | CR0=0x00000000 CR2=0x00000000
00000000000i[CPU0 ] | CR3=0x00000000 CR4=0x00000000
00000000000i[CTRL ] quit_sim called with exit code 1

what's with those plugins? I cant find anything named "pnic".
deepzero
Member
Posts: 35
Joined: Sun Oct 30, 2011 6:27 am

Post by deepzero »

Solved: IDA 6.1 needs bochs 246!

Thanks @sandersu.
User avatar
Aimless
Senior Member
Posts: 869
Joined: Thu Sep 13, 2001 3:11 am

As Above

Post by Aimless »

So, help me out here --

After downloading BOCHS 246, you run the EXE that installs it -- Then you configure it in IDA -- and run everything in the bochs debugger --

Do I need to have a BOCHS image file and BIOS configured and THEN configure it in IDA -- or installing BOCHS out of the box and working in IDA will work?

is that right?

Or is there a step I am missing -- ??

Have Phun
Blame Microsoft, get l337 !!
deepzero
Member
Posts: 35
Joined: Sun Oct 30, 2011 6:27 am

Post by deepzero »

Depends on what you want to do, i guess.

If you just want to debug/emulate a piece of code or a PE file from your DB, IDA will generate a config + image automatically.
If you want to debug a BIOS, boot loader, etc. you'll ofcourse have to supply that. :)

At least in the first case, you have to configure aboslutely zero. IDA will even find the correct path on its own.
User avatar
Aimless
Senior Member
Posts: 869
Joined: Thu Sep 13, 2001 3:11 am

Post by Aimless »

Ahhh.... forget it.

Got it to work --- I was using the incorrect BOCHS versions.

Guess the 2.3+ of BOCHS you should be using instructions in hex-rays is incorrect.

Thanks deepzero, for the engagement.

Have Phun
Blame Microsoft, get l337 !!
Locked