Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-11-2013, 15:35
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 233
Rept. Given: 99
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 97
Thanks Rcvd at 105 Times in 56 Posts
deepzero Reputation: 60
IDA and bochs

Hi,

i am trying to setup IDA PRO to run with Bochs, but no luck.

OS: xp sp3 x86 VM
IDA: IDA PRO 6.1 (leaked version, no way i can afford the real deal...yet)
Bochs: latest 2.6.2 (but i also tried some older versions)

When i select IDB mode and try to run it anyways, i get two error messages ("failed to run bochs...", see screenshot). IDA freezes for several settings, dumps below text to the output and presents me with debugger settings (screenshot).
Ida output:


Quote:
Starting emulation at 40102E ending emulation at 40104E
00000000000i[ ] reading configuration from C:\Documents and Settings\admin\Desktop\custom.bochsrc
00000000000p[CTRL ] >>PANIC<< optional plugin 'vga_update_interval' not found
00000000000e[CTRL ] notify called, but no bxevent_callback function is registered
========================================================================
Bochs is exiting with the following message:
[CTRL ] optional plugin 'vga_update_interval' not found
========================================================================
00000000000i[CPU0 ] CPU is in real mode (active)
00000000000i[CPU0 ] CS.mode = 16 bit
00000000000i[CPU0 ] SS.mode = 16 bit
00000000000i[CPU0 ] EFER = 0x00000000
00000000000i[CPU0 ] | EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000
00000000000i[CPU0 ] | ESP=00000000 EBP=00000000 ESI=00000000 EDI=00000000
00000000000i[CPU0 ] | IOPL=0 id vip vif ac vm rf nt of df if tf sf ZF af PF cf
00000000000i[CPU0 ] | SEG sltr(index|ti|rpl) base limit G D
00000000000i[CPU0 ] | CS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | DS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | SS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | ES:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | FS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | GS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | EIP=00000000 (00000000)
00000000000i[CPU0 ] | CR0=0x00000000 CR2=0x00000000
00000000000i[CPU0 ] | CR3=0x00000000 CR4=0x00000000
00000000000i[CTRL ] quit_sim called with exit code 1
Screenshot:

http://i.imgur.com/vUhess1.png

What do i do wrong? Wrong Bochs version?
As i said, ai tried a couple of older ones, too. Which version is advised for 6.1 use?

Running bochs 2.6 gives a slightly different error output:


Quote:
Starting emulation at 409540 ending emulation at 40955D
00000000000i[ ] reading configuration from C:\\protection_id.bochsrc
00000000000e[ ] C:\\protection_id.bochsrc:22: 'vga_update_interval' will be replaced by new 'vga: update_freq' option.
00000000000e[ ] C:\\protection_id.bochsrc:24: 'keyboard_serial_delay' will be replaced by new 'keyboard' option.
00000000000e[ ] C:\\protection_id.bochsrc:25: 'keyboard_paste_delay' will be replaced by new 'keyboard' option.
00000000000p[CTRL ] >>PANIC<< optional plugin 'pnic' not found
00000000000e[CTRL ] notify called, but no bxevent_callback function is registered
========================================================================
Bochs is exiting with the following message:
[CTRL ] optional plugin 'pnic' not found
========================================================================
00000000000i[CPU0 ] CPU is in real mode (active)
00000000000i[CPU0 ] CS.mode = 16 bit
00000000000i[CPU0 ] SS.mode = 16 bit
00000000000i[CPU0 ] EFER = 0x00000000
00000000000i[CPU0 ] | EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000
00000000000i[CPU0 ] | ESP=00000000 EBP=00000000 ESI=00000000 EDI=00000000
00000000000i[CPU0 ] | IOPL=0 id vip vif ac vm rf nt of df if tf sf ZF af PF cf
00000000000i[CPU0 ] | SEG sltr(index|ti|rpl) base limit G D
00000000000i[CPU0 ] | CS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | DS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | SS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | ES:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | FS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | GS:0000( 0000| 0| 0) 00000000 00000000 0 0
00000000000i[CPU0 ] | EIP=00000000 (00000000)
00000000000i[CPU0 ] | CR0=0x00000000 CR2=0x00000000
00000000000i[CPU0 ] | CR3=0x00000000 CR4=0x00000000
00000000000i[CTRL ] quit_sim called with exit code 1


Hope someone can help me out here!

d.


p.s.
Also see my increasingly desperate thread at woody:
http://www.woodmann.com/forum/showthread.php?15209-IDA-6-1-and-Bochs
Reply With Quote
  #2  
Old 06-11-2013, 15:50
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 840
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 168
Thanks Rcvd at 349 Times in 196 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Hi deepzero
I've recently doing same task and you know what?
IDA (6.1) is not compatible with latest bochs editions!
I was able to run the one mentioned in ida bochs page (find for IDA_debugging_bochs.pdf)
Once you succeed with thta old version, try to setup each newer one (by the major build)
good luck
Reply With Quote
The Following User Gave Reputation+1 to sendersu For This Useful Post:
deepzero (06-11-2013)
  #3  
Old 06-11-2013, 15:55
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 233
Rept. Given: 99
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 97
Thanks Rcvd at 105 Times in 56 Posts
deepzero Reputation: 60
Which version are you using?
I tried 262, 260, 252, 251...no luck.
Reply With Quote
  #4  
Old 06-11-2013, 17:07
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 840
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 168
Thanks Rcvd at 349 Times in 196 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
try from mentioned one - 2.3.7 (it worked for me)
and I've tried one more major - 2.4.6 was also fine
Reply With Quote
The Following User Gave Reputation+1 to sendersu For This Useful Post:
deepzero (06-11-2013)
  #5  
Old 06-11-2013, 17:40
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 233
Rept. Given: 99
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 97
Thanks Rcvd at 105 Times in 56 Posts
deepzero Reputation: 60
Indeed, 246 works fine!
I should have tried more older versions.

Thanks!
Reply With Quote
  #6  
Old 06-02-2017, 09:15
chants chants is offline
Family
 
Join Date: Jul 2016
Posts: 515
Rept. Given: 5
Rept. Rcvd 34 Times in 20 Posts
Thanks Given: 434
Thanks Rcvd at 780 Times in 361 Posts
chants Reputation: 34
Bochs 2.6.9 was released on April 9th, 2017 and is now available at https://sourceforge.net/projects/boc...d?source=files in case anyone is still interested in experimenting with it and IDA Pro.
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
niculaita (06-02-2017)
  #7  
Old 06-07-2017, 00:21
nuemga2000 nuemga2000 is offline
Friend
 
Join Date: Jan 2002
Posts: 52
Rept. Given: 1
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
nuemga2000 Reputation: 2
Quote:
Originally Posted by chants View Post
Bochs 2.6.9 was released on April 9th, 2017 and is now available at https://sourceforge.net/projects/boc...d?source=files in case anyone is still interested in experimenting with it and IDA Pro.
Did not work for me
Reply With Quote
  #8  
Old 06-07-2017, 02:38
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 840
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 168
Thanks Rcvd at 349 Times in 196 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Put details, errors, screens, what was done, etc
otehrwise you say 0 info
Reply With Quote
  #9  
Old 06-08-2017, 04:51
SinaDiR SinaDiR is offline
Friend
 
Join Date: Aug 2005
Location: Recycle Bin
Posts: 106
Rept. Given: 15
Rept. Rcvd 29 Times in 18 Posts
Thanks Given: 120
Thanks Rcvd at 178 Times in 53 Posts
SinaDiR Reputation: 29
Several months ago I have the same problem with debugging kernel image, Bochs confused me a lot and my friend suggest me VirtualKD with windbg debugger which implemented in IDA and it was my key to solved the problem with some clicks and add 2 lines in vmx(VMWare) file, that was my experience and I know it's not your (specific)question but I thought it could be useful in current thread
Reply With Quote
The Following User Says Thank You to SinaDiR For This Useful Post:
niculaita (06-08-2017)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 02:55.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )