Prebuilt bochscpu_ffi library with debug options/extended logging #118
Comments
|
@1ndahous3 fair enough - I fixed up the script for Windows in dd79187, try it out. It should 'just work'. Will fix Linux tomorrow :) Cheers |
|
@0vercl0k much better, thanks! I built a debug version and examined the original bug: yrp604/bochscpu#4 |
|
Amazing, thanks for the top notch issue 🙏🏽
…On Tue, Aug 16, 2022 at 4:54 AM Roman ***@***.***> wrote:
@0vercl0k <https://github.com/0vercl0k> much better, thanks! I built a
debug version and examined the original bug: yrp604/bochscpu#4
<yrp604/bochscpu#4>
—
Reply to this email directly, view it on GitHub
<#118 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALIORPZ7TL4R4VSJ22IHL3VZN6Q5ANCNFSM56TNNF3A>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@1ndahous3 I ingested @yrp604's changes; give them a spin, they are in #124. I have run it on Windows on old harnesses and things seem to work as expected. Haven't tried the Linux build yet but will this week. Cheers |
|
@0vercl0k the problem is solved! --> |
|
Amazing, I will merge this this week-end.
Cheers
…On Fri, Aug 19, 2022 at 1:21 AM Roman ***@***.***> wrote:
@0vercl0k <https://github.com/0vercl0k> the problem is solved!
D:\wtf_fuzzing\targets>..\wtf_old.exe run --backend=bochscpu --name ioctl --limit 10000000 --input crashes\crash-0x3b-0xc0000096-0xfffff8062804a378-0xfffff8062684c900-0x0-0x0 --state=state
Initializing the debugger instance.. (this takes a bit of time)
Setting debug register status to zero.
Setting debug register status to zero.
Running crashes\crash-0x3b-0xc0000096-0xfffff8062804a378-0xfffff8062684c900-0x0-0x0
--------------------------------------------------
Run stats:
Instructions executed: 653892 (17718 unique)
Dirty pages: 372736 bytes (0 MB)
Memory accesses: 1387422 bytes (0 MB)
#1 cov: 17718 exec/s: 1.0 lastcov: 0.0s crash: 1 timeout: 0 cr3: 0 uptime: 1.0s
-->
D:\wtf_fuzzing\targets>..\wtf_new.exe run --backend=bochscpu --name ioctl --limit 10000000 --input crashes\crash-0x3b-0xc0000096-0xfffff8062804a378-0xfffff8062684c900-0x0-0x0 --state=state
Initializing the debugger instance.. (this takes a bit of time)
Setting debug register status to zero.
Setting debug register status to zero.
Running crashes\crash-0x3b-0xc0000096-0xfffff8062804a378-0xfffff8062684c900-0x0-0x0
--------------------------------------------------
Run stats:
Instructions executed: 630725 (19182 unique)
Dirty pages: 356352 bytes (0 MB)
Memory accesses: 1340691 bytes (0 MB)
#1 cov: 19182 exec/s: 1.0 lastcov: 0.0s crash: 0 timeout: 0 cr3: 0 uptime: 1.0s
—
Reply to this email directly, view it on GitHub
<#118 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALIORKRUP4GMX4AV3TZD3DVZ47W5ANCNFSM56TNNF3A>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is a cool way to debug fuzzing cases in the project - tenet traces. Anyone can see the full context at any step by simply collecting the trace with
--trace-type=tenet. But today (using tenet traces) I found a wrong emulation (#GP onmov cr4,rdxwhich is not reproducible in a virtual machine). This issue requires a deeper research of bochs internals.After a quick search, I found notes in the build script:
wtf/src/libs/bochscpu-bins/build-bochscpu.bat
Lines 10 to 12 in d7477f4
After several attempts to build, I figured out:
All I need is to enable logging with the
BX_ERROR()macro (BX_NO_LOGGINGdefine depends on the--enable-loggingconfigure option). It will also be useful to enable source code debugging (_CL_=/Z7,_LINK_=/DEBUG:FULL).Since WTF is a project with perfect integration with the bochscpu emulator, it would be nice to have a fully debug version of bochs for debugging right out of the box, right in this repo. And the second thought - assembly scripts need to be improved :)
The text was updated successfully, but these errors were encountered: