Re: [Qemu-devel] [PATCH v4 00/46] Windbg supporting

[Ladi Prosek]

On Mon, Dec 11, 2017 at 2:21 PM, Mihail Abakumov
<address@hidden> wrote:
> An update of:
>
>         v1: 
> https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg07092.html
>
> We made the debugger module WinDbg (like GDB) for QEMU. This is the 
> replacement
> of the remote stub in Windows kernel. Used for remote Windows kernel debugging
> without debugging mode.
>
> WinDbg is a multipurpose debugger for the Microsoft Windows computer operating
> system, distributed by Microsoft. Recent versions of WinDbg have been and are
> being distributed as part of the free Debugging Tools for Windows suite.
>
> How to start debugging QEMU using WinDbg:
>   Run QEMU with next option:
>     -windbg pipe:<name>
>   QEMU will start and pause for waiting WinDbg connection.
>   Run WinDbg with next options:
>     -b -k com:pipe,baud=115200,port=\\.\pipe\<name>,resets=0
>   Wait for debugger connect to kernel.
>
> Note: You can add Symbol Search Path in WinDbg such as
> srv*c:\tmp*http://msdl.microsoft.com/download/symbols.
>
> How it works:
> The WinDbg debugger has the possibility of connecting to a remote debug 
> service
> (Kdsrv.exe) in the Windows kernel. Therefore, it is possible to connect to the
> guest system running in the QEMU emulator. Kernel debugging is possible only
> with the enabled debugging mode, may change at the same time. Our module of
> WinDbg debugger for QEMU is an alternative of the remote debugging service in
> the kernel. Thus, the debugger connects to the debugging module, not to the
> kernel of the operating system. The module obtains all the necessary 
> information
> answering debugger requests from the QEMU emulator. At the same time for
> debugging there is no need to enable debugging mode in the kernel. This leads 
> to
> hidden debugging. Our module supports all features of WinDbg regarding remote
> debugging, besides interception of events and exceptions. Only i386 is 
> supported
> now.
>
> Changed in v4:
>
>  - Add WinDbg stub to the MAINTAINERS file.
>  - Increase size of the search buffer in 'kd_api_search_memory'. (Ladi Prosek)
>  - Add sub functions for helper_wrmsr and helper_rdmsr: cpu_x86_write_msr and
>    cpu_x86_read_msr. Also they are used in packet handlers, i.e. duplication 
> of
>    code is removed. (Ladi Prosek)
>  - Add a more user-friendly error when try to use -windbg and -gdb at the same
>    time. (Ladi Prosek)
>  - Remove macros for SizedBuf. (Ladi Prosek)
>  - Add runtime assert to KD_API_NAME and KD_PKT_TYPE_NAME. (Ladi Prosek)
>  - Remove 'ifneq ($(TARGET_NAME), x86_64)' from the 'Makefile.target' file.
>    (Ladi Prosek)
>  - Remove incorrect macro UINT32_P. Replace it by bit shifts. (Ladi Prosek)
>
> Changed in v3:
>
>  - Add a support of the new api functions from the WinDbg v10.
>
> Changed in v2:
>
>  - Move target specific code in the 'target/' directory. (Alistair Francis)
>  - Change 'kd_api_fill_memory'. Made a fill of memory by line segments. Before
>    that, a full array was immediately collected and written in RAM. (Ladi 
> Prosek)
>  - Change 'kd_api_search_memory'. Made a search for memory by line segments.
>    (Ladi Prosek)
>  - Change ld* to st* where it needs. (Ladi Prosek)
>  - Add a additional check of input arguments in 'windbg_read_context' and
>    'windbg_read_ks_regs'. (Ladi Prosek)
>  - Fix typos. (Ladi Prosek)
>  - Add a fliping back 'windbg_state->is_loaded' after reset VM.
>  - Add a check to disabled kvm. It is supported yet. (Ladi Prosek)
>  - Add a check to device in windbg option. Only pipe is supporting now.
>    (Alistair Francis)
>  - Add a check to 'ifdef' WINDBG_DEBUG_ON before define it. (Alistair Francis)
>  - Replace printf to qemu_log. (Alistair Francis)
>  - Fix build on s390x host. (patchew)
>  - Fix code style error. (patchew)
>
> ---
>
> Mihail Abakumov (46):
>       windbg: added empty windbgstub files
>       windbg: added windbg's KD header file
>       windbg: modified windbgkd.h
>       windbg: added '-windbg' option
>       windbg: added helper features
>       windbg: added WindbgState
>       windbg: added chardev
>       windbg: hook to wrmsr operation
>       windbg: handler of fs/gs register
>       windbg: structures for parsing data stream
>       windbg: parsing data stream
>       windbg: send data and control packets
>       windbg: handler of parsing context
>       windbg: init DBGKD_ANY_WAIT_STATE_CHANGE
>       windbg: generate ExceptionStateChange
>       windbg: generate LoadSymbolsStateChange
>       windbg: windbg_vm_stop
>       windbg: implemented windbg_process_control_packet
>       windbg: implemented windbg_process_data_packet
>       windbg: implemented windbg_process_manipulate_packet
>       windbg: implemented kd_api_read_virtual_memory and 
> kd_api_write_virtual_memory
>       windbg: kernel's structures
>       windbg: implemented kd_api_get_context and kd_api_set_context
>       windbg: implemented kd_api_read_control_space and 
> kd_api_write_control_space
>       windbg: implemented windbg_read_context
>       windbg: implemented windbg_write_context
>       windbg: implemented windbg_read_ks_regs
>       windbg: implemented windbg_write_ks_regs
>       windbg: implemented windbg_set_sr
>       windbg: implemented windbg_set_dr
>       windbg: implemented windbg_set_dr7
>       windbg: implemented windbg_hw_breakpoint_insert and 
> windbg_hw_breakpoint_remove
>       windbg: implemented kd_api_write_breakpoint and 
> kd_api_restore_breakpoint
>       windbg: debug exception subscribing
>       windbg: implemented kd_api_continue
>       windbg: implemented kd_api_read_io_space and kd_api_write_io_space
>       windbg: implemented kd_api_read_physical_memory and 
> kd_api_write_physical_memory
>       windbg: implemented kd_api_get_version
>       windbg: implemented kd_api_read_msr and kd_api_write_msr
>       windbg: implemented kd_api_search_memory
>       windbg: implemented kd_api_fill_memory
>       windbg: implemented kd_api_query_memory
>       windbg: added new api functions
>       windbg: implemented kd_api_get_context_ex and kd_api_set_context_ex
>       windbg: changed kd_api_read_msr and kd_api_write_msr
>       windbg: maintainers
>
>
>  MAINTAINERS                     |   12
>  Makefile.target                 |    5
>  cpus.c                          |   19 +
>  gdbstub.c                       |    4
>  include/exec/windbgkd.h         |  975 +++++++++++++++++++++++++++++++
>  include/exec/windbgstub-utils.h |  105 +++
>  include/exec/windbgstub.h       |   24 +
>  include/sysemu/sysemu.h         |    2
>  qemu-options.hx                 |    8
>  stubs/Makefile.objs             |    1
>  stubs/windbgstub.c              |   21 +
>  target/i386/Makefile.objs       |    2
>  target/i386/cpu.h               |    3
>  target/i386/misc_helper.c       |   48 +-
>  target/i386/windbgstub.c        | 1223 
> +++++++++++++++++++++++++++++++++++++++
>  vl.c                            |    8
>  windbgstub-utils.c              |  351 +++++++++++
>  windbgstub.c                    |  498 ++++++++++++++++
>  18 files changed, 3296 insertions(+), 13 deletions(-)
>  create mode 100755 include/exec/windbgkd.h
>  create mode 100755 include/exec/windbgstub-utils.h
>  create mode 100755 include/exec/windbgstub.h
>  create mode 100755 stubs/windbgstub.c
>  create mode 100755 target/i386/windbgstub.c
>  create mode 100755 windbgstub-utils.c
>  create mode 100755 windbgstub.c

Thank you. I have sent a small proposal as a reply to patch 5.

Regardless:

Acked-by: Ladi Prosek <address@hidden>

This is a great work with many interesting uses. For instance, Windows
can't be kernel-debugged if secure boot is enabled. And "printf"
debugging is painful, too, as modern Windows requires that all kernel
code be signed by Microsoft.

Now you'll probably have to find somebody who'll do a thorough review
and merge the code.

Thanks again,
Ladi