Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add iodebug support for all rings moved to #66 #65

Closed
wants to merge 1 commit into from
Closed

add iodebug support for all rings moved to #66 #65

wants to merge 1 commit into from

Conversation

therealdreg
Copy link
Member

@therealdreg therealdreg commented Aug 27, 2023
edited
Loading

Moved to #66

This PR is for "I/O Interface to Bochs Debugger" from ring3 (port range: 0x8A00 - 0x8A01)

PR #64 was for E9 HACK (port 0xE9)

By enabling the iodebug's 'all_rings' option, you can utilize the port I/O Interface to Bochs Debugger from ring3. This PR allows the code running inside Bochs (ring3) to monitor memory ranges, trace individual instructions, and observe register values during execution.

https://bochs.sourceforge.io/doc/docbook/development/debugger-advanced.html

IMO very useful for:

  • user-mode sandbox (ex Cuckoo)
  • malware analysis
  • API/SYSCALL hook/monitor from ring3
  • automation + instrumentation from user mode code
    ...

A complement for PR #64

This PR is 100% backward compatibility

IODEBUG ALL RINGS

btw, @stlintel I'm not certain about:

  • if misc is the ideal location for this.. should I create a new iodebug-option for this?
  • should I remove the #if in 'new bx_param_bool_c'?
  • the new .bochsrc entry makes sense for you?

@stlintel
Copy link
Contributor

This was merged already ?!

Branch: refs/heads/master
Home: https://github.com/bochs-emu/Bochs
Commit: da43cc4
da43cc4
Author: Dreg <dreg@fr33project.org>
Date: 2023-08-26 (Sat, 26 Aug 2023)

Changed paths:
M bochs/.bochsrc
M bochs/PARAM_TREE.txt
M bochs/config.cc
M bochs/cpu/io.cc
M bochs/doc/docbook/user/user.dbk
M bochs/param_names.h

Log Message:

add port e9 hack support for all rings (#64)

By enabling the 'all_rings' option, you can utilize the port e9 hack from ring3

IMO very useful for:

  • user-mode sandbox (ex Cuckoo)
  • malware analysis
  • API/SYSCALL logger with a simple hook from ring3
  • automation + instrumentation from user mode code
  • ...

So yes, from this PR a user-mode-sandbox can display on the console of the system running Bochs anything that is written to 0xE9 port

porte9hackallrings

This PR is 100% backward compatibility

btw, @stlintel I'm not certain if bochs/config.cc is the ideal location to define bool port_e9_hack_all_rings (unmapped io/dev is
better?)

@stlintel stlintel closed this Aug 27, 2023
@therealdreg
Copy link
Member Author

therealdreg commented Aug 27, 2023
edited
Loading

@stlintel this is for "I/O Interface to Bochs Debugger" from ring3 (port range: 0x8A00 - 0x8A01)

PR #64 was for E9 HACK (port 0xE9)

They are different features...

Moved for #66

@therealdreg therealdreg deleted the iodebug_all_rings branch August 27, 2023 09:31
@therealdreg therealdreg changed the title add iodebug support for all rings add iodebug support for all rings moved to #66 Aug 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@therealdreg @stlintel