Kernel

1.Envirment:

1.VM-Envriment:windown 7, vmware(ubuntu-18.04.1-live-server-amd64.iso), SecureCRT(ssh remote ubuntu), samba-server(seeAppendix 1 samba-server create),gcc-32bit(seeAppendix 2 gcc-32bit install, but maybe not need nessesary).

2.Destnation-machine: BOCHS(lastest version form official site), QEMU(lastest version form official site).

Bochs can debug assembly, but can't debug using gdb before recompile. Qemu can using gdb, but can't debug in assembly. So need to install both.

3.Debug-method: TDMGCC(Using its GDB in command line debug).

2.compile

source: linux-4.19 download form official site.

1."make help" to see varity of command rerate operation.

2."make mrproper" to remove last configure.

3."make i386_defconfig", may be need to install some lib.

If want to debug by gdb, should be add some iterms to the ".config" file

1)

CONFIG_DEBUG_INFO=y

2)

Discompile KASLR module. (Must have "not set" keyword.)

# CONFIG_RANDOMIZE_BASE is not set

After input "make bzImage", ".config" file would be change, so need check again.Bellow is change process;

Other method(not good, VFS can't launch.)

"C:\Program Files\qemu\qemu-system-i386.exe" -m 512M -smp 4 -kernel arch\x86\boot\bzImage -drive format=raw,file=./disk.raw -append "init=/linuxrc root=/dev/sda" -s -S -append nokaslr

NOTE: ThenokasrlLinux command line parameter disables KASRL. But VFS can't launch.

This has been needed since v4.12, when KASLR was turned on by default

kaslr的全称是kernel address space layout randomization,主要是通过每次开机将kernel image 加载到不同的

的地址来增强安全性。

Error:

a.

scripts/Makefile.lib:196: recipe for target 'scripts/kconfig/zconf.tab.c' failed

make[1]: *** [scripts/kconfig/zconf.tab.c] Error 127

Solution:sudo apt-get install bison

b.

scripts/Makefile.lib:188: recipe for target 'scripts/kconfig/zconf.lex.c' failed

make[1]: *** [scripts/kconfig/zconf.lex.c] Error 127

Solution:sudo apt-get install flex

method to config by text:

a.we can configure is throuth ".config" file, which is stored the configure result. and we can direct modify the file.

b.(Better method)cd linux-4.19\arch\x86\configs, copy "i386_defconfig" to "i386simple_defconfig", then change the config.And can using "i386simple_defconfig" to config,too.

other config method:

referece:https://blog.csdn.net/ffmxnjm/article/details/72933915LINUX内核目录文件说明以及配置并编译内核的方法

make config - 纯文本界面 (最常用的选择)。

make menuconfig - 基于文本彩色菜单和单选列表。这个选项可以加快开发者开发速度。需要安装ncurses(ncurses-devel)。

make nconfig - 基于文本的彩色菜单。需要安装curses (libcdk5-dev)。

make xconfig - QT/X-windows 界面。需要安装QT。

make gconfig - Gtk/X-windows 界面。需要安装GTK。

make oldconfig - 纯文本界面,但是其默认的问题是基于已有的本地配置文件。

make silentoldconfig - 和oldconfig相似,但是不会显示配置文件中已有的问题的回答。

make olddefconfig -和silentoldconfig相似,但有些问题已经以它们的默认值选择。

make defconfig - 这个选项将会创建一份以当前系统架构为基础的默认设置文件。

make ${PLATFORM}defconfig - 创建一份使用arch/$ARCH/configs/${PLATFORM}defconfig中的值的配置文件。

make allyesconfig - 这个选项将会创建一份尽可能多的问题回答都为‘yes’的配置文件。

make allmodconfig - 这个选项将会创建一份将尽可能多的内核部分配置为模块的配置文件。

注意:内核代码可以放进内核自身,也可以成为一个模块。例如,用户可以将蓝牙驱动作为一个模块加入(独立于内核),或者直接放到内核栗,或者完全不加蓝牙驱动。当代码放到内核本身时,内核将会请求更多的内存并且启动会花费更长的时间。然而,内核会执行的更好。如果代码作为模块加入,代码将会一直存在于硬盘上直到被需要时加载。接着模块被加载到内存中。这可以减少内核的内存使用并减少启动的时间。然而,因为内核和模块在内存上相互独立所以会影响内核的性能。另一种选择是不添加一些代码。举例来说,内核开发人员假如知道系统永远都不会使用蓝牙设备,因此这个驱动就可以不加到内核中。这提升了内核的性能。然而,如果用户之后需要蓝牙设备,那么他么需要安装蓝牙模块或者升级内核才行。

make allnoconfig- 这个选项只会生成内核所必要代码的配置文件。它对尽可能多的问题都回答no。这有时会导致内核无法工作在为编译该内核的硬件上。

make randconfig - 这个选项会对内核选项随机选择(译注:这是做什么用途的?!)。

make localmodconfig - 这个选项会根据当前已加载模块列表和系统配置来生成配置文件。

make localyesconfig - 将所有可装载模块(LKM)都编译进内核(译者注:这里与原文 ‘This will set all module options to yes - most (or all) of the kernel will not be in modules’的意思不同,作者也作出了解释:13307)。

4."make bzImage -j4"

Error:

scripts/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory

#include

^~~~~~~~~~~~~~~

compilation terminated.

Solution:sudo apt-get install libssl-dev

5. "make modules". If using diable modules, don't need do this, such as use "make allnoconfig" before.

6.Windows command line input:

"C:\Program Files\qemu\qemu-system-i386.exe" -m 512M -smp 4 -kernel bzImage

Could be launch the kernel, without rootfs.

3. Create disk image

1. Create disk image file.

windows command: (cd in linux source folder first)

"C:\Program Files\qemu\qemu-img.exe" create -f raw disk.raw 512M

linux command:

mkfs -t ext4 ./disk.raw

2.mount disk image file.(cd in linux source folder first)

mkdir img

sudo mount -o loop ./disk.raw ./img

3.install kernel modules.(maybe no module.)

sudo make modules_install INSTALL_MOD_PATH=./img

then could go to ./img/lib/modules/ to see whethe modules were installed successful.

4. Prepare "init" program.

Move rootft system inot the directry "/img/".  There are 3 method as bellow:

a. sysv init.

b. systemd.

c. busybox init. (Now we used)

4. Compile busybox.

Download busybox source from official site.

Method reference:https://www.cnblogs.com/hellogc/p/7482066.html

1. "make help" to see detail.

2. "make defconfig".

Open .config file, ensure "static" and "no share libs", as bellow, can search keyword to find the place.

3."make".

Will gerate "busybox" file, that only a ELF file in the busybox project.

4.install busybox.

NOTE: Should mount img before.

sudo make CONFIG_PREFIX=~/linux-all/linux-4.19/img install

Comment: make CONFIG_PREFIX=<path_to_disk_img_mount_point> install

Run the mashine:

"C:\Program Files\qemu\qemu-system-i386.exe" -m

512M -smp 4 -kernel arch\x86\boot\bzImage -drive format=raw,file=./disk.raw -ap

pend "init=/linuxrc root=/dev/sda"

To now, can run but will have a error:

So you need setting more.

6. Configure "busybox init".

busybox init accroding to the file "/etc/inittab", if without this file, will using default setting following:

::sysinit:/etc/init.d/rcS

::askfirst:/bin/sh

::ctrlaltdel:/sbin/reboot

::shutdown:/sbin/swapoff -a

::shutdown:/bin/umount -a -r

::restart:/sbin/init

tty2::askfirst:/bin/sh

tty3::askfirst:/bin/sh

tty4::askfirst:/bin/sh

reference the project document, we modify the /etc/inittab as bellow:

::sysinit:/etc/init.d/rcS

::askfirst:/bin/ash

::ctrlaltdel:/sbin/reboot

::shutdown:/sbin/swapoff -a

::shutdown:/bin/umount -a -r

::restart:/sbin/init

Then create /etc/init.d/rcS as bellow:

#!/bin/sh

NOTE:Sometimes need the input install busybox command

sudo make CONFIG_PREFIX=~/linux-all/linux-4.19/img install

to update etc derectry change.This maybe a bug.

So would see the console is runed successfully.

5. Mount /dev, /proc, /sys.

To now, if we input "df" command, will prombe:

NOTE: Ignore the gdb bug "Remote ‘g’ packet reply is too long".

So we need do more:

sudo mkdir dev

sudo mkdir proc

sudo mkdir sys

modify /etc/init.d/rcS

#!/bin/sh

mount -t proc proc /proc

mount -t sysfs sysfs /sys

NOTE:Sometimes need the input install busybox command

sudo make CONFIG_PREFIX=~/linux-all/linux-4.19/img install

to update etc derectry change.This maybe a bug.

then reboot.

Input "df" to test, will hint:

6 debug

"C:\Program Files\qemu\qemu-system-i386.exe" -m 512M -smp 4 -kernel arch\x86\boot\bzImage -drive format=raw,file=./disk.raw -append "init=/linuxrc root=/dev/sda" -s -S

Open other cmd windows(or on linux mashine), then input:

F:\Linux-0.11-master>gdb vmlinux

(gdb) target remote localhost:1234

 if using linux platform gdb, command as: (gdb) target remote 192.168.220.1:1234

Sometimes, TDMGCC GDB didn't able to debug, because libs maybe different.

(gdb) b start_kernel

(gdb) c

(gdb) n

(gdb) s

Then you would see the linux 0.11 is running successfully.

7 Using vscode to debug

1.press "F5" would general a "launch.json" file:

2.click "Add confiure..." to add "C/C++: (gdb) Bash on Windows Launch" iterm.

at lastet "launch.json" contain is :

{

    // Use IntelliSense to learn about possible attributes.

    // Hover to view descriptions of existing attributes.

    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387

    "version": "0.2.0",

    "configurations": [


        {

            "name": "(gdb) Bash on Windows Launch",

            "type": "cppdbg",

            "request": "launch",

            "program": "Z:/home/hui/linux-all/linux-4.19/vmlinux",

            "args": [],

            "stopAtEntry": false,

            "cwd": "Z:/home/hui/linux-all/linux-4.19",

            "environment": [],

            "externalConsole": true,

            "miDebuggerPath": "C:/TDM-GCC-64/gdb64/bin/gdb.exe",

            "miDebuggerServerAddress": "192.168.220.1:1234",

            "setupCommands": [

                {

                    "description": "Enable pretty-printing for gdb",

                    "text": "-enable-pretty-printing",

                    "ignoreFailures": true

                }

            ]

        },

    ]

}

modify iterm is:

            "program": "Z:/home/hui/linux-all/linux-4.19/vmlinux",

            "cwd": "Z:/home/hui/linux-all/linux-4.19",

            "miDebuggerPath": "C:/TDM-GCC-64/gdb64/bin/gdb.exe",

            "miDebuggerServerAddress": "192.168.220.1:1234",

3.make a break point  in  start_kernel() function.

press "F5" will run in start_kernel() function.

8 Analyze kerner code

start_kernel() is the first C language function. So everything is analyze from here.

Appendix 1 samba-server create

1 首先确认网络可以相互ping通。

2 终端输入:apt-get install samba

3 先备份 smb.conf 编辑配置,终端输入:

cd /etc/samba/  

ls

cp smb.conf smb.conf-201x-xx-xx

4nano /etc/samba/smb.conf编辑配置文件

找到[homes]browseable = no,no改成yes,因为只有这样,windows下才能通 过“计算机”看到“homes”共享目录。----至此,您已经能看到samba共享的目录了。

当然,以方便调试为目的,所以我们不需要共享homes文件,而是要共享整个根目录。 所以在[homes]这一段下加入一段,不要在[homes]这一段改,否则出错,一定要在下面加,如下:

[all]

comment = /

path = /

read only = no

接着在终端输入:testparm此命令不但能检查参数是否正确,还能使配置立即生效, 不需要重启。

5 还要创建用户,不然只能看到有共享却无法登录。在终端输入:

smbpasswd -a root然后就会提示输入密码,其实这个名字可以任意,这里用root是为 了方便记忆,因为我会用最高权限。----到这一步,你就可以登录到samba共享文件里 了。

6 (可以不要这一步)重启samba,终端输入:/etc/init.d/samba restart

Appendix 2 gcc-32bit install

If you system is 64-bit, you should add 32-bit lib support.

sudo apt-get install g++-multilib libc6-dev-i386

then

# gcc boot.o -o boot -m32

Appendix 3Using eclipse to Debug (but failed)

Failed Reason: The method using in linux 0.11 is OK, but using in linux 4.17 is failed(not almost failed, sometimes ok). Maybe because eclipse used too much CPU, memry and so on Computer resource. If change a more expansevive computer, maybe successfully.

Eclipse Edition:

download link:https://stackoverflow.com/questions/27418096/where-can-i-download-eclipse-android-bundle

NOTE: Sometime need may samba server to Computer.

a."Computer" right mouse click. Then select "Map network derve...", as following:

b.

c.

If didn't display in "Computer", eclipse couldn't open the project.

1.New a C project.

NOTE: If linux 0.11 project store in vmware samba server. Couldn't use "\\192.168.220.129\all\home\hui\eclipse-workspace\Linux-0.11-master" as path. Must using "Browse the floder" to setting the path, as below: (Destiation path is "Z:\home\hui\eclipse-workspace").

2. First launch qemu. Command as bellow:

"C:\Program Files\qemu\qemu-system-i386.exe" -m 512M -smp 4 -kernel arch\x86\boot\bzImage -drive format=raw,file=./disk.raw -append "init=/linuxrc root=/dev/sda" -s -S -append nokaslr

3.Confiure the Eclipse.

NOTE: "Host name or IP address" couldn't fill "localhost", will be error, and hint

Should be fill the VMware Network IPv4 Address as following:

3. Then debug as bellow:

©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 203,362评论 5 477
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 85,330评论 2 381
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 150,247评论 0 337
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 54,560评论 1 273
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 63,580评论 5 365
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 48,569评论 1 281
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 37,929评论 3 395
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,587评论 0 258
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 40,840评论 1 297
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,596评论 2 321
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 37,678评论 1 329
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,366评论 4 318
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 38,945评论 3 307
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 29,929评论 0 19
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,165评论 1 259
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 43,271评论 2 349
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,403评论 2 342

推荐阅读更多精彩内容