Difference between revisions of "Getting Started"

From SerialICE
Jump to: navigation, search
(Created page with "= Getting Started - First Steps With SerialICE = Connect the target to your computer. Figure out the serial port that you can use to talk to it. Relative to the qemu directory...")
 
(First Steps With SerialICE)
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
= Getting Started - First Steps With SerialICE =
+
= First Steps With SerialICE =
 
Connect the target to your computer. Figure out the serial port that you can use to talk to it.
 
Connect the target to your computer. Figure out the serial port that you can use to talk to it.
 
Relative to the qemu directory in the SerialICE tree, call
 
Relative to the qemu directory in the SerialICE tree, call
 +
$ cd SerialICE/simba
 +
$ ln -sf ../../qemu-0.15.x/i386-softmmu/qemu
 +
$ ./qemu -M serialice -serialice /dev/ttyUSB0 -singlestep -bios /your/bios/image > logfile.txt
 +
This assumes that /dev/ttyUSB0 is your serial port. Replace as appropriate.
 +
You'll get a logfile.txt something like this:
  
   $ ./i386-softmmu/qemu -M serialice -serialice /dev/ttyUSB0 -hda /dev/zero -bios /your/bios/image > logfile.txt
+
<nowiki>
 +
SerialICE: Open connection to target hardware...
 +
SerialICE: Waiting for handshake with target... target alive!
 +
SerialICE: Version.....: SerialICE v1.5 (Feb 19 2013)
 +
SerialICE: Mainboard...: Commell LV-672
 +
SerialICE: LUA init...
 +
SerialICE: LUA init...
 +
SerialICE: Starting LUA script
 +
SerialICE: LUA script initialized.
 +
Registering physical memory at 0xffdf8000 (0x00008000 bytes)
 +
VNC server running on `127.0.0.1:5900'
 +
0000.0001    R.Q.    [ffff000:fff0]  MEM:  readb fffffff0 => e9
 +
0000.0002    R.Q.    [ffff000:fff0]  MEM:  readw fffffff1 => f00d
 +
0003.0004    RH..    [ffff000:f006]  IO: outb 0080 <= 01
 +
0003.0005    R.Q.    [ffff000:f018]  MEM:  readl fffff04e => 00000000
 +
0003.0006    R.Q.    [ffff000:f01c]  MEM:  readw fffff01d => f044
 +
0003.0007    R.Q.    [ffff000:f021]  MEM:  readl fffff046 => fffff054
 +
0003.0008    R.Q.    [ffff000:f029]  MEM:  readl fffff02b => 7ffaffd1
 +
0003.0009    R.Q.    [ffff000:f02f]  MEM:  readl fffff031 => 60000001
 +
0003.000a    R.Q.    [ffff000:f038]  MEM:  readb fffff038 => 66
 +
0003.000b    R.Q.    [ffff000:f03b]  MEM:  readl fffff03d => fffff07b
 +
0003.000c    R.Q.    [ffff000:f03b]  MEM:  readw fffff041 => 0008
 +
0003.000d    RH..    [0000:fffff07f]  IO: outb 0080 <= 10
 +
0003.000e    R.Q.    [0000:fffff081]  MEM:  readw fffff083 => 0010
 +
0003.000f    R.Q.    [0000:fffff096]  MEM:  readl fffff097 => 00000200
 +
0003.0010    R.Q.    [0000:fffff0a4]  MEM:  readl fffff0a5 => 0000001b
 +
0011.0012    RH.U    [0000:fffff0a9]  CPU MSR: [0000001b] => 00000000.fee00900
 +
0011.0013    R.Q.    [0000:fffff0b4]  MEM:  readl fffff0b5 => 8000f8dc
 +
0011.0014    R.Q.    [0000:fffff0b9]  MEM:  readw fffff0bb => 0cf8
 +
0016.0017    RH..    [0000:fffff0bd]  IO: outl 0cf8 <= 8000f8dc
 +
0016.0018    RH..    [0000:fffff0c2]  IO:  inb 0cfc => 00
 +
0016.0019    R.Q.    [0000:fffff0d0]  MEM:  readl fffff0d1 => 8000f8dc
 +
0016.001a    R.Q.    [0000:fffff0d5]  MEM:  readw fffff0d7 => 0cf8
 +
001b.001c    RH..    [0000:fffff0d9]  IO: outl 0cf8 <= 8000f8dc
 +
001b.001d    RH..    [0000:fffff0e2]  IO: outb 0cfc <= 08
 +
001b.001e    R.Q.    [0000:fffff0e8]  MEM:  readl fffff0e9 => fffff0ef
 +
001b.001f    R.Q.    [0000:fffff105]  MEM:  readl fffff106 => fffffffc
 +
001b.0020    R.Q.    [0000:fffff10a]  MEM:  readl ffffefe8 => 00000800
 +
001b.0021    R.Q.    [0000:fffff11d]  MEM:  readl fffff11e => 00000000
 +
001b.0022    R.Q.    [0000:fffff130]  MEM:  readl fff80000 => 4352414c
 +
001b.0023    R.Q.    [0000:fffff132]  MEM:  readl fffff1b2 => 4352414c
 +
001b.0024    R.Q.    [0000:fffff13d]  MEM:  readl fffff13f => fffff1b6
 +
001b.0025    R.Q.    [0000:fffff13d]  MEM:  readl fffff1b6 => 45564948
 +
001b.0026    R.Q.    [0000:fff8006c]  MEM:  readl fff80056 => fff80054
 +
001b.0027    R.Q.    [0000:fff80074]  MEM:  readl fff80075 => fff8007b
 +
001b.0028    R.Q.    [0000:fff80074]  MEM:  readw fff80079 => 0008
 +
0029.002a    RH..    [0000:fff8007f]  IO: outb 0080 <= 10
 +
0029.002b    R.Q.    [0000:fff80081]  MEM:  readw fff80083 => 0010
 +
0029.002c    RH..    [0000:fff800b1]  IO: outb 0080 <= 20
 +
002d.002e    RH.U    [0000:fff800b8]  CPU MSR: [0000001b] => 00000000.fee00900
 +
002d.002f    R.Q.    [0000:fff800ba]   MEM:  readl fff800bb => 00000100
 +
002d.0030    R.Q.    [0000:fff800bf]  MEM:  readl fff800c1 => 00000158
 +
002d.0031    R.Q.    [0000:fff800c5]  MEM:  readl fff800c6 => fff803fb
 +
002d.0032    R.Q.    [0000:fff800ca]  MEM:  readl fff800cb => 0000001b
 +
002d.0033    R.Q.    [0000:fff800d3]  MEM:  readw fff803fb => 0250
 +
</nowiki>
  
This assumes that /dev/ttyUSB0 is your serial port. Replace as appropriate.
+
This is referred to as the raw logfile from qemu session. It usually shows more detail than you care to look at, so you will want to further process this through a replay script.
 +
 
 +
$ cat logfile.txt | lua replay.lua
  
You'll get a log file that looks like this:
+
The interesting part of the log is below, where loads from flash memory are hidden and PCI configuration access is translated. You can control the verbosity of the replayer with the parameters in user_env.lua file.
  
  SerialICE: Open connection to target hardware...
+
<nowiki>
   SerialICE: Waiting for handshake with target... target alife!
+
0003.0004    .H..   [ffff000:f006]   POST: *** 01 ***
  SerialICE: LUA init...
+
0003.000d    .H..   [0000:fffff07f]   POST: *** 10 ***
  SerialICE: Starting LUA script
+
0011.0012    RH.U    [0000:fffff0a9]   CPU MSR: [0000001b] => 00000000.fee00900
   SerialICE: Registering physical memory areas for Cache-As-Ram:
+
0016.0018    .H..    [0000:fffff0c2]   PCI: 0:1f.0 [0dc] => 00
  Registering physical memory at 0xffd80000 (0x00080000 bytes)
+
001b.001d    .H..   [0000:fffff0e2]   PCI: 0:1f.0 [0dc] <= 08
  Registering physical memory at 0xffbc0000 (0x00040000 bytes)
+
0029.002a    .H..   [0000:fff8007f]   POST: *** 10 ***
  SerialICE: LUA script initialized.
+
0029.002c    .H..   [0000:fff800b1]   POST: *** 20 ***
  MEM: readb fffffff0 => ea
+
002d.002e    RH.U    [0000:fff800b8]   CPU MSR: [0000001b] => 00000000.fee00900
   MEM: readw fffffff1 => ffaa
+
</nowiki>
  MEM:  readw fffffff3 => f000
 
  MEM: readb 000fffaa => e9
 
   MEM: readw 000fffab => 00c3
 
  MEM: readb 000f0070 => e9
 
  MEM:  readw 000f0071 => 01cd
 
  ...
 
   IO: outb 0080 <= d0
 
  CPU: CPUID eax: 00000000; ecx: 00000000 => 00000006.756e6547.6c65746e.49656e69
 
  CPU: CPUID eax: 00000001; ecx: 6c65746e => 000006e8.00020800.0000c1a9.bfe9fbff
 
   MEM: readw 000f0a53 => 06e0
 
  CPU: CPUID eax: 00000004; ecx: 00000000 => 04000121.01c0003f.0000003f.00000001
 
  ...
 
  IO: outb 0070 <= 8e
 
   IO: inb 0071 => 48
 
  ...
 
   CPU: rdmsr 000002ff => 00000000.00000000
 
  CPU: wrmsr 000002ff <= 00000000.00000000
 
  CPU: wrmsr 00000250 <= 00000000.00000000
 
  ...
 
  IO: outl 0cf8 <= 8000f8f0
 
  IO: outl 0cfc <= fed1c001
 
  PCI 0:1f.0 R.f0
 

Latest revision as of 11:25, 9 March 2013

First Steps With SerialICE

Connect the target to your computer. Figure out the serial port that you can use to talk to it. Relative to the qemu directory in the SerialICE tree, call

$ cd SerialICE/simba
$ ln -sf ../../qemu-0.15.x/i386-softmmu/qemu
$ ./qemu -M serialice -serialice /dev/ttyUSB0 -singlestep -bios /your/bios/image > logfile.txt

This assumes that /dev/ttyUSB0 is your serial port. Replace as appropriate. You'll get a logfile.txt something like this:

SerialICE: Open connection to target hardware...
SerialICE: Waiting for handshake with target... target alive!
SerialICE: Version.....: SerialICE v1.5 (Feb 19 2013)
SerialICE: Mainboard...: Commell LV-672
SerialICE: LUA init...
SerialICE: LUA init...
SerialICE: Starting LUA script
SerialICE: LUA script initialized.
Registering physical memory at 0xffdf8000 (0x00008000 bytes)
VNC server running on `127.0.0.1:5900'
0000.0001    R.Q.    [ffff000:fff0]   MEM:  readb fffffff0 => e9
0000.0002    R.Q.    [ffff000:fff0]   MEM:  readw fffffff1 => f00d
0003.0004    RH..    [ffff000:f006]   IO: outb 0080 <= 01
0003.0005    R.Q.    [ffff000:f018]   MEM:  readl fffff04e => 00000000
0003.0006    R.Q.    [ffff000:f01c]   MEM:  readw fffff01d => f044
0003.0007    R.Q.    [ffff000:f021]   MEM:  readl fffff046 => fffff054
0003.0008    R.Q.    [ffff000:f029]   MEM:  readl fffff02b => 7ffaffd1
0003.0009    R.Q.    [ffff000:f02f]   MEM:  readl fffff031 => 60000001
0003.000a    R.Q.    [ffff000:f038]   MEM:  readb fffff038 => 66
0003.000b    R.Q.    [ffff000:f03b]   MEM:  readl fffff03d => fffff07b
0003.000c    R.Q.    [ffff000:f03b]   MEM:  readw fffff041 => 0008
0003.000d    RH..    [0000:fffff07f]   IO: outb 0080 <= 10
0003.000e    R.Q.    [0000:fffff081]   MEM:  readw fffff083 => 0010
0003.000f    R.Q.    [0000:fffff096]   MEM:  readl fffff097 => 00000200
0003.0010    R.Q.    [0000:fffff0a4]   MEM:  readl fffff0a5 => 0000001b
0011.0012    RH.U    [0000:fffff0a9]   CPU MSR: [0000001b] => 00000000.fee00900
0011.0013    R.Q.    [0000:fffff0b4]   MEM:  readl fffff0b5 => 8000f8dc
0011.0014    R.Q.    [0000:fffff0b9]   MEM:  readw fffff0bb => 0cf8
0016.0017    RH..    [0000:fffff0bd]   IO: outl 0cf8 <= 8000f8dc
0016.0018    RH..    [0000:fffff0c2]   IO:  inb 0cfc => 00
0016.0019    R.Q.    [0000:fffff0d0]   MEM:  readl fffff0d1 => 8000f8dc
0016.001a    R.Q.    [0000:fffff0d5]   MEM:  readw fffff0d7 => 0cf8
001b.001c    RH..    [0000:fffff0d9]   IO: outl 0cf8 <= 8000f8dc
001b.001d    RH..    [0000:fffff0e2]   IO: outb 0cfc <= 08
001b.001e    R.Q.    [0000:fffff0e8]   MEM:  readl fffff0e9 => fffff0ef
001b.001f    R.Q.    [0000:fffff105]   MEM:  readl fffff106 => fffffffc
001b.0020    R.Q.    [0000:fffff10a]   MEM:  readl ffffefe8 => 00000800
001b.0021    R.Q.    [0000:fffff11d]   MEM:  readl fffff11e => 00000000
001b.0022    R.Q.    [0000:fffff130]   MEM:  readl fff80000 => 4352414c
001b.0023    R.Q.    [0000:fffff132]   MEM:  readl fffff1b2 => 4352414c
001b.0024    R.Q.    [0000:fffff13d]   MEM:  readl fffff13f => fffff1b6
001b.0025    R.Q.    [0000:fffff13d]   MEM:  readl fffff1b6 => 45564948
001b.0026    R.Q.    [0000:fff8006c]   MEM:  readl fff80056 => fff80054
001b.0027    R.Q.    [0000:fff80074]   MEM:  readl fff80075 => fff8007b
001b.0028    R.Q.    [0000:fff80074]   MEM:  readw fff80079 => 0008
0029.002a    RH..    [0000:fff8007f]   IO: outb 0080 <= 10
0029.002b    R.Q.    [0000:fff80081]   MEM:  readw fff80083 => 0010
0029.002c    RH..    [0000:fff800b1]   IO: outb 0080 <= 20
002d.002e    RH.U    [0000:fff800b8]   CPU MSR: [0000001b] => 00000000.fee00900
002d.002f    R.Q.    [0000:fff800ba]   MEM:  readl fff800bb => 00000100
002d.0030    R.Q.    [0000:fff800bf]   MEM:  readl fff800c1 => 00000158
002d.0031    R.Q.    [0000:fff800c5]   MEM:  readl fff800c6 => fff803fb
002d.0032    R.Q.    [0000:fff800ca]   MEM:  readl fff800cb => 0000001b
002d.0033    R.Q.    [0000:fff800d3]   MEM:  readw fff803fb => 0250

This is referred to as the raw logfile from qemu session. It usually shows more detail than you care to look at, so you will want to further process this through a replay script.

$ cat logfile.txt | lua replay.lua

The interesting part of the log is below, where loads from flash memory are hidden and PCI configuration access is translated. You can control the verbosity of the replayer with the parameters in user_env.lua file.

0003.0004    .H..    [ffff000:f006]   POST: *** 01 ***
0003.000d    .H..    [0000:fffff07f]   POST: *** 10 ***
0011.0012    RH.U    [0000:fffff0a9]   CPU MSR: [0000001b] => 00000000.fee00900
0016.0018    .H..    [0000:fffff0c2]   PCI: 0:1f.0 [0dc] => 00
001b.001d    .H..    [0000:fffff0e2]   PCI: 0:1f.0 [0dc] <= 08
0029.002a    .H..    [0000:fff8007f]   POST: *** 10 ***
0029.002c    .H..    [0000:fff800b1]   POST: *** 20 ***
002d.002e    RH.U    [0000:fff800b8]   CPU MSR: [0000001b] => 00000000.fee00900