SOFTWARE_NX_FAULT的疑问?

shunning88 2009-08-17 03:06:26
碰到一个很神奇的问题,可能和Windows的NX机制有关。
描述如下,大虾们伸出援手~~~Help me

系统环境:
Windows2003 (2003默认开启了NX)
SQLSERVER2000

软件崩溃后,产生dmp。
使用windbg载入dmp进行分析。
提示为
c0000005(Access violation)
Attempt to execute non-executable address 00886169
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT
EIP指向 00886169 8b4c2404 mov ecx,dword ptr [esp+4]

我的分析过程如下:
1.SOFTWARE_NX_FAULT 查了下关于该标识的含义,似乎只有当违反了NX机制(在非代码段中执行代码)时,才可能产生该错误。可是这时EIP指向明明是代码段,如下:
上下文环境:
eax=00000001 ebx=00000000 ecx=02befd28 edx=02befca4 esi=01692c48 edi=0012f758
eip=00886169 esp=02befbe4 ebp=02befcb8 iopl=0 nv up ei pl zr na pe nc
模块:
start end module name
00880000 00984000 mfc71u (private pdb symbols)
所以00886169肯定是代码段了。

2.Attempt to execute non-executable address 00886169
按windbg里所提示的,执行了不可以被执行的地址0x00886169,那么我查看了关于该地址的页属性
0:007> !address 0x00886169
00880000 : 00881000 - 000dc000
Type 01000000 MEM_IMAGE
Protect 00000020 PAGE_EXECUTE_READ
State 00001000 MEM_COMMIT
Usage RegionUsageImage
FullPath C:\WINDOWS\system32\mfc71u.dll
该页的属性为PAGE_EXECUTE_READ,是可以执行的。
很矛盾...

3.00886169 8b4c2404 mov ecx,dword ptr [esp+4]
如果esp+4指向莫名的地址,那也可能会出现这种错误。
0:007> !address esp+4
02af0000 : 02bed000 - 00003000
Type 00020000 MEM_PRIVATE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageStack
Pid.Tid 528.614
也同样是正常的...

原本怀疑是开启了NX的问题,但现象与NX所表现出来的现象又不相同。
在网上看到的示例,EIP指向的地址由于NX的作用,会变得不可执行。
这个问题困扰我很久了,用了很多很多的时间与精力都解决不了。
希望得到各位大大的帮助。。

以下是windbg的分析结果:
0:007> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************

FAULTING_IP:
mfc71u!ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >::Format+0 [f:\vs70builds\6030\vc\mfcatl\ship\atlmfc\include\cstringt.h @ 1795]
00886169 8b4c2404 mov ecx,dword ptr [esp+4]

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00886169 (mfc71u!ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >::Format)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 00886169
Attempt to execute non-executable address 00886169

DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT

PROCESS_NAME: DocSystem.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

WRITE_ADDRESS: 00886169

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

LAST_CONTROL_TRANSFER: from 013ca90c to 00886169

STACK_TEXT:
02befbe0 013ca90c 02befca4 013dfa68 00000008 mfc71u!ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >::Format [f:\vs70builds\6030\vc\mfcatl\ship\atlmfc\include\cstringt.h @ 1795]
02befcb8 013b8df0 01692c68 016965f0 02befd28 DataBaseSystem!CPto_Bussiness::CPto_TimeOutSearch+0x8c [e:\workspace\Êý¾Ý¿âÄ£¿é\databasesystem\tables\pto_bussiness.cpp @ 39]
02befcec 013ba825 00004844 00000000 02befd28 DataBaseSystem!CDBSQLSERVER::DBSqlServer_IBussinessWork+0xbc0 [e:\workspace\Êý¾Ý¿âÄ£¿é\databasesystem\innerclass\dbsqlserver.cpp @ 517]
02befd00 004312a2 00004844 00000000 02befd28 DataBaseSystem!DBSystem_IBussinessWork+0x35 [e:\workspace\Êý¾Ý¿âÄ£¿é\databasesystem\interface\dbinterface.cpp @ 138]
WARNING: Stack unwind information not available. Following frames may be wrong.
02befd10 0012f758 004308d0 02beffec 01696a38 DocSystem+0x312a2
02befd28 009633b0 00000000 009633b0 009633b0 0x12f758
02befd2c 00000000 009633b0 009633b0 009633b0 mfc71u!afxStringManager+0x14


STACK_COMMAND: ~7s; .ecxr ; kb

FAULTING_THREAD: 00000614

PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT

BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_SOFTWARE_NX_FAULT_FALSE_POSITIVE

FOLLOWUP_IP:
mfc71u!ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >::Format+0 [f:\vs70builds\6030\vc\mfcatl\ship\atlmfc\include\cstringt.h @ 1795]
00886169 8b4c2404 mov ecx,dword ptr [esp+4]

FAULTING_SOURCE_CODE:
No source found for 'f:\vs70builds\6030\vc\mfcatl\ship\atlmfc\include\cstringt.h'


SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: mfc71u!ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >::Format+0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: mfc71u

IMAGE_NAME: mfc71u.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 44b45834

FAILURE_BUCKET_ID: mfc71u.dll!ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >::Format_c000

BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_SOFTWARE_NX_FAULT_FALSE_POSITIVE_mfc71u!ATL::CStringT_wchar_t,StrTraitMFC_DLL_wchar_t,ATL::ChTraitsCRT_wchar_t_____::Format+0

Followup: MachineOwner
---------

0:007> .ecxr
eax=00000001 ebx=00000000 ecx=02befd28 edx=02befca4 esi=01692c48 edi=0012f758
eip=00886169 esp=02befbe4 ebp=02befcb8 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
mfc71u!ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >::Format:
00886169 8b4c2404 mov ecx,dword ptr [esp+4] ss:0023:02befbe8=02befca4

另,模块中同时加载了MFC71U与MFC71两个DLL,不知是否有关系。
00880000 00984000 mfc71u (private pdb symbols)
7c140000 7c243000 mfc71 (deferred)

...全文
1087 16 打赏 收藏 转发到动态 举报
写回复
用AI写文章
16 条回复
切换为时间正序
请发表友善的回复…
发表回复
shunning88 2009-08-31
  • 打赏
  • 举报
 回复
结贴了。。。打算升级下界面库~很多历史原因
shunning88 2009-08-31
  • 打赏
  • 举报
 回复
问题果然出现在界面库内~~~
去掉界面库后,同样环境下,再也没出过错。。
shunning88 2009-08-28
  • 打赏
  • 举报
 回复
WinDBG用了符号文件和源码之后,应该不算黑箱了。
使用哪种调试器并不重要,只要能看内存,能看堆栈,载个符号就可以了。
重要的是如何发现问题的本质。
不过嘛,我还真想用VC,WinDBG界面实在不友好,一堆堆的符号字符,眼看花了。

之前的问题有了新的进展,原来所有的DUMP文件,都不是第一现场。
为了让环境但简单些,我排除了一切可以排除的模块。
最后发现问题出在界面库中。目前看起来界面库中有BUG,会无缘无故的释放掉一个指针。
dump实在看不出什么了,准备用写日志的方式来跟踪出错时的界面库情况。
MoXiaoRab 2009-08-25
  • 打赏
  • 举报
 回复
有VC环境调试器不用,你为什么非要弄WinDBG进行黑箱,无语
shunning88 2009-08-25
  • 打赏
  • 举报
 回复
8月25日最新的情况:
采用QTP自动化测试,减轻不少负担,增加了该BUG的重现速度。
仔细分析了十来个的DUMP文件,虽然报错堆栈甚至连模块都不相同,但却这些DUMP有着一个共同点。
就是在BUGCHECK_STR中都有着相同的提示:SOFTWARE_NX_FAULT_FALSE_POSITIVE
FALSE_POSITIVE在英文中的解释为误报
那么按字面上的翻译,应该是软件NX错误误报。
操作系统还会告诉我,这个程序发生的异常是误报?既然知道程序是误报了,为什么不自己处理了?
在我的程序中,DUMP机制是使用SetUnhandledExceptionFilter来注册一个顶层过滤函数。
在顶层过滤函数内,调MiniDumpWriteDump生成DUMP,在函数完成时返回exception_Execute_handle。
这样系统原来那个UnhandledExceptionFilter就不会走了。
找到2K的UnhandledExceptionFilter代码,发现在写资源区的情况下UnhandledExceptionFilter返回exception_continue_execute,让程序继续正常运行。
如果我确定发生这种异常的情况下,程序还能正常运行,那么只要处理了这种情况,程序就不会乱崩了。

带着这种设想,我尝试了以下的操作:
为了验证这种SOFTWARE_NX_FAULT_FALSE_POSITIVE异常发生后是否能返回异常点继续正常的执行代码,
我去掉了自己程序内的DUMP机制,将Windbg设为了实时调试.
在QTP反复的操作下,BUG重现了。
BUGCHECK_STR同样提示SOFTWARE_NX_FAULT_FALSE_POSITIVE.
对于一般的异常,如果这种异常没有被解决,即使在Windbg让程序继续执行,这种异常还是会被触发,经过两轮分发,最后又回到Windbg上。而对于我碰到的这个异常,g之后程序还真的正常运行下去了。-_-##
所以,我估计还真的是误报了。
现在我更想知道,为什么会报出误报这种异常,总有个原因吧。。。



shunning88 2009-08-20
  • 打赏
  • 举报
 回复
很感谢whoo同学和compilerit同学。
该BUG实际上只是一系列类似BUG中的一个。

这一系列的BUG情况都有一个共同点,就是在CString的方法上出现异常。
例如,重载的等号,上面所看到的Format,以及CString构造方法内都会出现这种异常。
而堆栈回溯却不能发现有任何错误。

现在我先按whoo同学提议的方法进行测试。
compilerit 2009-08-20
  • 打赏
  • 举报
 回复
这个估计不是你程序的问题,是受到其它程序影响,当然也可能是操作系统的bug,毕竟32位操作系统上实现的DEP都是没有硬件支持的,软件模拟的比较忽悠人,可能有bug
compilerit 2009-08-19
  • 打赏
  • 举报
 回复
我错了,我用的是旧版的MSDN,在线MSDN有说明,DEP是8没错
Exception code Meaning
EXCEPTION_ACCESS_VIOLATION
The first element of the array contains a read-write flag that indicates the type of operation that caused the access violation. If this value is zero, the thread attempted to read the inaccessible data. If this value is 1, the thread attempted to write to an inaccessible address. If this value is 8, the thread causes a user-mode data execution prevention (DEP) violation.
The second array element specifies the virtual address of the inaccessible data.
EXCEPTION_IN_PAGE_ERROR
The first element of the array contains a read-write flag that indicates the type of operation that caused the access violation. If this value is zero, the thread attempted to read the inaccessible data. If this value is 1, the thread attempted to write to an inaccessible address. If this value is 8, the thread causes a user-mode data execution prevention (DEP) violation.
The second array element specifies the virtual address of the inaccessible data.
The third array element specifies the underlying NTSTATUS code that resulted in the exception.
compilerit 2009-08-19
  • 打赏
  • 举报
 回复
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00886169 (mfc71u!ATL::CStringT <wchar_t,StrTraitMFC_DLL <wchar_t,ATL::ChTraitsCRT <wchar_t> > >::Format)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 00886169
Attempt to execute non-executable address 00886169

这组是EXCEPTION_RECORD参数,不是楼上理解的Format函数的参数

这里比较奇怪,Parameter[0]按照MSDN的说法只会是0或者1

Exception code Meaning
EXCEPTION_ACCESS_VIOLATION The first element of the array contains a read-write flag that indicates the type of operation that caused the access violation. If this value is zero, the thread attempted to read the inaccessible data. If this value is 1, the thread attempted to write to an inaccessible address.
The second array element specifies the virtual address of the inaccessible data.

whoo 2009-08-19
  • 打赏
  • 举报
 回复
从 "系统运行3~4天才会出现一次" 来看,很像是内存被覆写的类似野指针或者数组越界的错误。 但是一般的栈错误,或者简单的内存错误,即便没有影响到运行结果,调试版应该仍会报告一些警告信息。

所以建议还是用vc加载调试器跑一段时间,然后退出。 仔细检查输出是否有内存相关的警告信息。
whoo 2009-08-19
  • 打赏
  • 举报
 回复
注意这个地址: 00886169.
00886169 8b4c2404 mov ecx,dword ptr [esp+4]

和format的第一个参数:Parameter[1]: 00886169

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00886169 (mfc71u!ATL::CStringT <wchar_t,StrTraitMFC_DLL <wchar_t,ATL::ChTraitsCRT <wchar_t> > >::Format)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 00886169
Attempt to execute non-executable address 00886169


参数已经不对了。并且是很奇怪的字符串地址变成了当前指令地址。 说明在这附近已经有栈溢出或者栈调用错误发生。

注意到这一行:
LAST_CONTROL_TRANSFER: from 013ca90c to 00886169

上一步的执行地址013ca90c似乎还没问题。


建议
1. 检查format语句上下的相关调用。
2. 在这一句 call dword ptr [013d80f0] 前后,检查 this 的所有成员变量是否正常。
shunning88 2009-08-19
  • 打赏
  • 举报
 回复
感谢whoo同学的关注与提醒。
我回溯了这段堆栈,在这段堆栈内,我详细的检查了Format的参数。
很遗憾,并没有发现有任何错误,堆栈内的数据和我手工分析汇编算出来的数据是相同的。
Format是类里的成员函数,有两个参数。
一般情况对于类里的成员,编译器采用thiscall的约定。
但format函数被声明为了采用c调用方式。
所以,在反汇编看来,这里一共会被压栈3次。
C++代码:
strBaseSQL.Format(_T("select * from taa_timeout where tt_nodestatus&%d<1"),8);

汇编代码:
013caa06 6a08 push 8 ->压入8
013caa08 68c0f83d01 push offset DataBaseSystem!`string' (013df8c0) ->压入字符串"select * from taa_timeout where tt_nodestatus&%d<1"
013caa0d 8d55ec lea edx,[ebp-14h] ->取出ebp-14h的有效地址,this指针
013caa10 52 push edx
....略
013caa23 ff15f0803d01 call dword ptr [013d80f0]

对应栈:
02befbd4 00000000
02befbd8 00000000
02befbdc 00000000
02befbe0 00000000
02befbe4 013ca90c 调用call时自动压入的返回地址
02befbe8 02befca4 包含this指针
02befbec 013dfa68 "select * from taa_timeout where tt_nodestatus&%d<1"
02befbf0 00000008 8
02befbf4 0012f758
02befbf8 01692c48
02befbfc 00000000

所以,可以确定调用Format时,参数没有问题的。
再来看
013caa23 ff15f0803d01 call dword ptr [013d80f0]
在0x013d80f0地址上保存的是format的地址。
当cpu执行到format的第一条指令mov ecx,dword ptr [esp+4]时,
就出现了C0000005错误。

这个BUG,出现的机率比较低,系统运行3~4天才会出现一次。
而用VC一步一步的去跟是没有任何问题的。

很是郁闷啊~~
shunning88 2009-08-18
  • 打赏
  • 举报
 回复
T_T 难怪发错版块了~
shunning88 2009-08-18
  • 打赏
  • 举报
 回复
T_T 难怪发错版块了~
zw0558 2009-08-18
  • 打赏
  • 举报
 回复
学习
whoo 2009-08-18
  • 打赏
  • 举报
 回复
不用这么大张旗鼓吧,MFC的程序,直接用VC开调试运行,多测试下不就行了。

而且信息也很明显,指的是CString的format的问题。 format早期是个很容易被利用的溢出攻击点,7.1应该有所改善,但是传入错误的参数还是很容易崩溃的。

根据堆栈检查上层函数的调用参数就可以了。
Bochs - The cross platform IA-32 (x86) emulator
Changes in 2.4.6 (February 22, 2011): Brief summary : - Support more host OS to run on: - Include win64 native binary in the release. - Fixed failures on big endian hosts. - BIOS: Support for up to 2M ROM BIOS images. - GUI: select mouse capture toggle method in .bochsrc. - Ported most of Qemu's 'virtual VFAT' block driver (except runtime write support, but plus FAT32 suppport) - Added write protect option for floppy drives. - Bugfixes / improved internal debugger + instrumentation. Detailed change log : - CPU and internal debugger - Implemented Process Context ID (PCID) feature - Implemented FS/GS BASE access instructions support (according to document from http://software.intel.com/en-us/avx/) - Rewritten from scratch SMC detection algorithm - Implemented fine-grained SMC detection (on 128 byte granularity) - Bugfixes for CPU emulation correctness and stability - Fixed failures on Big Endian hosts ! - Print detailed page walk information and attributes in internal debugger 'page' command - Updated/Fixed instrumentation callbacks - Configure and compile - Bochs now can be compiled as native Windows x86-64 application (tested with Mingw gcc 4.5.1 and Microsoft Visual Studio Express 2010) - Added ability to configure CPUID stepping through .bochsrc. The default stepping value is 3. - Added ability to disable MONITOR/MWAIT support through .bochsrc CPUID option. The option is available only if compiled with --enable-monitor-mwait configure option. - Determine and select max physical address size automatically at configure time: - 32-bit physical address for 386/486 guests - 36-bit physical address for PSE-36 enabled Pentium guest - 40-bit physical address for PAE enabled P6 or later guests - Update config.guess/config.sub scripts to May 2010 revisions. - Update Visual Studio 2008 project files in build/win32/vs2008ex-workspace.zip - Added Bochs compilation timestamp after Bochs version string. - GUI and display libraries (Volker) - Added new .bochsrc option to select mouse capture toggle method. In addition to the default Bochs method using the CTRL key and the middle mouse button there are now the choices: - CTRL+F10 (like DOSBox) - CTRL+ALT (like QEMU) - F12 (replaces win32 'legacyF12' option) - display library 'x' now uses the desktop size for the maximum guest resolution - ROM BIOS - Support for up to 2M ROM BIOS images - I/O Devices - 3 new 'pseudo device' plugins created by plugin separation (see below) - Fixes for emulated DHCP in eth_vnet (patch from @SF tracker) - Added support for VGA graphics mode with 400 lines (partial fix for SF bug #2948724) - NE2K: Fixed "send buffer" command issue on big endian hosts - USB - converted common USB code plus devices to the new 'usb_common' plugin Now the USB device classes no longer exist twice if both HC plugins are loaded. - added 'pseudo device' in common USB code for the device creation. This makes the HCs independent from the device specific code. - USB MSD: added support for disk image modes (like ATA disks) - USB printer: output file creation failure now causes a disconnect - re-implemented "options" parameter for additional options of connected devices (currently only used to set the speed reported by device and to specify an alternative redolog file of USB MSD disk image modes) - hard drive - new disk image mode 'vvfat' - ported the read-only part of Qemu's 'virtual VFAT' block driver - additions: configurable disk geometry, FAT32 support, read MBR and/or boot sector from file, volatile write support using hdimage redolog_t class, optional commit support on Bochs exit, save/restore file attributes, 1.44 MB floppy support, set file modification date/time - converted the complete hdimage stuff to the new 'hdimage' plugin - new hdimage method get_capabilities() that can return special flags - vmware3, vmware4 and vvfat classes now return HDIMAGE_HAS_GEOMETRY flag - other disk image modes by default return HDIMAGE_AUTO_GEOMETRY if cylinder value is set to 0 - multiple sector read/write support for some image modes - new log prefix "IMG" for hdimage messages - floppy - added write protect option for floppy drives (based on @SF patch by Ben Lunt) - vvfat support - bugfix: close images on exit - SB16 - converted the sound output module stuff to the new 'soundmod' plugin - SF patches applied [3164945] hack to compile under WIN64 by Darek Mihocka and Stanislav [3164073] Fine grain SMC invalidation by Stanislav [1539417] write protect for floppy drives by Ben Lunt [2862322] fixes for emulated DHCP in eth_vnet - these S.F. bugs were closed/fixed [2588085] Mouse capture [3140332] typo in mf3/ps2 mapping of BX_KEY_CTRL_R [3111577] No "back" option in log settings [3108422] Timing window in NE2K emulation [3084390] Bochs won't load floppy plugin right on startup [3043174] Docbook use of '_' build failure [3085140] Ia_arpl_Ew_Rw definition of error [3078995] ROL/ROR/SHL/SHR modeling wrong when dest reg is 32 bit [2864794] BX_INSTR_OPCODE in "cpu_loop" causes crash in x86_64 host [2884071] [AIX host] prefetch: EIP [00010000] > CS.limit [0000ffff] [3053542] 64 bit mode: far-jmp instruction is error [3011112] error compile vs2008/2010 with X2APIC [3002017] compile error with vs 2010 [3009767] guest RFLAGS.IF blocks externel interrupt in VMX guest mode [2964655] VMX not enabled in MSR IA32_FEATURE_CONTROL [3005865] IDT show bug [3001637] CMOS MAP register meaning error [2994370] Cannot build with 3DNow support - these S.F. feature requests were closed/implemented [1510142] Native Windows XP x64 Edition binary [1062553] select mouse (de)activation in bochsrc [2930633] legacy mouse capture key : not specific enough [2930679] Let user change mouse capture control key [2803538] Show flags for pages when using "info tab" ------------------------------------------------------------------------- Changes in 2.4.5 (April 25, 2010): Brief summary : - Major configure/cpu rework allowing to enable/disable CPU options at runtime through .bochsrc (Stanislav) - Bugfixes for CPU emulation correctness and stability - Implemented X2APIC extensions (Stanislav) - Implemented Intel VMXx2 extensions (Stanislav) - Extended VMX capability MSRs, APIC Virtualization, X2APIC Virtualization, Extended Page Tables (EPT), VPID, Unrestricted Guests, new VMX controls. - Implemented PCLMULQDQ AES instruction - Extended Bochs internal debugger functionality - USB HP DeskJet 920C printer device emulation (Ben Lunt) Detailed change log : - Configure rework - Deprecate --enable-popcnt configure option. POPCNT instruction will be enabled automatically iff SSE4_2 is supported (like in hardware). - Make --ignore-bad-msrs runtime option in .bochsrc. Old --ignore-bad-msrs configure option is deprecated and should not be used anymore. - Enable changing part of CPU functionality at runtime through .bochsrc. - Now you could enable/disable any of SSEx/AES/MOVBE/SYSENTER_SYSEXIT/XSAVE instruction sets using new CPUID option in .bochsrc. - When x86-64 support is compiled in, you could enable/disable long mode 1G pages support without recompile using new CPUID option in .bochsrc. Configure options: --enable-mmx, --enable-sse, --enable-movbe, --enable-xsave, --enable-sep, --enable-aes, --enable-1g-pages are deprecated and should not be used anymore. - Local APIC configure option --enable-apic is deprecated and should not be used anymore. The LAPIC option now automatically determined from other configure options. XAPIC functionality could be enabled using new CPUID .bochsrc option. - Changed default CPU configuration (generated by configure script with default options) to BX_CPU_LEVEL=6 with SSE2 enabled. - CPU - Implemented PCLMULQDQ AES instruction - Implemented X2APIC extensions / enable extended topology CPUID leaf (0xb), in order to enable X2APIC configure with --enable-x2apic - Implemented Intel VMXx2 extensions: - Enabled extended VMX capability MSRs - Implemented VMX controls for loading/storing of MSR_PAT and MSR_EFER - Enabled/Implemented secondary proc-based vmexec controls: - Implemented APIC virtualization - Implemented Extended Page Tables (EPT) mode - Implemented Descriptor Table Access VMEXIT control - Implemented RDTSCP VMEXIT control - Implemented Virtualize X2APIC mode control - Implemented Virtual Process ID (VPID) - Implemented WBINVD VMEXIT control - Implemented Unrestricted Guest mode In order to enable emulation of VMXx2 extensions configure with --enable-vmx=2 option (x86-64 must be enabled) - Bugfixes for CPU emulation correctness - Fixed Bochs crash when accessing the first byte above emulated memory size - Internal Debugger - Introduced range read/write physical watchpoints - Allow reloading of segment registers from internal debugger - Improved verbose physical memory access tracing - BIOS - Fix MTRR configuration (prevented boot of modern Linux kernels) - Fix interrupt vectors for INT 60h-66h (reserved for user interrupt) by setting them to zero - Fix BIOS INT13 function 08 when the number of cylinders on the disk = 1 - I/O Devices - USB HP DeskJet 920C printer device emulation (Ben Lunt) - Misc - Updated Bochs TESTFORM to version 0.5 - SF patches applied [2864402] outstanding x2apic patches by Stanislav [2960379] Fix build with -Wformat -Werror=format-security by Per Oyvind Karlsen [2938273] allow instrumentation to change execute by Konrad Grochowski [2926072] Indirection operators in expressions by Derek Peschel [2914433] makesym.perl misses symbols by John R. Jackson [2908481] USB Printer by Ben Lunt - these S.F. bugs were closed/fixed [2861662] dbg_xlate_linear2phy needs to be updated [2956217] INT13 AH=8 returns wrong values when cylinders=1 [2981161] Allow DMA transfers to continue when CPU is in HALT state [2795115] NX fault could be missed [2964824] bad newline sequence in aspi-win32.h [913419] configure options and build process needs some work [2938398] gdbstub compile error with x86_64 enabled [2734455] shutdown/reset type 05 should reinit the PICs [1921294] extended memory less than 1M wrong size [1947249] BX_USE_EBDA_TABLES and MP table placement [1933859] BX_USE_EBDA_TABLES and memory overlapping [2923680] "help dregs" is a syntax error [2919661] CPU may fail to do 16bit near call [2790768] Memory corruption with SMP > 32, Panic BIOS Keyboard Error [2902118] interrupts vectors 0x60 to 67 should be NULL ! [2912502] Instruction Pointer behaving erratically [2901047] Bochs crashed, closed by guest os [2905385] Bochs crash [2901481] Instruction SYSRET and SS(PL) [2900632] Broken long mode RETF to outer priviledge with null SS [1429011] Use bx_phyaddr_t for physaddr vars and bx_adress for lin adr - these S.F. feature requests were closed/implemented [2955911] RPM preuninstall scriptlet removes /core [2947863] don't abort on unrecognised options [2878861] numerics in the disassembler output [2900619] make more CPU state changeable ------------------------------------------------------------------------- Changes in 2.4.2 (November 12, 2009): - CPU and internal debugger - VMX: Implemented TPR shadow VMEXIT - Bugfixes for CPU emulation correctness (mostly for VMX support). - Bugfixes and updates for Bochs internal debugger - On SMP system stepN command now affects only current processor - Memory - Bugfixes for > 32-bit physical address space. - Allow to emulate more physical memory than host actually could or would like to allocate. For more details look for new .bochsrc 'memory' option. - Cleanup configure options - All paging related options now will be automatically determined according to --enable-cpu-level option. Related configure options --enable-global-pages, --enable-large-pages, --enable-pae, --enable-mtrr are deprecated now. Only 1G paging option still remaining unchanged. - Deprecate --enable-daz configure option. Denormals-are-zeros MXCSR control will be enabled automatically iff SSE2 is supported (like in hardware). - Deprecate --enable-vme configure option, now it will be supported iff CPU_LEVEL >= 5 (like in hardware). - I/O Devices - Bugfixes for 8254 PIT, VGA, Cirrus-Logic SVGA, USB UCHI - SF patches applied [2817840] Make old_callback static by Mark Marshall [2874004] fix for VMWRITE instruction by Roberto Paleari [2873999] fix CS segment type during fast syscall invocation by Roberto Paleari [2864389] Debugger gui maximize on startup by Thomas Nilsen [2817868] Rework loops in the memory code by Mark Marshall [2812948] PIT bug by Derek - these S.F. bugs were closed/fixed [2833504] GUI debugger bug-about GDT display [2872244] BIOS writes not allowed value to MTRR MSR causing #GP [2885383] SDL GUI memory leak [2872290] compilation in AIX5.3 ML10 failes [2867904] crash with cirrus bx_vga_c::mem_write [2851495] BIOS PCI returns with INT flag = 0 [2860333] vista 64 guest STOP 109 (GDT modification) [2849745] disassembler bug for 3DNow and SSE opcodes [1066748] Wrong registers values after #RESET, #INIT [2836893] Regression: Windows XP installer unable to format harddrive [2812239] VMX: VM-Exit: Incorrect instruction length on software int [2814130] bx_debug lex/yacc files incorrectly generated [2813199] MP Tables Missing From BIOS [2824093] VMX exception bug [2811909] VMX : CS Access-rights Type.Accessed stays 0 [2810571] Compile Errors on OSX [2823749] GCC regression or VM_EXIT RDMSR/WRMSR bug [2815929] Vista/XP64 unnecessary panic [2803519] Wrong example in man page bochsrc - these S.F. feature requests were closed/implemented [422766] Large Memory configurations [1311287] Idea for a better GUI [455971] USB support [615363] debugger shortcut for repeat last cmd ------------------------------------------------------------------------- Changes in 2.4.1 (June 7, 2009): - Fixed bunch of CPUID issues - Bochs is now able to install and boot 64-bit Windows images! (special thanks to Mark Ebersole for his patch) - Several bugfixes in CPU emulation (mostly for x87 instructions) - Fixed two critical deadlock bugs in the Win32 gui (patches from @SF tracker) - Fixes related to the 'show ips' feature - removed conflicting win32-specific alarm() functions ('win32' and 'sdl' gui) - feature now works in wx on win32 - Added support for gdb stub on big endian machine (patch by Godmar Back) - Rewritten obsolete hash_map code in dbg symbols module (patch from @SF) - BIOS: implemented missing INT 15h/89h (patch by Sebastian Herbszt) ------------------------------------------------------------------------- Changes in 2.4 (May 3, 2009): Brief summary : - Added graphical Bochs debugger frontend for most of the supported platforms. - Thanks for Chourdakis Michael and Bruce Ewing. - Many new CPU features in emulation - Support for > 32 bit physical address space and configurable MSRs - VMX, 1G pages in long mode, MOVBE instruction - Bugfixes for CPU emulation correctness, debugger and CPU instrumentation. - New config interface 'win32config' with start and runtime menu - USB: added OHCI support, external hub and cdrom - Added user plugin interface support. Detailed change log : - CPU and internal debugger - Support for VMX hardware emulation in Bochs CPU, to enable configure with --enable-vmx option Nearly complete VMX implementation, with few exceptions: - Dual-monitor treatment of SMIs and SMM not implemented yet - NMI virtualization, APIC virtualization not implemented yet - VMENTER to not-active state not supported yet - No advanced features like Extended Page Tables or VPID - Support for configurable MSR registers emulation, to enable configure with --enable-configurable-msrs option Look for configuration example in .bochsrc and msrs.def - Support new Intel Atom(R) MOVBE instruction, to enable configure with --enable-movbe option - Support for 1G pages in long mode, to enable configure with --enable-1g-pages option - Support for > 32 bit physical address space in CPU. Up to 36 bit could be seen in legacy mode (PAE) and up to 40 bit in x86-64 mode. Still support the same amount of the physical memory in the memory object, so system with > 4Gb of RAM yet cannot be emulated. To enable configure with --enable-long-phy-address option. - Implemented modern BIOSes mode limiting max reported CPUID function to 3 using .bochsrc CPU option. The mode is required in order to correctly install and boot WinNT. - Added ability to configure CPUID vendor/brand strings through .bochsrc (patch from @SF by Doug Reed). - Many bugfixes for CPU emulation correctness (both x86 and x86-64). - Updated CPU instrumentation callbacks. - Fixed Bochs internal debugger breakpoints/watchpoints handling. - Configure and compile - Added ability to choose Bochs log file name and Bochs debugger log file name from Bochs command line (using new -log and -dbglog options) - Removed Peter Tattam's closed source external debugger interface from the code. - Removed --enable-guest2host-tlb configure option. The option is always enabled for any Bochs configuration. - Removed --enable-icache configure option. The option is always enabled for any Bochs configuration. Trace cache support still remains optional and could be configured off. - Added configure option to compile in GUI frontend for Bochs debugger, to enable configure with --enable-debugger-gui option. The GUI debugger frontend is enabled by default with Bochs debugger. - Removed --enable-port-e9-hack configure option. The feature now could be configured at runtime through .bochsrc. - Added configure option to enable/disable A20 pin support. Disabling the A20 pin support slightly speeds up the emulation. - reduced dependencies between source files for faster code generation - BIOS - Added S3 (suspend to RAM) ACPI state to BIOS (patch by Gleb Natapov) - Implemented MTRR support in the bios (patches by Avi Kivity and Alex Williamsion with additions by Sebastian Herbszt) - Bug fixes - I/O Devices - Added user plugin support - remaining devices converted to plugins: pit, ioapic, iodebug - added 'plugin_ctrl' bochsrc option to control the presence of optional device plugins without a separate option. By default all plugins are enabled. - added register mechanism for removable mouse and keyboard devices - Hard drive / cdrom - PACKET-DMA feature now supported by all ATAPI commands - ATAPI command 0x1A added (based on the Qemu implementation) - sb16 - Added ALSA sound support on Linux (PCM/MIDI output) - FM synthesizer now usable with MIDI output (simple piano only) - Fixed OPL frequency to MIDI note translation - Fixed MIDI output command - keyboard - added keyboard controller commands 0xCA and 0xCB - USB - USB code reorganized to support more HC types and devices - added USB OHCI support written by Ben Lunt - added external USB hub support (initial code ported from Qemu) - added USB cdrom support (SCSI layer ported from Qemu) - added status bar indicators to show data transfer - VGA - VBE video memory increased to 16 MB - implemented changeable VBE LFB base address (PCI only, requires latest BIOS and VGABIOS images) - I/O APIC - implemented I/O APIC device hardware reset - Config interface - new config interface 'win32config' with start and runtime menu is now the default on Windows ('textconfig' is still available) - win32 device config dialogs are now created dynamicly from a parameter list (works like the wx ParamDialog) - changes in textcofig and the wx ParamDialog for compatibility with the new win32 dialog behaviour - Bochs param tree index keys are case independent now - some other additions / bugfixes in the simulator interface code - Misc - updated LGPL'd VGABIOS to version 0.6c - Updated Bochs TESTFORM to version 0.4 - SF patches applied [2784858] IO Handler names are not compared properly [2712569] Legacy bios serial data buffer timeout bug by grybranix [2655090] 64 bit BSWAP with REX.W broken by M. Eby [2645919] CR8 bug when reading by M. Eby [1895665] kvm: bios: add support to memory above the pci hole by Izik Eidus [2403372] rombios: check for valid cdrom before using it by Sebastian [2307269] acpi: handle S3 by Sebastian [2354134] TAP networking on Solaris/Sparc repaired [2144692] The scsi device can not complete its writing data command by naiyue [1827082] [PATCH] Configurable CPU vendor by Marcel Sondaar [2217229] Panic on EBDA overflow in rombios32 by Sebastian [2210194] Log pci class code by Sebastian [1984662] red led for disk write and titlebar mod by ggbsf [2142955] Fix for monitor/mwait by Doug Gibson [2137774] Patch to fix bug: cdrom: read_block: lseek returned error by Gabor Olah [2134642] Fix scan_to_scanascii table for F11 and F12 by Ben Guthro & Steve Ofsthun [2123036] sdl fullscreen fix by ggbsf [2073039] Remove CMOS accsess from AML code by Gleb Natapov [2072168] smbios: add L1-L3 cache handle to processor information by Sebastian [2055416] bochsrc cpu options for cpuid vendor and brand string by Doug Reed [2035278] rombios: Fix return from BEV via retf by Sebastian [2035260] rombios: El Torito load segment fix by Sebastian [2031978] Fix VMware backdoor command 0Ah by Jamie Lokier [2015277] Remove obsolete comment about DATA_SEG_DEFS_HERE hack by Sebastian [2011268] Set new default format and unit only if both are supported by Sebastian [2001919] gdbstub: fix qSupported reply by Sebastian [2001912] gdbstub: enclose packet data by apostrophes by Sebastian [1998071] fix missing SIGHUP and SIGQUIT with term ui on mingw by Sebastian [1998063] fix wrong colors with term ui by Sebastian [1995064] Compile fix needed for --enable-debugger and gcc 4.3 by Hans de Goede [1994564] Fix typo in RDMSR BX_MSR_MTRRFIX16K_A0000 by Sebastian [1994396] Change hard_drive_post #if by Sebastian [1993235] TESTFORM email address update by Sebastian [1992322] PATCH: fix compilation of bochs 2.3.7 on bigendian machines by Hans de Goede [1991280] Shutdown status code 0Ch handler by Sebastian [1990108] Shutdown status code 0Bh handler by Sebastian [1988907] Shutdown status code 0Ah handler by Sebastian [1984467] two typos in a release! (2.3.7) [1981505] Init PIIX4 PCI to ISA bridge and IDE by Sebastian - these S.F. bugs were closed/fixed [2784148] an integer overflow BUG of Bochs-2.3.7 source code [2695273] MSVC cpu.dsp failure in 2.3.7.zip [616114] Snapshot/Copy crash on Win2K [2628318] 'VGABIOS-latest' bug [1945055] can't 'make install' lastest bochs on loepard [2031993] Mac OS X Makefile bug [1843199] install error on mac osx [2710931] Problem compiling both instrumentation and debugger [2617003] ExceptionInfo conflicts with OS X api [2609432] stepping causes segfault (CVS) [2605861] compile error with --enable-smp [1757068] current cvs(Jul19, 07) failed to boot smp [2426271] cannot get correct symbol entry [2471982] VGA character height glitches [1659659] wrong behaviour a20 at boot [1998027] minwg + --with-term + --with-out-win32 = link failure [1871936] bochs-2.3.6 make fails on wx.cc [1684666] info idt for long mode [2105989] could not read() hard drive image file at byte 269824 [1173093] Debugger totally not supports x86-64 [1803018] new win32debug dialog problems [2141679] windows vcc build broken [2162824] latest cvs fails to compile [2164506] latest bochs fails to start [2129223] MOV reg16, SS not working in real mode due to dead code [2106514] RIS / startrom.com install ALMOST works [2123358] SMP (HTT): wbinvd executed by CPU1 crashes CPU0 [2002758] Arch Linux: >>PANIC<< ATAPI command with zero byte count [2026501] El Torito incorrect boot segment:offset [2029758] BEV can return via retf instead of int 18h [2010173] x command breaks after one error about x/s or x/i [1830665] harddrv PANIC: ATAPI command with zero byte count [1985387] fail to make using gcc4 with --enable-debugger [1990187] testform feedback [1992138] Misspell in cpu/ia_opcodes.h - these S.F. feature requests were closed/implemented [2175153] Update MSVC project files [658800] front end program and bios [1883370] Make cd and floppy images more usable [422783] change floppy size without restarting [2552685] param tree names should be case insensitive [1214659] PC Speaker emu turnoff. Plugin Controll. [1977045] support 40 bit physical address [1506385] Intel Core Duo VT features [1429015] Support for user plugins [1488136] debugger access to floppy controller [1363136] Full debugger SMP and 64 bit support [2068304] Support for ACPI [431032] debugger "x" command [423420] profiling ideas (SMF) [445342] Add FM support? [928439] alsa ------------------------------------------------------------------------- Changes in 2.3.7 (June 3, 2008): Brief summary : + More optimizations in CPU code - Bochs 2.3.7 is more than 2x faster than Bochs 2.3.5 build ! - Implemented LBA48 support in BIOS - Added memory access tracing for Bochs internal debugger - Implemented Intel(R) XSAVE/XRSTOR and AES instruction set extensions - Many fixes in CPU emulation and internal debugger - MenuetOS64 floppy images booting perfect again ! - updated LGPL'd VGABIOS to version 0.6b Detailed change log : - CPU - Support of XSAVE/XRSTOR CPU extensions, to enable configure with --enable-xsave option - Support of AES CPU extensions, to enable configure with --enable-aes option - Fixed Bochs failure on RISC host machines with BxRepeatSpeedups optimization enabled - Implemented SYSENTER/SYSEXIT instructions in long mode - More than 100 bugfixes for CPU emulation correctness (both x86 and x86-64) - MenuetOS64 floppy images booting perfect again ! - Updated CPU instrumentation callbacks - Bochs Internal Debugger and Disassembler - Added memory access tracing for Bochs internal debugger, enable by typing 'trace-mem on' in debugger command line - Many bug fixes in Bochs internal debugger and disassembler - System BIOS (Volker) - Implemented LBA48 support - Added generation of SSDT ACPI table that contains definitions for available processors - Added RTC device to ACPI DSDT table - Added implementation of SMBIOS - I/O devices (Volker) - VGA - Implemented screen disable bit in sequencer register #1 - Implemented text mode cursor blinking - Serial - new serial modes 'pipe-server' and 'pipe-client' for win32 - new serial mode 'socket-server' - Configure and compile - Fixed configure bug with enabling of POPCNT instruction, POPCNT instruction should be enabled by default when SSE4.2 is enabled. - Removed --enable-magic-breakpoint configure option. The option is automatically enabled if Bochs internal debugger is compiled in. It is still possible to turn on/off the feature through .bochsrc. - Allow boot from network option in .bochsrc - Added Bochs version info for Win32 - Display libraries - implemented text mode character blinking in some guis - improved 'X' gui runtime dialogs - SF patches applied [1980833] Fix shutdown status code 5h handler by Kevin O'Connor [1928848] "pipe" mode for serial port (win32 only) by Eugene Toder [1956843] Set the compatible pci interrupt router back to PIIX by Sebastian [1956366] Do not announce C2 & C3 cpu power state support by Igor Lvovsky [1921733] support for LBA48 by Robert Millan [1938185] Fix link problem with --enable-debugger by Sebastian [1938182] Makefile.in - use @IODEV_LIB_VAR@ by Sebastian [1928945] fix for legacy rombios - e820 map and ACPI_DATA_SIZE by Sebastian [1925578] rombios32.c - fix ram_size in ram_probe for low memory setup by Sebastian [1908921] rombios32.c - move uuid_probe() call by Sebastian [1928902] improvements to load-symbols by Eugene Toder [1925568] PATCH: msvc compilation by Eugene Toder [1913150] rombios.c - e820 cover full size if memory <= 16 mb by Alexander van Heukelum [1919804] rombios.c - fix and add #ifdef comments by Sebastian [1909782] rombios.c - remove segment values from comment by Sebastian [1908918] SMBIOS - BIOS characteristics fix by Sebastian [1901027] BIOS boot menu support (take 3) [1902579] rombios32.c - define pci ids by Sebastian [1859447] Pass segment:offset to put_str and introduce %S by Sebastian [1889057] rombios.c - boot failure message by Sebastian [1891469] rombios.c - print BEV product string by Sebastian [1889851] Win32 version information FILEVERSION for bochs.exe by Sebastian [1889042] rombios.c - fix comment by Sebastian [1881500] bochsrc, allow boot: network by Sebastian [1880755] Win32 version information for bochs.exe by Sebastian [1880471] SMBIOS fix type 0 by Sebastian [1878558] SMBIOS fixes by Sebastian [1864692] SMBIOS support by Filip Navara [1865105] Move bios_table_area_end to 0xcc00 by Sebastian [1875414] Makefile.in - change make use by Sebastian [1874276] Added instrumentation for sysenter/sysexit by Lluis [1873221] TLB page flush: add logical address to instrumentation by Lluis [1830626] lba32 support by Samuel Thibault [1861839] Move option rom scan after floppy and hard drive post by Sebastian [1838283] Early vga bios init by Sebastian [1838272] rom_scan range parameter by Sebastian [1864680] Save CPUID signature by Filip Navara - these S.F. bugs were closed [1976171] Keyboard missing break code for enter (0x9C) [666433] physical read/write breakpoint sometimes fails [1744820] info gdt and info idt shows the entire tables [1755652] graphics: MenuetOS64 shows black screen [1782207] Windows Installer malfunction, Host=Linux, Guest=Win98SE [1697762] OS/2 Warp Install Failed [1952548] String to char * warnings [1940714] SYSENTER/SYSEXIT doesn't work in long mode [1422342] SYSRET errors [1923803] legacy rombios - e820 map and ACPI_DATA_SIZE [1936132] Link problem with --enable-debugger & --enable-disasm [1934477] Linear address wrap is not working [1424984] virtual machine freezes in Bochs 2.2.6 [1902928] with debugger cpu_loop leaves CPU with unstable state [1898929] Bochs VESA BIOS violates specs (banks == 1) [1569256] bug in datasegment change in long mode [1830662] ACPI: no DMI BIOS year, acpi=force is required [1868806] VGA blink enable & screen disable [1875721] Bit "Accessed" in LDT/GDT descriptors & #PF [1874124] bx_Instruction_c::ilen() const [1873488] bochs-2.3.6 make fails on dbg_main.cc - these S.F. feature requests were implemented [1422769] SYSENTER/SYSEXIT support in x86-64 mode [1847955] Version information for bochs(dbg).exe [939797] SMBIOS support ------------------------------------------------------------------------- Changes in 2.3.6 (December 24, 2007): Brief summary : + More than 25% emulation speedup vs Bochs 2.3.5 release! - Thanks to Darek Mihocka (http://www.emulators.com) for providing patches and ideas that made the speedup possible! + Up to 40% speedup vs Bochs 2.3.5 release with trace cache optimization! - Lots of bugfixes in CPU emulation - Bochs benchmarking support - Added emulation of Intel SSE4.2 instruction set Detailed change log : - CPU - Added emulation of SSE4.2 instruction set, to enable use --enable-sse=4 --enable-sse-extension configure options to enable POPCNT instruction only use configure option --enable-popcnt - Implemented MTRR emulation, to enable use --enable-mtrr configure option. MTRRs is enabled by default when cpu-level >= 6. - Implemented experimental MONITOR/MWAIT support including optimized MWAIT CPU state and hardware monitoring of physical address range, to enable use --enable-monitor-mwait configure option. - Removed hostasm optimizations, after Bochs rebenchmarking it was found that the feature bringing no speedup or even sometimes slows down emulation! - Merged trace cache optimization patch, the trace cache optimization is enabled by default when configure with --enable-all-optimizations option, to disable trace cache optimization configure with --disable-trace-cache - Many minor bugfixes in CPU emulation (both ia32 and x86-64) - Updated CPU instrumentation callbacks - Bochs Internal Debugger and Disassembler - Many fixes in Bochs internal debugger and disassembler, some debugger interfaces significantly changed due transition to the param tree architecture - Added support for restoring of the CPU state from external file directly from Bochs debugger - Configure and compile - Renamed configure option --enable-4meg-pages to --enable-large-pages. The option enables page size extensions (PSE) which refers to 2M pages as well. - Removed --enable-save-restore configure option, save/restore feature changed to be one of the basic Bochs features and compiled by default for all configurations. - Added new Bochs benchmark mode. To run Bochs in benchmark mode execute it with new command line option 'bochs -benchmark time'. The emulation will be automatically stopped after 'time' millions of emulation cycles executed. - Another very useful option for benchmarking of Bochs could be enabled using new 'print_timestamps' directive from .bochsrc: print_timestamps: enable=1 - Added --enable-show-ips option to all configuration scripts used to build release binaries, so all future releases will enjoy IPS display. - Enable alignment check in the CPU and #AC exception by default for --cpu-level >= 4 (like in real hardware) - SF patches applied [1491207] Trace Cache Speedup patch by Stanislav [1857149] Define some IPL values by Sebastian [1850183] Get memory access mode in BX_INSTR_LIN_READ by Lluis Vilanova [1841421] pic: keep slave_pic.INT and master_pic.IRQ_in bit 2 in sync by Russ Cox [1841420] give segment numbers in exception logs by Russ Cox [1801696] Allow Intel builds on Mac OS X [1830658] Fix >32GB disk banner by Samuel Thibault [1813314] Move #define IPL_* and typedef ipl_entry by Sebastian [1809001] Save PnP Option ROM Product Name string in IPL Boot Table by Sebastian [1821242] Fix for #1801285, Niclist.exe broken by Sebastian [1819567] Code warning cleanup [1816162] Update comment on bios_printf() by Sebastian [1811139] Trivial Fix when BX_PCIBIOS and BX_ROMBIOS32 not defined by Myles Watson [1811190] Improve HD recognition and CD boot by Myles Watson [1811860] Implement %X in bios_printf by Sebastian [1809649] printf %lx %ld %lu by Myles Watson [1809651] move BX_SUPPORT_FLOPPY by Myles Watson [1809652] dpte and Int13DPT fixes by Myles Watson [1809669] clip cylinders to 16383 in hard drive by Myles Watson [1799903] Build BIOS on amd64 by Robert Millan [1799877] Fix for parallel build (make -j2) by Robert Millan - these S.F. bugs were closed [1837354] website bug: View the Source link broken [1801268] Reset from real mode no longer working [1843250] Using forward slashes gives invalid filename [1823446] BIOS bug, local APIC #0 not detected [1801285] Niclist.exe broken [1364472] breakpoints sometimes don't work [994451] breakpoint bug [1801295] NSIS installer vs Windows Notepad [1715328] Unreal mode quirk [1503972] debugger doesn't debug first instruction on exception [1069071] div al, byte ptr [ds:0x7c18] fails to execute [1800080] Wrong "BX_MAX_SMP_THREADS_SUPPORTED" assertion - these S.F. feature requests were implemented [1662687] Download for Win32-exe with x64 Mode and debugging [604221] Debugger command: query lin->phys mapping ------------------------------------------------------------------------- Changes in 2.3.5 (September 16, 2007): Brief summary : - Critical problems fixed for x86-64 support in CPU and Bochs internal debugger - ACPI support - The release compiled with x86-64 and ACPI - Hard disk emulation supports ATA-6 (LBA48 addressing, UDMA modes) - Added emulation of Intel SSE4.1 instruction set Detailed change log : - CPU - Fixed critical bug with 0x90 opcode (NOP) handling in x86-64 mode - implied stack references where the stack address is not in canonical form should causes a stack exception (#SS) - Added emulation of SSE4.1 instruction set (Stanislav) - Do not save and restore XMM8-XMM15 registers when not in x86-64 mode - Fixed zero upper 32-bit part of GPR in x86-64 mode - CMOV_GdEd should zero upper 32-bit part of GPR register even if the 'cmov' condition was false ! - Implemented CLFLUSH instruction, report non-zero cache size in CPUID - Fixed PUSHA/POPA instructions behavior in real mode - Fixed detection of inexact result by FPU - Fixed denormals-are-zero (DAZ) handling by SSE convert instructions - Implemented Misaligned Exception Mask support for SSE (MXCSR[17]) - Implemented Alignment Check in the CPU and #AC exception, to enable use --enable-alignment-check configure option - General - 2nd simulation support in wxBochs now almost usable (simulation cleanup code added and memory leaks fixed) - Configure and compile - several fixes for MacOSX, OpenBSD and Solaris 10 - enable save/restore feature by default for all configurations - reorganized SSE configure options to match Intel(R) Programming Reference Manual, new option introduced for SSE extensions enabling. To enable Intel Core Duo 2 new instructions use --enable-sse=3 --enable-sse-extension enabling of SSE4.1 (--enable-sse=4) will enable SSE3 extensions as well - removed old PIT, always use new PIT written by Greg Alexander, removed configure option --enable-new-pit - I/O devices (Volker) - Floppy - partial non-DMA mode support (patch by John Comeau) - Hard drive / cdrom - hard disk emulation now supports ATA-6 (LBA48 addressing, UDMA modes) - VMWare version 4 disk image support added (patch by Sharvil Nanavati) - PCI - initial support for the PIIX4 ACPI controller - Serial - added support for 3-button mouse with Mousesystems protocol - USB - experimental USB device change support added - rewrite of the existing USB devices code - new USB devices 'disk' and 'tablet' (ported from the Qemu project) - Bochs internal debugger - fixed broken debugger "rc file" option (execute debugger command from file) - implementation of a gui frontend ("windebug") for win32 started - gdbstub now accepts connection from any host - several documentation updates - a lot of disasm and internal debugger x86_64 support fixes - Configuration interface - fixes and improvements to the save state dialog handling - Display libraries - text mode color handling improved in some guis - win32 fullscreen mode (patch by John Comeau) - System BIOS (Volker) - 32-bit PM BIOS init code for ACPI, PCI, SMP and SMM (initial patches by Fabrice Bellard) - PCI BIOS function "find class code" implemented - SF patches applied [1791000] 15h 8600h is reading the wrong stack frame by Sebastian [1791016] rombios32.c, ram_probe(), BX_INFO missing value by Sebastian [1786429] typo in bochsrc.5 by Sebastian [1785204] Extend acpi_build_table_header to accept a revision number by Sebastian [1766536] Partial Patch for Bug Report 1549873 by Ben Lunt [1763578] ACPI Table Revision 0 -> 1 [1642490] implement alignment check and #AC exception by Stanislav Shwartsman [1695652] [PATCH] .pcap pktlog and vnet PXE boot by Duane Voth [1741153] Add expansion-ROM boot support to the ROMBIOS [1734159] Implemented INT15h, fn 0xC2 (mouse), subfn 3, set resolution [1712970] bios_printf %s fix [1573297] PUSHA/POPA real mode fix by Stanislav Shwartsman [1641816] partial support for non-DMA access to floppy by John Comeau [1624032] shows where write outside of memory occurred by John Comeau [1607793] allow fullscreen when app requests it by John Comeau [1603013] Bugfix for major NOP problem on x64 by mvysin [1600178] Make tap and tuntap compile on OpenBSD by Jonathan Gray [1149659] improve gdbstub network efficiency by Avi Kivity [1554502] Trivial FPU exception handling fix - these S.F. bugs were closed [1316008] Double faults when it shouldn't - gcc 4.0.2 [1787289] broken ABI for redolog class when enable-compressed-hd [1787500] tftp_send_optack not 64bit clean [1264540] Security issue with Bochs website [1767217] Debugger Faults including ud2 [1729822] Various security issues in io device emulation [1675202] mptable hosed (bad entry count in header) [1197141] 'make install' installs to bad location [1157623] x86Solaris10 cannot recoginize ACPI RSD PTR [1768254] large HDD in Bochs/bximage [1496157] Windows Vista Beta2 dosn't boot [1755915] Illegal Hard Disk Signature Output [1717790] info gdt and info idt scrolls away, too long result [1726640] Debugger displays incorrect segment for mov instruction [1719156] Typo in misc_mem.cpp [1715270] Debugger broken in/beyond 2.3 [1689107] v8086 mode priviledge check failed [1704484] A few checks when CPU_LEVEL < 4 [1678395] Problem with zero sector... [876990] SA-RTL OS fails on PIC configuration [1673582] save/restore didn't restore simulation correctly [1586662] EDD int 13h bug, modify eax [666618] POP_A Panic in DOS EMU [1001485] panic: not enough bytes on stack [1667336] delay times an order of magnitude slow [1665601] crash disassembling bootcode [1657065] CVS sources won't compile [1653805] bochs's gdbstub uses incorrect protocol [1640737] ASM sti command frezzes guest OS [1636439] latest CVS sources don't compile under Cygwin [1634357] disasm incorrect (no sign ext) displacement in 64-bit mode [1376453] pcidev segfaults bochs [1180890] IOAPIC in BOCHS - WinXP 64 in MP version [1597528] 2.3 fails to compile on amd64 [1526255] FLD1 broken when compaling with gcc 4.0.x [1597451] eth_fbsd is broken under FreeBSD [1571949] Bochs will not compile under Solaris [1500216] Bochs fails to boot BeOs CD [1458339] bochs-2.2.6 WinXP Binary ACPI error installing FreeBSD 6.0 [1440011] patches needed for FreeBSD 6.0 to compile Bochs [431674] some devices don't have a prefix [458150] QNX demo disk crashes with new pit [818322] Bochs 2.1 cvs: OS/2 - read verify on non disk [906840] KBD: bogus scan codes generated in set 3 [1005053] No keyboard codes translation [1109374] Problem with Scancodeset 2 [1572345] Bochs won't continue [1568153] Bochs looks for (and loads?) unspecified display libraries [1563462] Errors in /iodev/harddrv.h [1562172] TLB_init() fails to initialize priv_check array if USE_TLB 0 [1385303] debugger crashes after panic [1438227] crc.cpp missing in bx_debug version 2.2.6 [1501825] debugger crashes on to high input [1420959] Memory leak + buffer overflow in Bochs debugger [1553289] Error in Dis-assembler [542464] I cannot use FLAT [1548270] Bochs won't die with its pseudo terminal [1545588] roundAndPackFloatx80 does not detect round up correctly ------------------------------------------------------------------------- Changes in 2.3 (August 27, 2006): Brief summary : - limited save/restore support added (config + log options, hardware state) - configuration parameter handling rewritten to a parameter tree - lots of cpu and internal debugger fixes - hard disk geometry autodetection now supported by most of the image types - hard disk emulation now supports ATA-3 (multiple sector transfers) - VBE memory size increased to 8MB and several VGA/VBE fixes - updated LGPL'd VGABIOS to version 0.6a Detailed change log : - CPU and internal debugger fixes - Fixed bug in FSTENV instruction (Stanislav Shwartsman) - Recognize #XF exception (19) when SSE is enabled - Fixed bug in PSRAW/PSRAD MMX and SSE instructions - Save and restore RIP/RSP only for FAULT-type exceptions, not for traps - Correctly decode, disassemble and execute multi-byte NOP '0F F1' opcode - Raise A20 line after system reset (Stanislav Shwartsman) - Implemented SMI and NMI delivery (APIC) and handling in CPU (Stanislav) - Experimental implementation of System Management Mode (Stanislav) - Added emulation of SSE3E instructions (Stanislav Shwarstman) - Save and restore FPU opcode, FIP and FDP in FXSAVE/FRSTOR instructions - Fixed bug in MOVD_EdVd opcode (always generated #UD exception) - Fixed critical issue, Bochs was not supporting > 16 bit LDT.LIMIT values - Many fixes in Bochs internal debugger and disassembler - CPU x86-64 fixes - Fixed SYSRET instruction implementation - Fixed bug in CALL/JMP far through 64-bit callgate in x86-64 mode - Correctly decode, disassemble and execute 'XCHG R8, rAX' instruction - Correctly decode and execute 'BSWAP R8-R15' instructions - Fixed ENTER and LEAVE instructions in x86-64 mode (Stanislav) - Fixed CR4 exception condition (No Name) - Fixed x86 debugger to support x86-64 mode (Stanislav) - APIC and SMP - Support for Dual Core and Intel(R) HyperThreading Technology. Now you could choose amount of cores per processor and amount of HT threads per core from .bochsrc for SMP simulation (Stanislav Shwartsman) - Allow to control SMP quantum value through .bochsrc CPU option parameter. Previous Bochs versions used hardcoded quantum=5 value. - Fixed interrupt priority bug in service_local_apic() - Fixed again reading of APIC IRR/ISR/TMR registers. Finally it becomes fully correct :-) - Configure and compile - Moved configure time --enable-reset-on-triple-fault option to runtime, the 'cpu' option in .bochsrc is extended and the old configure option is deprecated (Stanislav Shwartsman) - Removed --enable-pni configure option, to compile with PNI use --enable-sse=3 instead (Stanislav Shwartsman) - enable SEP (SYSENTER/SYSEXIT) support by default for Penitum II+ processor emulation (i.e. if cpu-level >= 6 and MMX is enabled) - general - Limited save/restore support added. The state of CPU, memory and all devices can be saved now (state of harddisk images not handled yet). - Fixed several memory leaks - configuration interface - Configuration parameter handling rewritten to a parameter tree. This is required for dynamic menus/dialogs, user-defined options and save/restore. - Support for user-defined bochsrc options added - help support at the parameter prompt in textconfig added - I/O devices (Volker) - Floppy - partial sector transfers fixed - Hard drive / cdrom - several fixes to the IDE register behaviour (e.g. in case of a channel with only one drive connected) - fixed data alignment of 'growing' hard drive images (sharing images between Windows and Linux now possible) - disk geometry autodetection now supported by most of the image types (unsupported: external, dll and compressed modes) - multi sector read/write commands implemented - hard disk now reporting ATA-3 supported - ATAPI 'inquiry' now returns a unique device name - Keyboard - reset sent to keyboard has no effect on the 8042 (scancode translation) - PCI - forward PIRQ register changes to the I/O APIC (if present) - attempt to fix and update the emulation part of 'pcidev' (untested) - VGA - VBE memory size increased to 8MB and several VBE fixes - VGA memory read access fixed (bit plane access and read mode) - VGA memory is now a part of the common video memory - System BIOS (Volker) - enable interrupts before executing INT 19h - fixed ATA device detection in case of one drive only connected to controller - improved INT 15h function AX=E820h - real mode PCI BIOS now returns IRQ routing information (function 0Eh) - keyboard LED flags handling fixed and improved - fixed handling of extended keys in INT 09h - Updated LGPL'd VGABIOS to version 0.6a - SF patches applied [1340111] fixes and updates to usb support by Ben Lunt [1539420] minor addition to pci_usb code by Ben Lunt [1455958] call/jmp through call gate in 64-bit mode [1433107] PATCH: fix compile with wxwindows 2.6 (unicode / utf8) by jwrdegoede [1386671] Combined dual core and hyper-threading patch - these S.F. bugs were closed [833927] TTD: System Error TNT.40025: Unexpected processor exception [789230] Sending code that shows lock up when setting idt [909670] Problems with Symantec Ghost [1540241] include missing in osdep.cc [1539373] Incorrect disasm for "mov moffset,bla" in 64bit [1538419] incorrect disassembly of [rip+disp] with rex.b [1535432] shift+cursor key maps to a digit [1504891] Knoopix 5.0.1 error [1424355] bochs-2.2.6 ata failure in windoze 98se [1533979] wrong disassembly of IN instruction [620059] paste won't stop [1164904] status bar doesn't show num/caps/scroll lock status [1061720] ATA Support level for HD [1522196] Broken CHANGES link in main page [1438415] crash if screen scrolled downwards [778441] Shouldn't interrupts be enable after BIOS? [1514949] I got a problem with the 8253 timer [1513544] disasm of 0xec (in AL,DX) returns ilen of 2 instead of 1 [1508947] APIC interrupt priority checking and interrupt delivery [766286] Debugger halts after any GPF exception [639143] va_list is not a pointer on linuxppc [1501815] debugger examines memory over page-boundary wrong [1503978] movsb/w/d doesn't work when direction is stored [1499405] WinPCap has changed URL hosting [1498519] APIC IRR bits not set while interrupts disabled [1498193] Bochs segfaults on LTR instruction [787140] Guest2HostTLB optimization bug [1492070] instrument stop [1487772] No SEP on P4 [1488335] Growing hard disk images severe interoperability errors! [1076312] Shadow RAM and TLB [1282249] The real i440FX chipset Award bios hangs [1479763] mistake "mov ax,[es:di]" for "mov ax,[ds:di]" [1453575] Misconfigured floppy DMA transfers do not terminate. [1460068] Incorrect handling for the Options Menu Item [910203] bochs-2.1.1 wx.lo failed [1438654] PANIC when trying to run install-amd64-minimal-2005.0.iso [1458320] compile hdimage.h fails [1455880] bochs-2.2.6,2: make error on FreeBSD [696890] Network wouldn't run under W2k hosting MSDOS [673391] SMP timer problems [1291059] wxWindows GUI on non-windows/configure issue [1356450] bochs 2.2.1 errors-omittions [1178017] Win98 guest cannot receive network packets from host [1076315] a20_mask after restarting [1436323] real hw does not panic when bad Ib in CMPSS_VssWssIb [1435269] cdrom_amigaos is not compilable [1433314] disasm issues [1170614] relative jumps/calls wrong in debugger [758121] user might get confused when interrupt handler invoked [1170622] You cannot toggle OFF "show" flags [1406387] JMP instruction should display absolute address [1428813] PANIC: ROM address space out of range [1426288] DR-DOSs EMM386 problem [1412036] Bochs cannot recognize PCI NIC correctly [435115] dbg: modebp broken and no docs [1419366] disasm cs:eip does not work anymore [1419393] SSE's #XF exception -> "exception(19): bad vector" [1419429] disassembly of "260f6f00" show DS: instead of ES: prefix [1417583] Interrupt behaviour changed from 2.2.1 to 2.2.5 [1418281] 'push' (6A) incorrectly disassembled [1417791] FLDENV generating exception when real hw does not. [1264583] OS/2 1.1 doesn't run ------------------------------------------------------------------------- Changes in 2.2.6 (January 29, 2006): - First major SMP release ! - several APIC and I/O APIC fixes make SMP Bochs booting Windows NT4.0 or Knoppix 4.0.2 without noapic kernel option in SMP configuration. - critical APIC timer bug fixed - obsolete SMP BIOS images removed (MP tables created dynamicaly) - determine number of processors in SMP configuration through .bochsrc new .bochsrc option 'CPU' allows to choose number of processors to emulate - new configure option --enable-smp to configure Bochs for SMP support, the old --enable-processors=N option is deprecated - CPU and internal debugger fixes - enabled #PCE bit in CR4 register, previosly setting of this bit generated #GP(0) fault - enabled LAHF/SAHF instructions in x86-64 mode - fixed bug in PMULUDQ SSE2 instruction - fixes in Bochs debugger - Configure and compile - enable VME (virtual 8086 mode extensions) by default if cpu-level >= 5 - enable Bochs disassembler by default for all configurations - win32 installer script improvements - ips parameter moved to new 'CPU' option - show IPS value in status bar if BX_SHOW_IPS is enabled - Other - several fixes in the hard drive, keyboard, timer, usb and vga code - new user button shortcut "bksl" (backslash) - updated Bochs instrumentation examples - user and development documentation improved ------------------------------------------------------------------------- Changes in 2.2.5 (December 30, 2005): Brief summary : - added virtual 8086 mode extensions (VME) implementation - several fixes/improvements in x86-64 emulation, debugger and disassembler - new serial mode 'socket' connects a network socket - IDE busmaster DMA feature for harddisks and cdroms completed and enabled - many improvements in Bochs emulated I/O devices (e.g. floppy, cdrom) - Updated LGPL'd VGABIOS to version 0.5d Detailed change log : - CPU - fixed XMM registers restore in FXRSTOR instruction (Andrej Palkovsky) - print registers dump to the log if tripple fault occured - fixed PANIC in LTR instruction (Stanislav) - added virtual 8086 mode extensions (VME) implementation, to enable configure with --enable-vme (Stanislav) - flush caches and TLBs when executing WBINVD and INVD instructions - do not modify segment limit and AR bytes when modifying segment register in real mode (support for unreal mode) - fixed init/reset values for LDTR and TR registers - reimplemented hardware task switching mechanism (Stanislav) - generate #GP(0) when fetching instruction cross segment boundary - CPU (x86-64) (Stanislav Shwartsman) - implemented call_far/ret_far/jmp_far instructions in long mode - fixed IRET operation in long mode - fixed bug prevented setting of NXE/FFXSR bits in MSR.EFER register - implemented RDTSCP instruction - do not check CS.limit when prefetching instructions in long mode - fixed masked write instructions (MASKMOVQ/MASKMOVDQU) in long mode - fetchdecode fixes for x86-64 - APIC - Fixed bug in changing local APIC id (Stanislav) - Fixed reading of IRR/ISR/TMR registers (patch by wmrieker) - Implemented spurious interrupt register (Stanislav, patch by wmrieker) - Fixed interrupt delivery bug (anonymous #SF patch) - Correctly implemented ESR APIC register (Stanislav) - Bochs debugger - Fixed bug in bochs debugger caused breakpoints doesn't fire sometimes (Alexander Krisak) - watchpoints in device memory fixed (Nickolai Zeldovich) - new debug interface to access Bochs CPU general purpose registers with support for x86-64 - Disassembler (Stanislav Shwartsman) - Fixed disassembly for FCOMI/FUCOMI instructions - Full x86-64 support in disassembler. The disassembler module extended to support x86-64 extensions. Still limited by Bochs debugger which is not supporting x86-64 at all ;( - I/O devices (Volker) - general - memory management prepared for large BIOS images (up to 512k) - slowdown timer sleep rate fixed (now using 1 msec on all platforms) - some device specific parameter handlers moved into the device code - serial - new serial mode 'socket' connects a network socket (#SF patch by Andrew Backer) - hard drive / cdrom - assign a unique serial number to each drive (fixes harddrive detection problems with Linux kernels 2.6.x: "ignoring undecoded slave") - geometry autodetection for 'flat' hard disk images added. Works with images created with bximage (heads = 16, sectors per track = 63) - ATAPI command 'read cd' implemented, some other commands improved - cdrom read block function now tries up to 3 times before giving up - emulation of raw cdrom reads added, some other lowlevel cdrom fixes - IDE busmaster DMA feature for harddisks and cdroms completed and enabled - disk image size limit changed from 32 to 127 GB - split ATA/ATAPI emulation code and image handling code - floppy - fixes for OS/2 (patch by Robin Kay) - disk change line behaviour fixed (initial patch by Ben Lunt) - end-of-track (EOT) condition handling implemented - more accurate timing for read/write data and format track commands using a motor speed of 300 RPM - timing of recalibrate and seek commands now depends on the step rate, date rate and the steps to do - floppy controller type changed to 82077AA - cmos - RTC 12-hour and binary mode implemented - number of CMOS registers changed from 64 to 128 - bochsrc option 'cmosimage' improved - save cmos image on exit if enabled - speaker - simple speaker support for OS X added (patch by brianonn@telus.net) - pci - BeOS boot failure fix in the PCI IDE code - don't register i/o and memory regions during PCI probe - vga - memory allocation for vga extensions fixed - usb - some bugfixes by Ben Lunt (mouse and keypad are usable now) - networking modules - VDE networking module now enabled on Linux - display libraries - general - new syntax for the userbutton shortcut string and more keys supported - win32 - fixed keycode generation for right alt/ctrl/shift keys - runtime dialog is now a property sheet - x11 - simple dialog boxes for the "ask" and "user shortcut" feature implemented - Slovenian keymap added (contributed by Mitja Ursic) - configuration interface - ask dialog is now enabled by default for win32, wx and x display libraries - bochsrc option floppy_command_delay is obsolete now (floppy timing now based on hardware specs) - floppy image size detection now available in the whole config interface - some device specific parameter handlers moved into the device code - calculate BIOS ROM start address from image if not specified - System BIOS (Volker) - PCI i/o and memory base address initialization added - several keyboard interrupt handler fixes (e.g. patch by japheth) - several floppy fixes (e.g. OS/2 works with patch by Robin Kay) - some more APM functions added - Updated LGPL'd VGABIOS to version 0.5d - generate SMP specific tables dynamicly by the Bochs memory init code - SF patches applied [1389776] Disk sizes over 64 Gbytes by Andrzej Zaborowski [1359162] disasm support for x86-64 by Stanislav Shwartsman [857235] task priority and other APIC bugs, etc by wmrieker [1359011] build breaks for 386 + debugger + disasm by shirokuma [1352761] Infinite loop when trying to debug a triple exception [1311170] small APIC bug fix (interrupt sent to the wrong CPU) [1309763] Watchpoints don't work in device memory by Nickolai Zeldovich [1294930] change line status on floppy by Ben Lunt [1282033] SSE FXRESTORE not working correctly by Ondrej Palkovsky [816979] wget generalizations by Lyndon Nerenberg [1214886] No more pageWriteStamp / unified icache by H. Johansson [1107945] com->socket redirection support by Andrew Backer - these S.F. bugs were closed [669180] win95 install : unknown SET FEATURES subcommand 0x03 [1346692] bochs 2.2.1 VGA BIOS error [1354963] floppy in KolibriOS [1378204] error: bochs-2.2.1, --enable-sb16, --disable-gameport [1368412] VDE problems in BOCHS [533446] CPU and APIC devices appear twice [1000796] bximage fails to create image of specified size [1170793] Quarterdeck QEMM doesn't work [923704] Multiple opcode prefixes don't reflect Trap 13 [1166392] DocBook/documentation issues [1368239] broken grater than 4GB size of sparse type hd image [1365830] i386 compile breaks on paging [427550] Incomplete IRETD implementation [1215081] MSVC workspace STILL not fixed [736279] Jump to Task [1356488] FD change fail & occur error [957615] [CPU ] prefetch: RIP > CS.limit [1353866] not booting linux-2.6.14 [1351667] load32bitOSImage does not work with --enable-x86-debugger [1217476] Incorrect (?) handling of segment registers in real mode [1184711] OS2 DOS crash [2.2.pre2] [624330] support for disks > 32GiB [1348368] bochs 2.2.1 bximage error [1342081] Configuration Menu option failed [1138616] OS/2 Warp 4 hangs when booting [1049840] mouse and video conflict [1164570] Unable to perform Fedora Core 4 test 1 installation [1183201] Windows 2000 (MSDN build 2150?) does not completely install [1194284] Can't boot from CD-ROM (Windows NT) [962969] Windows NT crashes while trying to intall them. [1054594] WinXP install halts (redo) [1153107] Windows XP fails with BSOD on 'vga' [938518] Win XP installation fails [645420] getHostMemAddr vetoed direct read [1179985] MS XENIX: >>PANIC<< VGABIOS panic at vgabios.c, line 0 [1329600] WBINVD and INVD should flush caches and TLB [638924] eliminate BX_USE_CONFIG_INTERFACE [1048711] Funny behaviour with CTRL [1288450] keyboard BIOS error [1310706] Keyboard - about key SHIFT [1295981] Ubuntu 5.04 Live-CD won't boot in Bochs [879047] APIC timer behavior different before reset and after [1188506] I still can't install the german Windows XP! [1301847] Windows XP dosn't boot - FXRSTOR problem ? [661259] does not boot QNX under WinX [924412] Keyboard lock states all whacked [681127] MIPSpro compiler (IRIX) is allergic to ^M [1285923] BIOS keyboard handler [516639] ATA controller revisited... [657918] does not boot BeOS under WinX [649245] BeOS CD locks halfway on boot [1094385] Attachment for bug 1090339 (beos failure) [1183196] BeOS 4.5 developer CD does not install [1090339] BeOS fails to boot [639484] panics when int 13 is called [711701] divide by zero [704295] ATAPI/BIOS call missing [682856] hard drive problems [627691] Cursor keys problem [588011] keyboard not working [542260] os/2 warp crashes with floppy handling [1273878] SB16 doesn't work in pure DOS [542254] OS/2 FDC driver dies [1099610] Windows 98 SE Does not install [875479] cr3 problem on task switch [731423] NE2000 causing PANIC on Win2K detection [1156155] bochs fails to boot plan9 iso [1251979] --enable-cpu-level=3 should assume --without-fpu [1257538] Interupt 15h 83h - set wait event interval [658396] Panic for DR DOS emm386 [679339] /? doesn't divulge Bochs command-line syntax [1167016] call/jump/return_protected doesn't support x86-64 [1252432] Mac OS X compile bug [881442] Bochs 2.1 PANIC when loading DOS Turbo Pascal protected mode [1249324] Boch2.2.1 Buffer Overfollow in void bx_local_apic_c::init () [1197144] 'make install' has dependency on wget [1079595] LTR:386TSS: loading tr.limit < 103 [1244070] Compilation Error in gui/rfb.cc [761707] CPU error when trying to start Privateer [517281] Crash running Privateer in DOS... ------------------------------------------------------------------------- Changes in 2.2.1 (July 8, 2005): - Fixed several compilation warnings and errors for different platforms (Volker) - Fixed FPU tag word restore in FXRSTOR instruction (Stanislav) - Added missing scancodes for F11 and F12 to BIOS translation table (Volker) - Bochs disassembler bugfixes (h.johansson) - About 5% emulation speed improvement (h.johansson) - Handle writing of zero to APIC timer initial count register (Stanislav) - Enable Idle-Hack for 'TERM' GUI (h.johansson) - Reduced overhead of BX_SHOW_IPS option to minimum. Now every simulation could run with --enable-show-ips without significant performance penalty. (Stanislav) - Fixed pcipnic register access (Volker) - Limited write support for TFTP server in 'vnet' networking module added (Volker) - Changed some timing defaults to more useful values (Volker) - WinXP/2003 style common controls now supported (Vitaly Vorobyov) - Updated LGPL'd VGABIOS to version 0.5c (Volker) - Added new BX_INSTR_HLT callback to instrumentation (Stanislav) ------------------------------------------------------------------------- Changes in 2.2 (May 28, 2005): Brief summary : - New floating point emulator based on SoftFloat floating point emulation library. - improved x86-64 emulation - Cirrus SVGA card emulation added - status bar with indicators for keyboard, floppy, cdrom and disk (gui dependant) - many improvements in Bochs emulated I/O devices (e.g. PCI subsystem) Detailed change log : - CPU - fixes for booting OS/2 by Dmitri Froloff - fixed v8086 priveleged instruction processing bug (was also reported by LightCone Aug 7 2003) - exception process bug (was reported by Diego Henriquez Sat Nov 15 01:16:51 CET 2003) - segment validation with IRET instruction - CS segment not present exception processing with IRET - several fixes by Kevin Lawton - add MSVC host asm instructions (patch by suzu) - fixed bug in HADDPD/HSUBP
DUMP文件分析4:栈溢出
前面说到过,栈溢出类型的异常通过编程的方式获取DUMP可能不成功,因为栈溢出会破坏SEH(结构化异常处理)框架。实际上,通过DUMP文件来调试栈溢出同样是困难的,因为栈溢出本身一般不会造成异常,异常往往发生在栈溢出破坏栈上的数据之后,同时,由于栈溢出破坏了栈上的数据,使得我们无法对函数调用进行回溯,从而难以定位问题的发生位置。 本节的示例是经dump1简单修改而来,在Crash Me!按钮的消息处
windbg入门教程之crash分析步骤
前期准备 设置源码位置 步骤:File->Source File Path… 说明:源码文件路径是指工程文件.sln的同级目录 设置符号文件位置 步骤:File->Symbol File Path… 说明:符号文件位置是指PDB文件所在的目录 打开dump文件 File->Open Crash Dump… crash 原因分析 当打开dump文件之后,windbg会显示如下...
windbg入门教程之异常报告深入解读
软件异常 异常,顾名思义是指不符合预期的时间发生,由应用程序和操作系统抛出的异常叫做软件异常。 当然我们均不希望发生这些软件异常,但在实际中却常常会遇到因为不良编码导致的异常,比如访问了空指针、访问非法地址、解析json字符串异常等等。 异常处理 为了应对异常,window系统提供了一些API用于获取异常、处理或者控制异常, 为了理解后续的异常信息,我们先了解三个关于异常的API函数: GetE...
Windows 蓝屏代码大全,Bug检查代码参考
浏览器中 ctrl+F 调出查找 属于相应代码即可下表提供了 Bug 检查代码的链接。
硬件/系统

2,641

社区成员

17,239

社区内容

发帖
与我相关
我的任务
社区描述
VC/MFC 硬件/系统
社区管理员
  • 硬件/系统社区
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章