Debugging BIOS under VMWare using IDA’s GDB debugger

This is a very special task “To debug BIOS”. But we can do it, using TRUE soft. You must install on your system VMWare Workstation and IDA.

First thing, that you must do – to read article from HexRays. In this article were wrote method of Windows Kernel debugging, using VMWare + IDA. I’ll write some general information from this article and methods of BIOS debugging below.

So. Let’s go.

1. Create some VM with  system. I’m using Windows XP SP3 and VMWare 7.0

This is my VM:

2. Editing of *.vmx file. All settings of VM were stored in *.vmx and we must to edit it for start VM in

special mode. Open it with notepad and add next lines:

debugStub.listen.guest32 = “TRUE” – Allows debugging from a different computer / VM instead of localhost. # The IP for remote debugging will be that of the host.

debugStub.hideBreakpoints = “TRUE”  – Allows gdb breakpoints to work

monitor.debugOnStartGuest32 = “TRUE”  – Breaks into debug stub on first instruction (warning: in BIOS!) # This will halt the VM at the very first instructionat 0xFFFF0, you could set the next breakpoint to break *0x7c00 to break when the bootloader is loaded by the BIOS

This is  my config:

About other setting you can read here

3. Run your VM and start IDA.  If you use VM 7.0 you can see next window:

But in VM 6.5 you can see only black window.

Now your VM is ready for experiments. It’s a time to start IDA.

4. IDA

I’m using IDA 5.5.

After start choose menu option debugger/attach/remote gdb debuger:

and choose Hostname: localhost  and port 8832 like here:

and use <attach to the process started on target> :

And after IDA working you can get something like this:

Go “Step Into” and you can see the beginning if BIOS code and can debug BIOS on your VM.

Using this method you can debug start of system loading. 🙂

But i have some problems with VMWare 7.0. If you have problems try to use VMWare 6.5.

I used Win 7. Maybe  in this system VMWare or IDA has strange behavior.

As you know there are many BIOS’s and many its configuration. This article helps you to choose the

configuration, what you need.

P.S.  Enjoi and sorry for my English and mistakes. 🙂

2 thoughts on “Debugging BIOS under VMWare using IDA’s GDB debugger

  1. I tried to use this but my IDA hang up and nothing helped, but ida64.exe started normally.
    Them i tried to run it as admin and nope again.
    I noticed that IDA is loading HEXRAYS and than hang

    The solution is to remove hexrays plugin from plugin dir and ida working fine.

    Reply
  2. fntdv says:

    I’ll try this method. I think this problem reproduced only on Win7, because yesterday we debugged BIOS with IDA+hexrays without problems.

    Reply

Leave a comment