Kernel Debug in QEMU
Environment List
Utility | Version |
---|---|
QEMU | 5.2.0 |
Kernel | 5.11.9 |
Busybox | 1.32.1 |
QEMU
Installation (manual)
- Download QEMU source
- complier
wget https://download.qemu.org/qemu-5.2.0.tar.xz
tar xvJf qemu-5.2.0.tar.xz
cd qemu-5.2.0
./configure
make
Installation (automatic)
- Arch:
pacman -S qemu
- Debian/Ubuntu/Deepin:
apt-get install qemu
- Centos:
yum install qemu-kvm
Kernel
-
Config
make defconfig
-
Compile
make bzImage -j8 make modules
Now you have these file:
- vmlinux
arch/[arch_name]/boot/bzImage - *.ko
Rootfs
-
Compile busybox
-
Download Busybox source
-
tar xvf busybox-1.32.1.tar.bz2
-
cd busybox-1.32.1
-
make defconfig
-
make menuconfig
and set build staticlyBusybox Settings ---> --- Build Options [*] Build BusyBox as a static binary (no shared libs)
-
make -j8
-
-
Make disk
cd [linux-kerne-dir]
qemu-img create -f raw disk.raw 256M
mkfs -f ext4 ./disk.raw
mkdir img && sudo mount -o loop ./disk.raw ./img
sudo make modules_install INSTALL_MOD_PATH=./img
-
Migrate busybox to disk
cd busybox-1.32.1
make CONFIG_PREFIX=[path_to_disk_img_mount_point] install
-
Configuration on rootfs
- Edit inittab
::sysinit:/etc/init.d/rcS ::askfirst:/bin/ash ::ctrlaltdel:/sbin/reboot ::shutdown:/sbin/swapoff -a ::shutdown:/bin/umount -a -r ::restart:/sbin/init
-
Create
etc/init.d/rcS
#!/bin/sh mount -t proc proc /proc mount -t sysfs sysfs /sys
-
Create directory
sudo mkdir {dev, proc, sys}
Start
qemu-system-x86_64 -m 512M -smp 4 -kernel ./bzImage -drive format=raw,file=./disk.raw -append "init=/linuxrc root=/dev/sda console=S0"
Errors
-
when compiling busybox, error message comes out as : can not found -lcrypt.
While I did have libcrypt.so in /usr/lib/, thus all you need is static
library of crypt, which named libcrypt.a.Just download source file and compile one, then move it to /usr/lib..
-
when you meet
/bin/sh:can‘t access tyy; job control turned off
just add-
to::askfirst:/bin/ash
before/bin/ash
.
/etc/inittable文件中每个条目用来定义一个子进程,并确定它的启动方法,格式定义如下:
<id>:<runlevels>:<action>:<process>
例如:
ttySAC0::askfirst:-/bin/sh
对于Busybox init进程,上述各个字段作用如下:<id>
: 表示这个子进程要使用的控制台(既标准输入、标准输出、标准错误设备)。若果省略,则使用与init进程一样的控制台<runlevels>
:对于busybox init程序,这个字段没有意思,可以省略。<action>
:表示init进程如何控制这个子进程。<process>
:要执行的程序,它可以只可执行程序,也可以是脚本
如果<process>
字段前有“-”字符,这个程序被称为“交互的”