Debugging with QEMU

Using the "Run external program" option it is easy to debug small ARM, MIPS or PowePC code snippets directly from inside IDA.

1) Download and install QEMU. Win32 builds can be downloaded from http://homepage3.nifty.com/takeda-toshiya/qemu/.

2) Edit cfg\gdb_arch.cfg file and change the "set QEMUPATH" line to point to the install directory of QEMU.

3) In Remote GDB Debugger options (Debugger|Debugger options, Set specific options), enable "Run a program before debugging".

4) Click "Choose a configuration" and choose a predefined configuration. Choose "for snippets", if mentioned.

5) If necessary, edit the command line or memory map.

6) Click OK, OK to confirm and close the options dialog.

7) In Debugger|Process options make sure that Hostname is set to "localhost" and port is non-zero.

8) Select the code range to emulate or at least the first instruction. Alternatively, you can rename the starting address "ENTRY" and end address as "EXIT".

9) Choose Debugger|Run or press F9.

IDA will write the database into an ELF file (if %e was specified), start QEMU with the specified command line and connect to its GDB stub. It will set the SP and PC values so that the code can be stepped through.

NOTE: While it can be very useful, QEMU emulation has certain limitations: 1) the memory map is usually fixed at compile time. So if your program addresses intersect some of the system regions as specified by the memory map, IDA will refuse to start debugging. In that case, you can either rebase the program so that it fits into RAM regions or check other QEMU board configurations for a compatible memory layout.

2) the emulation starts at the system (kernel) level when there is no OS loaded. That means that system calls and imported functions will not work.

3) the hardware access will only work to the extent emulated by QEMU. If the code you are emulating does not match the chosen board configuration of QEMU, the code accessing the hardware most likely will not work properly, if at all.

See also:

Last updated

Was this helpful?