vxworks在shell下设置断点调试

第一步:进入shell模式

Switch#mEnter into super shell mode!!

BCM.0> shell

->

第二步:反汇编要设置的断点所在的函数

l fsFileValidCheck

一直执行l进行反汇编,直到找到需要设置断点的位置为止。

-> l fsFileValidCheck

                        fsFileValidCheck:

0xafbd18  9421ffc0    stwu        r1,-64(r1)

0xafbd1c  7c0802a6    mfspr       r0,LR

0xafbd20  9361002c    stw         r27,44(r1)

0xafbd24  93810030    stw         r28,48(r1)

0xafbd28  93a10034    stw         r29,52(r1)

0xafbd2c  93c10038    stw         r30,56(r1)

0xafbd30  93e1003c    stw         r31,60(r1)

0xafbd34  90010044    stw         r0,68(r1)

0xafbd38  7cbc2b78    or          r28,r5,r5

0xafbd3c  817c0000    lwz         r11,0(r28)

value = 11517248 = 0xafbd40 = fsFileValidCheck + 0x28

-> l

0xafbd40  7cde3378    or          r30,r6,r6

0xafbd44  801e0000    lwz         r0,0(r30)

0xafbd48  7c9f2378    or          r31,r4,r4

0xafbd4c  813f0008    lwz         r9,8(r31)

0xafbd50  7c7b1b78    or          r27,r3,r3

0xafbd54  9001000c    stw         r0,12(r1)

0xafbd58  71200010    andi.       r0,r9,0x10

0xafbd5c  91610008    stw         r11,8(r1)

0xafbd60  418200c4    bc          0xc,2, 0xafbe24 # 0x00afbe24

0xafbd64  801f0000    lwz         r0,0(r31)

value = 11517288 = 0xafbd68 = fsFileValidCheck + 0x50

…………..

-> l

0xafbf48  7f83e378    or          r3,r28,r28

0xafbf4c  7fbdf214    add         r29,r29,r30

0xafbf50  4b5bfbdd    bl          0xbbb2c # strlen

0xafbf54  7c651b78    or          r5,r3,r3

0xafbf58  7fa3eb78    or          r3,r29,r29

0xafbf5c  7f84e378    or          r4,r28,r28

0xafbf60  4b5bfa9d    bl          0xbb9fc # strncmp

0xafbf64  2c030000    cmpi        crf0,0,r3,0x0 # 0

0xafbf68  41820028    bc          0xc,2, 0xafbf90 # 0x00afbf90

0xafbf6c  3d2001ae    lis         r9,0x1ae # 430

value = 11517808 = 0xafbf70 = fsFileValidCheck + 0x258

第三步:设置断点,并退出shell

-> b 0xafbf60

value = 0 = 0x0

-> exit

BCM.0> exit

第四步:执行命令

Switch#copy ftp://xzy:[email protected]/boot.rom boot.rom

Confirm to overwrite the existed destination file?  [Y/N]:

220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...

331 User name okay, need password.

230 User logged in, proceed.

200 Type set to I.

200 PORT Command successful.

150 Opening BINARY mode data connection for boot.rom (3085200 bytes).

Recv total 3085200 bytes

226 Transfer complete.

Close ftp client.

 

pTypeStr = [email protected]=HCDG=YY

 

Break at 0x00afbf60: fsFileValidCheck+0x248    Task: 0x1a5e1610 (ftpCopyFile)

第五步:再次进入shell模式

Enter into super shell mode!!

BCM.0> shell

 

->

输入i查看任务的状态

-> i

 

  NAME        ENTRY       TID    PRI   STATUS      PC       SP     ERRNO  DELAY

---------- ------------ -------- --- ---------- -------- -------- ------- -----

tExcTask   excTask      1effe718   0 PEND        10652c8 1effe5f8       0     0

tLogTask   logTask      1effbd30   0 PEND        10652c8 1effbc20       0     0

tShell     shell        1a5d7e78   1 READY        bc0b60 1a5d7a58       0     0

shellMsgTasinit_shell_m 1ef15eb0   5 DELAY        bc04ac 1ef15bb0   30065     4

cpu_measuremeasure_cpu_ 1a60ed10   6 DELAY        bc04ac 1a60ec30       0    66

tLogMsg    logMsgTask   1e00e778   8 PEND         bbb26c 1e00e688       0     0

tWatchDog  d8f24        1a60d290  10 PEND+T      10652c8 1a60d140   30065   691

tSDiag     sdiag_entry  1dbb5d40  20 PEND        10652c8 1dbb5ae0       0     0

tRxDaemon  rateLimitDea 1db56ff8  38 DELAY        bc04ac 1db56f18       0     4

bcmTX      _bcm_tx_call 1e9aec38  39 PEND         bbb26c 1e9aeb38       0     0

bcmXGS3Asyn_xgs3_async_ 1e9aa9d0  39 PEND         bbba80 1e9aa8c0       0     0

tRCUdpc    c47f4        1dfe9a28  46 PEND        10652c8 1dfe9908       0     0

tDMLL1Tx   1fa224       1dbb0c10  48 PEND        10652c8 1dbb0b00       0     0

bcmRX      rx_pkt_threa 1db607b0  48 PEND+T       bbb26c 1db60680  3d0004     2

bcmDPC     sal_dpc_thre 1ef028b8  50 PEND         bbb26c 1ef027d8       0     0

tFastLink  fast_link_ma 1b8e7a80  50 PEND        10652c8 1b8e7960       0     0

pbrTimer   pbr_timer    1b1fedd8  50 DELAY        bc04ac 1b1fed28       0  1596

tDpc       c47f4        1dff5c68  55 PEND        10652c8 1dff5b48       0     0

tLacp      lacp_main_ta 1af381a0  58 PEND+T       bbb26c 1af37ac0  3d0004    20

tFDBTmr    d2d80        1d083098  60 PEND         bbb26c 1d082fc8       0     0

tMstp      5e3fc4       1b360158  60 PEND+T       bbb26c 1b35d9b8  3d0004    25

tNeighApp  230edc       1de0e9e8  61 PEND        10652c8 1de0e8a8       0     0

tLoopback  loopback_det 1b0948d0  61 PEND        10652c8 1b094750       0     0

tUldp      uldp_main    1b05bd68  61 PEND        10652c8 1b05bc08       0     0

tAAAMainTasaaaMainTask  1b7b5410  62 PEND+T       bbb26c 1b7b4030  3d0004    51

tNACTask   network_acce 1b39ce58  62 PEND+T       bbb26c 1b39c778  3d0004    46

tPppoeIa   pppoe_ia_mai 1b38a238  62 PEND+T      10652c8 1b38a108  3d0004    11

tIgmpsnoopiigmp_snoopin 1b300008  63 PEND+T       bbb26c 1b2ff918  3d0004    36

tMldsnoopinmld_snooping 1b2f3c08  63 PEND        10652c8 1b2f3ab8       0     0

tLldp      lldp_main    1b09a738  64 PEND+T       bbb26c 1b09a058  3d0004    26

tVlanMsg   execVlanEven 1d9e8950  65 PEND        10652c8 1d9e87e0  3d0004     0

tMrpp      mrpp_main    1b0a9730  65 PEND        10652c8 1b0a95c0       0     0

tUlpp      ulpp_main    1b051658  65 PEND+T      10652c8 1b0514f8  3d0004    10

tUlsm      ulsm_main    1b046f48  65 PEND+T      10652c8 1b046e18  3d0004     6

tIPTimer   277694       1df617e8  69 PEND         bbb26c 1df61718  3d0002     0

tPoePwInt  poePowerUpDo 1da18490  69 DELAY        bc04ac 1da183e0       0    74

tGvrpTimer d2d80        1b36a118  69 PEND         bbb26c 1b36a048       0     0

tphyDaemon serialDaemon 1a5f4910  69 PEND+T       bbb26c 1a5f4820  3d0004    53

tDftInput  228d0c       1df42aa0  70 PEND         bbb26c 1df429c0       0     0

tHgTest    drvHgTest    1db599c8  70 DELAY        bbceb4 1db595e8       0     1

tClusterv2Tclusterv2Tas 1b208cd8  70 PEND+T       bbb26c 1b2085f8  3d0004    32

tSflow     sflow_main   1b0703f0  70 PEND+T      10652c8 1b0702a0  3d0004    27

tIpfix     ipfix_main   1b069578  70 PEND+T       bbb26c 1b068e78  3d0004    22

tL2Input   228d0c       1df5c790  71 PEND         bbb26c 1df5c6b0       0     0

tNetInput  228d0c       1df4f918  72 PEND         bbb26c 1df4f838  3d0001     0

tNdpsTask  ndp_snooping 1b375548  72 PEND+T       bbb26c 1b374e78  3d0004   308

tL2DrvUpdat1fabec       1e35cc78  79 PEND        10652c8 1e35cb48       0     0

bcmLINK.0  _bcm_esw_lin 1e3eaad0  80 READY        bbd4ac 1e3ea8f0  3d0004     0

bcmLINK.1  _bcm_esw_lin 1e0ed990  70 READY+I      bbceb4 1e0ed5e0  3d0004     0

tSflowInput228d0c       1df35c28  80 PEND         bbb26c 1df35b48       0     0

bcmL2X.0   _soc_l2x_thr 1d9e3680  80 PEND+T       bbb26c 1d9e3550  3d0004    22

bcmL2X.1   _soc_l2x_thr 1e0e9780  80 PEND+T       bbb26c 1e0e9650  3d0004    16

shellTask  console_task 1a613dc0  80 PEND+T       bbb26c 1a612e80  3d0004   137

zL2_shell  l2_shell_ent 1ac520c8  86 PEND+T       bbb26c 1ac51858  3d0002     1

zIMI       imi_entry    1ab04de8  88 READY        bbb26c 1ab044d8  3d0004     0

zNSM       nsm_entry    1ae1cdc0  89 READY        bbb26c 1ae1c540  3d0004     0

tTelnetd   telnet_serve 1b894178  90 READY        bbb26c 1b893598  3d0004     0

zOSPF      ospf_entry   1ac48250  90 PEND         bbb26c 1ac479e0  3d0004     0

zBGP       bgp_entry    1ac431f8  90 PEND         bbb26c 1ac42978      16     0

zRIP       rip_entry    1ac3e1a0  90 PEND         bbb26c 1ac3d930      16     0

zMSDP      msdp_entry   1ac39148  90 PEND         bbb26c 1ac388c8       0     0

zRIPNGD    ripng_entry  1ac2efe8  90 PEND         bbb26c 1ac2e778       0     0

zLDPD      ldp_entry    1ac29f38  90 PEND         bbb26c 1ac296c8      16     0

zOSPF6D    ospf6_entry  1ac20068  90 PEND         bbb26c 1ac1f7f8      16     0

zPIM6D     pim6_entry   1ac1afb8  90 PEND         bbb26c 1ac1a738       0     0

tSNTP      startSNTP    1b233e98  92 PEND+T       bbb26c 1b233788  3d0004   179

tNTP       startNTP     1b219e08  92 PEND+T       bbb26c 1b219698  3d0004    16

zPIMD      pim_entry    1ac34098  92 PEND         bbb26c 1ac33818      16     0

zDVMRPD    dvmrp_entry  1ac15f08  92 PEND         bbb26c 1ac15688      16     0

tVlanSync  5c1e80       1e359d78  96 PEND         bbb26c 1e359c78       0     0

tSyncFlushFsyncFlushFdb 1d08d148  96 PEND+T      10652c8 1d08cfe8  3d0004     3

tMonitorFdbmonitorFdbCh 1d0880f0  96 READY       10652c8 1d087fc0  3d0004     0

tTffsPTask flPollTask   1effa408 100 READY        bc04ac 1effa358       0     0

tMacbindTmrd2d80        1b2ed918 100 PEND         bbb26c 1b2ed848       0     0

tAntiArpscaansTask      1b0ae698 100 READY       10652c8 1b0ae558  3d0004     0

tSsld      ssl_main     1af2cb70 100 PEND        10652c8 1af2c990       0     0

tGratuitousgratuitous_a 1a5fdcc0 100 DELAY        bc04ac 1a5fdc00       0   124

tDhcpRcv   fnDhcpReceiv 1b59c8e0 110 PEND+T       bbb26c 1b59a900  3d0004   119

tDhcp6Rcv  fnDhcp6Recei 1b56fd40 110 PEND         bbb26c 1b56e5c0  3d0002     0

tSnmpd     42cd04       1b1deda8 110 PEND+T       bbb26c 1b1dd928  3d0004    12

tDnsTask   dns_main     1ae21ed0 110 PEND+T       bbb26c 1ae215c0  3d0004     8

tDhcpcTask fnDhcpClient 1b586738 115 PEND+T       bbb26c 1b5855f8  3d0004    99

bcmCNTR.0  soc_counter_ 1ea22378 120 PEND+T       bbb26c 1ea22268  3d0004     4

bcmCNTR.1  soc_counter_ 1e344af0 120 READY        bbb26c 1e3449e0  3d0004     0

ttyTask    ttyTask      1e0021f0 120 PEND        10652c8 1e001c10       0     0

tNeighFlush230b00       1de14d70 120 DELAY        bc04ac 1de14ca0  3d0002    28

tDmlL1Timerd2d80        1dbaaae0 120 PEND         bbb26c 1dbaaa10       0     0

tTimeRange pfTimeRange  1b1fcab8 120 DELAY        bc04ac 1b1fca18       0   142

tTftpServernew_tftp_ser 1b0bb920 120 PEND+T       bbb26c 1b0bad40  3d0004     3

tSshdTask  ssh_main     1b841f80 130 PEND+T       bbb26c 1b8413e0  3d0004    22

tFtpTask   ftpbackup_ma 1b6aa530 130 PEND+T       bbb26c 1b6a9e20  3d0004    16

tHwMonitor hwMonitor    1a605000 136 DELAY        bc04ac 1a604f20       0    60

tDevMonitorhwDevMonitor 1a5fff50 136 DELAY        bc04ac 1a5ffeb0       0     6

tFtpStart  ftpServerCon 1b0be298 150 PEND+T       bbb26c 1b0bdb18  3d0004     1

ftpCopyFilerun_ftp_copy 1a5e1610 150 SUSPEND      afbf60 1a5e0b40  3d0004     0

tL3DrvUpdat208550       1b9d3258 160 PEND        10652c8 1b9d30d8  3d0004     0

tDcacheUpd dcacheUpd    1ef58f28 250 READY        bc04ac 1ef58e68       0     0

value = 0 = 0x0

输入ti查看寄存器的使用情况

-> ti

 

  NAME        ENTRY       TID    PRI   STATUS      PC       SP     ERRNO  DELAY

---------- ------------ -------- --- ---------- -------- -------- ------- -----

ftpCopyFilerun_ftp_copy 1a5e1610 150 SUSPEND      afbf60 1a5e0b40  3d0004     0

 

stack: base 0x1a5e1610  end 0x1a5da0b8  size 29720  high 11136  margin 18584

 

options: 0xc

VX_DEALLOC_STACK    VX_FP_TASK         

 

VxWorks Events

--------------

Events Pended on    : Not Pended

Received Events     : 0x0

Options             : N/A

 

r0     =        0   sp     = 1a5e0b40   r2     =        0   r3     = 1a265c74

r4     =  1418cf0   r5     =        d   r6     =        0   r7     =        a

r8     =        3   r9     =  1418cf0   r10    = 1a5e1610   r11    = 1a5e1610

r12    = 20000028   r13    =        0   r14    =        0   r15    =        0

r16    =        0   r17    =        0   r18    =        0   r19    =        0

r20    =        0   r21    =        0   r22    =        0   r23    =        0

r24    =  2000000   r25    = 1a5e0f30   r26    =  1ae0000   r27    =        7

r28    =  1418cf0   r29    = 1a265c74   r30    =      134   r31    =  17e99b0

msr    =     b032   lr     =   afbf54   ctr    =        0   pc     =   afbf60

cr     = 20000084   xer    =        0

 

fpcsr  =        0

fr0    =      NaN   fr1    =      NaN   fr2    =      NaN   fr3    =      NaN

fr4    =      NaN   fr5    =      NaN   fr6    =      NaN   fr7    =      NaN

fr8    =      NaN   fr9    =      NaN   fr10   =      NaN   fr11   =      NaN

fr12   =      NaN   fr13   =      NaN   fr14   =      NaN   fr15   =      NaN

fr16   =      NaN   fr17   =      NaN   fr18   =      NaN   fr19   =      NaN

fr20   =      NaN   fr21   =      NaN   fr22   =      NaN   fr23   =      NaN

fr24   =      NaN   fr25   =      NaN   fr26   =      NaN   fr27   =      NaN

fr28   =      NaN   fr29   =      NaN   fr30   =      NaN   fr31   =      NaN

value = 0 = 0x0

通过第二步中的汇编代码,得出r3r4strncmp的参数,执行

-> d 0x1a265c74 (d 0x1418cf0)查看strncmp的两个参数的值

1a265c70:            3d45 4946 403d 4843 4447 3d59   *    [email protected]=HCDG=Y*

1a265c80:  5900 0000 0000 0000 0000 0000 0000 0000   *Y...............*

1a265c90:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265ca0:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265cb0:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265cc0:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265cd0:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265ce0:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265cf0:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265d00:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265d10:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265d20:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265d30:  0000 0000 0000 0000 0000 0000 0000 0000   *................*

1a265d40:  3860 0002 3c80 e000 6084 0000 3ca0 0020   *8`..<...`...<.. *

1a265d50:  7c00 04ac 4c00 012c 7cb3 fba6 3ca0 0002   *|...L..,|...<...*

1a265d60:  90a4 0110 3ca0 0010 90a4 0800 4c00 012c   *....<.......L..,*

1a265d70:  3ca0 e000                                 *<...............*

value = 21 = 0x15

执行

-> c 继续任务的继续执行

阅读更多

更多精彩内容