https://github.com/therealdreg/bochs-bed

Bochs Enhaced Debugger (bochs-bed). A modern console debug experience.
https://github.com/therealdreg/bochs-bed

alpha bochs debugger debugging-tool emulator kernel poc x86 x86-64

Last synced: about 1 month ago
JSON representation

Bochs Enhaced Debugger (bochs-bed). A modern console debug experience.

• Host: GitHub
• URL: https://github.com/therealdreg/bochs-bed
• Owner: therealdreg
• License: mit
• Created: 2022-07-18T04:14:14.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2023-08-11T06:26:19.000Z (almost 2 years ago)
• Last Synced: 2025-03-24T07:13:56.317Z (2 months ago)
• Topics: alpha, bochs, debugger, debugging-tool, emulator, kernel, poc, x86, x86-64
• Language: C++
• Homepage: https://rootkit.es/
• Size: 14.3 MB
• Stars: 5
• Watchers: 4
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

        
# Bochs Enhaced Debugger (bochs-bed)

 A modern console debug experience for Bochs 

![deflayout](img/deflayout.png)

**WARNING:** its just a POC yet (alpha version)

Btw, the code is crap and only works with boch_x64 + 32 bits OS like Linux or Windows

# patch memory & hexdump

![patchhexdump](img/patchhexdump.png)

# flags manipulation

![flags](img/flags.png)

# telescope / dereference

![telescope](img/telescope.png)

# watch memory

![watchcmd](img/watchcmd.png)

# help

```

help: instrument phelp

show context: instrument ctx

hexdump: instrument hexdump<0xADDR> Ex: instrument hexdump0xF737CAE4

hexdump next chunk: instrument hexdump

patch memory: instrument patchb<0xADDR>_<0xBYTE1_0xBYTE2...> Ex: instrument patchb0xF737CAE4_0x69_0x68_0x67_0x66

set/unset flags: instrument setf<1|0Flag...> Ex: (ID = 1, IOPL = 0, TF = 1) instrument setf1id0iopl1tf

disassemble: instrument dis<0xADDR> Ex: instrument dis0x80537F58

disassemble next chunk: instrument disassemble

watch memory: instrument watch<0xADDR>[_0xNR-LINES] Ex: instrument watch0x80537F58_0x3

remove watch memory: instrument watch0

dereference/telescope: instrument tel<0xADDR><_0xDEPTH> Ex: instrument tel0xF737CAE8n0x3_0x5

remove layout: instrument layout

add layout: instrument layout Ex: instrument layoutstackasmregs

convert address to symbol: instrument hexdump<0xADDR>

```

# Related

- https://github.com/therealdreg/ida_bochs_windows

- https://github.com/therealdreg/pdbdump_bochs

# credits

- inspired by GDB-GEF https://github.com/hugsy/gef

- https://github.com/stlintel/Bochs

- https://bochs.sourceforge.io/