this was hell to find out so hope you can use it.
first you need the qemu package from
http://homepage3.nifty.com/takeda-toshiya/qemu/
these debuggers , are the settings down below , is for.
ARM_versatilepb
ARM Versatile/PB
ARM Integrator/CP
ARM Linux kernel
MIPS Malta Core LV (for snippets)
Linux mipsel (full Linux system)
PowerPC 405e (for snippets)
PPC (full Linux system)
Edit the gadb_arch.cfg in ida cfg folder and set the path so it match yours.
set QEMUFLAGS if you are using older version.
small tut
1) load ida
2) load ELF mips file.
3) under options >>>> debugger options, there is an field called set specific options , press that.
the settings pops up we configured the gdb_arch.cfg.
choose wich you want.
4) go to options >>>> Proccesser option .
set the host to localhost and port 1234.
start debugging.
have tried these settings for debugging PPC executable. still little buggy.
So cant set breakpoint in memory and run.
Works for code execution though.
first you need the qemu package from
http://homepage3.nifty.com/takeda-toshiya/qemu/
these debuggers , are the settings down below , is for.
ARM_versatilepb
ARM Versatile/PB
ARM Integrator/CP
ARM Linux kernel
MIPS Malta Core LV (for snippets)
Linux mipsel (full Linux system)
PowerPC 405e (for snippets)
PPC (full Linux system)
Edit the gadb_arch.cfg in ida cfg folder and set the path so it match yours.
set QEMUFLAGS if you are using older version.
Code:
; configurations for "run external program" option
.default ARM_versatilepb
; set various common parameters
set QEMUPATH %ProgramFiles%\QEMU
set QEMUFLAGS -S -gdb tcp::%p,ipv4
; use the following line for QEMU <= 0.10
; set QEMUFLAGS -S -s -p %p
.ARM_versatilepb
name QEMU: ARM Versatile/PB
cpu arm
area DATA RAM 0x00000000:0x08000000
area IO SYSREGS 0x10000000:0x10200000
initial_sp 0x08000000
; %i - input file from "Process Options" dialog
; %e - temporary ELF file created from database contents
; %p - port number
cmdline "$(QEMUPATH)/qemu-system-arm" $(QEMUFLAGS) -kernel "%e" -M versatilepb -cpu cortex-a8
.ARM_integratorcp
name QEMU: ARM Integrator/CP
cpu arm
area DATA RAM 0x00000000:0x08000000
area IO SYSREGS 0x10000000:0x20000000
area DATA RAM 0x80000000:0xc0000000
initial_sp 0x08000000
cmdline "$(QEMUPATH)/qemu-system-arm" $(QEMUFLAGS) -kernel "%e" -M integratorcp -cpu cortex-a8
.ARM_Linux
name QEMU: ARM Linux kernel
cpu arm
area DATA RAM 0x00000000:0x08000000
area IO SYSREGS 0x10000000:0x20000000
area DATA RAM 0x80000000:0xc0000000
initial_sp 0x08000000
cmdline "$(QEMUPATH)/qemu-system-arm" $(QEMUFLAGS) -kernel "%i" -initrd arm_root.img -cpu cortex-a8
.mipsel_Malta
name QEMU: MIPS Malta Core LV (for snippets)
cpu mips
area DATA RAM 0x00000000:0x08000000
area IO ISABASE 0x10000000:0x14000000
area IO ISAIO 0x14000000:0x14010000
area DATA RAM 0x1fbf0000:0x1fc00000
area DATA BIOS 0x1fc00000:0x20000000
area DATA kseg0 0x80000000:0xA0000000
area IO kseg1 0xA0000000:0xC0000000
;area DATA kseg2 0xC0000000:0xFFFFFFFE
initial_sp 0x08000000
cmdline "$(QEMUPATH)/qemu-system-mipsel" $(QEMUFLAGS) -S -gdb tcp::%p,ipv4 -cpu 4Km -kernel "%e"
.mipsel_Linux
name QEMU: Linux mipsel (full Linux system)
cpu mips
area DATA RAM 0x00000000:0x08000000
area IO ISABASE 0x10000000:0x14000000
area IO ISAIO 0x14000000:0x14010000
area DATA RAM 0x1fbf0000:0x1fc00000
area DATA BIOS 0x1fc00000:0x20000000
area DATA kseg0 0x80000000:0xA0000000
area IO kseg1 0xA0000000:0xC0000000
area DATA kseg2 0xC0000000:0xFFFFFFFE
initial_sp 0x08000000
cmdline "$(QEMUPATH)/qemu-system-mipsel" $(QEMUFLAGS) -L . -M mips -kernel "%i" -initrd initrd.gz -hda hda.img -append "root=/dev/ram console=ttyS0"
.ppc_405e
name QEMU: PowerPC 405e (for snippets)
cpu ppc
area DATA RAM 0x00000000:0x08000000
area IO ISABASE 0x80000000:0x81000000
area IO ISAIO 0xfe000000:0xfe200000
area IO PCIIO 0xfec00000:0xfff00000
area DATA PROM 0xfff00000:0xFFFFFFFE
initial_sp 0x08000000
cmdline "$(QEMUPATH)/qemu-system-ppc" $(QEMUFLAGS) -kernel "%e"
.ppc_Linux
name QEMU: Linux PPC (full Linux system)
cpu ppc
area DATA RAM 0x00000000:0x08000000
area IO ISABASE 0x80000000:0x81000000
area IO ISAIO 0xfe000000:0xfe200000
area IO PCIIO 0xfec00000:0xfff00000
area DATA PROM 0xfff00000:0xFFFFFFFE
initial_sp 0x08000000
cmdline "$(QEMUPATH)/qemu-system-ppc" $(QEMUFLAGS) -L . -hdc debian_lenny_powerpc_small.qcowsmall tut
1) load ida
2) load ELF mips file.
3) under options >>>> debugger options, there is an field called set specific options , press that.
the settings pops up we configured the gdb_arch.cfg.
choose wich you want.
4) go to options >>>> Proccesser option .
set the host to localhost and port 1234.
start debugging.
Code:
qemu-system-ppc64.exe" -gdb tcp::%p,ipv4 "%eSo cant set breakpoint in memory and run.
Works for code execution though.