Bochs Emulator and IDA?
The next version of IDA will be released with a bochs debugger plugin, and what is nice about it is that you will be able to use it easily by just downloading bochs executables and telling IDA where to find them.
IDA’s bochs debugger is a plugin that allows you to use bochs’ emulation/debugger inside IDA’s interface and makes your debugging experience easier.
The plugin will come with three of the what we dubbed as “bochs loaders”, so here is a brief explanation:
The first loader, disk image loader, is probably the most simple but yet the most powerful one. It allows you to debug any bochs image of your choice. For example, you could debug boot sector, 16 bit code, and perhaps debug 32 bit code all in the same debugging session. We actually use this bochs loader to debug other bochs loaders!
The second, idb loader, is a 32bit mode loader that allow you to debug anything within the database. The database will be your input file, thus whatever segments exist in the database, will be loaded and mapped into bochs’ virtual memory. The idb loader understands and catches raw cpu exceptions and allows you to specify the startup stack segment’s size.
Finally comes the pe loader, which is a specialized bochs loader, that will read your PE file and create a virtual environment similar to windows environment, trying to mimic basic demands for a PE file (import resolution, SEH, api emulation backed by IDC scripts).