Xendbg: A Full-Featured Debugger for the Xen Hypervisor
xendbg is a full-featured debugger for both HVM and PV Xen guests. It can act as a stub server for LLDB, allowing users to do their work in a familiar environment, and also provides a standalone REPL with all the standard comfort features of popular debuggers: contextual tab-completion, expressions, and variables. While there are indeed some minor quirks involved in debugging Xen guests, users of xendbg can generally expect an experience quite similar to that of debugging a local binary — particularly when operating on unikernels, which are just single binaries.
xendbg can run in two modes. The first, REPL mode, is a simple command line interface that allows xendbg to run entirely as a standalone CLI application. The user can start the REPL, attach to a guest, and perform debugging operations via a simple command set, with tab-completion available for all commands and applicable parameters. There is also a basic expression evaluator that can access registers and memory as well as save values to variables.
For more intensive work, or simply for those already familiar with LLDB, xendbg also has an LLDB server mode, in which it attaches to a guest and acts as a debugging backend, exposing a port that LLDB can connect to with the gdb-remote command. When a user enters commands into LLDB, it will instruct xendbg to perform various operations and fetch data on its behalf, providing an essentially seamless debugging experience. Server mode also supports a multi-guest option, in which xendbg opens a separate GDB remote port for each running guest, opening and closing ports as guests are created and destroyed.
Both modes support all the features commonly associated with debuggers: memory and register I/O, single stepping, breakpoints, and watchpoints. All these are available for both PV and HVM guests, except watchpoints, which are only supported on HVM due to limitations of the Xen VMI API.
Download the tool from our NCC Group Github.
For more information, read the detailed blog post from Spencer Michaels.