Bochs Emulator and IDA?

Bochs emulator
The next version of IDA will be released with a bochs debugger plugin, and what is nice about is that you will be able to use it easily by just downloading bochs executables and telling IDA where to find it.

IDA’s bochs debugger is a plugin that allow you to use bochs’ emulation/debugger inside IDA’s interface, but not just only that, but to make your debugging experience easier.
The plugin will come with three of the what we dubbed as “bochs loaders”, so here is a brief explanation:
The first loader, disk image loader, is probably the most simple but yet the most powerful one. It allows you to debug any bochs image of your choice. For example, you could debug boot sector, 16 bit code, and perhaps debug 32 bit code all in the same debugging session. We actually use this bochs loader to debug other bochs loaders!
The second, idb loader, is a 32bit mode loader that allow you to debug anything within the database. The database will be your input file, thus whatever segments exist in the database, will be loaded and mapped into bochs’ virtual memory. The idb loader understands and catches raw cpu exceptions and allows you to specify the startup stack segment’s size.
Finally comes the pe loader, which is a specialized bochs loader, that will read your PE file and create a virtual environment similar to windows environment, trying to mimic basic demands for a PE file (import resolution, SEH, api emulation backed by IDC scripts).
This plugin is still under development, however we put a small video demonstrating the IDB loader.
Here’s a small video:

Published by

Elias Bachaalany

Hi, I am Elias, a former Hex-Rays employee and an IDA Pro enthusiast. I love reverse engineering and more especially writing tools and articles about it. I also co-authored a couple of books on the topic, which you can see on (

10 thoughts on “Bochs Emulator and IDA?”

  1. Ben, I strongly suggest that Ilfak keep the warning. You are making a (rational, granted) assumption that Bochs and/or this plugin don’t have any “escape-to-host” bugs lurking. This may not be the case! Executing ANY piece of code is ALWAYS dangerous unless you have a formally verified system (ie: proved through discrete mathematics), and even that assumes your proof is valid.
    Kad: QEMU is a virtualizer, while Bochs is actually an interpreter. While QEMU is “faster” (and even that is coming under doubt after Derek’s changes to the engine in the latest two releases), Bochs is much more *correct* in its emulation of the x86 architecture and the side-effects of operands. Bochs was the better choice.
    Best regards,
    Alex Ionescu

  2. I’ll leave the technical questions to Elias and just answer the two other 😉
    Ben, we implemented the “safe debugger” feature the 2nd of October.
    R, we will try to release the new version, which will include the bochs debugger and other things, before the end of the year.

  3. Sven Hesse: In theory it is possible, but currently it is uncertain whether we will implement it for Linux.
    TF_kj: anti-Bochs emulator tricks? not sure exactly what you mean. Is it like a code that can detect / disrupt bochs’ emulation?

  4. Hi Ilfak,
    There, Im currently trying to get Bochs to work with IDA however I continually get the error “Failed to inspect registers” when I try to actually debug something, I feel there is something obvious I am missing but I cant see what.

  5. Hello Alex,
    This problem usually happens because you’re using IDA Pro 5.4 with Bochs 2.4 (and it is not supported)
    IDA Pro 5.5 solves the problem, nonetheless if you have any other issues please contact us directly at the support email address.
    Thank you

Comments are closed.