Re: [Qemu-devel] Qemu memory operations

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Qemu memory operations

From:	Steven
Subject:	Re: [Qemu-devel] Qemu memory operations
Date:	Tue, 14 Aug 2012 17:17:40 -0400

Hi, Prathmesh
I am working on getting the guest memory trace too. You said you have
trapped the guest memory access for most instructions. I have three
questions.
1. Did you get the guest physical address for the load/store instructions?
2. The code you pasted seems translated code. The number of input code
could be smaller than this. So don't you think we should trap the
input code, instead of the translated code?

> cmp ecx, [r12+0x4]
> mov r10b, [r13+0x0]
> mov byte [rax+0xf0000], 0x0
> mov byte [rax+rdx], 0x0

3. Suppose that I have a tb block which has only one instruction to be
translated
            mov    0x4(%esp),%edx
    I tried to calculate the guest physical address of 0x4(%esp) in
the above in the function of disas_insns(...), is this possible? Or do
you have any other solutions?
Thanks.


Steven

On Sun, Aug 12, 2012 at 12:31 PM, Prathmesh Kallurkar
<address@hidden> wrote:
> Hello friends,
> I intend to use Qemu to generate a memory trace for the execution of a x86
> guest operating system.
>
> According to tcg wiki page, Qemu uses a handful of helpers to generate
> load/stores to the target(guest) memory.
> This list of instructions is tcg_gen_qemu_ld8s/u, tcg_gen_qemu_ld16s/u,
> tcg_gen_qemu_ld32s/u, tcg_gen_qemu_ld64. (We have a similar set for store
> instructions).
> I am trapping all calls to the above functions in the
> target-i386/translate.c file
>
> However, I am still missing load/stores of certain instructions like
> cmp ecx, [r12+0x4]
> mov r10b, [r13+0x0]
> mov byte [rax+0xf0000], 0x0
> mov byte [rax+rdx], 0x0
>
> Questions ::
> 1) Can someone please point to other load/store points (direct or indirect)
> that I am missing ??
> 2) Does qemu provide a single entry point function for accesses to guest
> memory (like guest_read()) which can be instrumented for tracing all loads
> from the guest memory ???
> 3) Can somebody please point to a good documentation where I can understand
> how qemu maintains the state of the guest memory ??
>
> Thanks in advance.
>
>
> Regards,
> Prathmesh Kallurkar

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Qemu memory operations, Prathmesh Kallurkar, 2012/08/12
- Re: [Qemu-devel] Qemu memory operations, Prathmesh Kallurkar, 2012/08/14
  - Re: [Qemu-devel] Qemu memory operations, Blue Swirl, 2012/08/14
- Re: [Qemu-devel] Qemu memory operations, Steven <=
  - Re: [Qemu-devel] Qemu memory operations, Prathmesh Kallurkar, 2012/08/15
    - Re: [Qemu-devel] Qemu memory operations, Steven, 2012/08/15

Prev by Date: Re: [Qemu-devel] [RFC-v2 3/6] vhost-scsi: add -vhost-scsi host device for use with tcm-vhost
Next by Date: Re: [Qemu-devel] [RFC-v2 3/6] vhost-scsi: add -vhost-scsi host device for use with tcm-vhost
Previous by thread: Re: [Qemu-devel] Qemu memory operations
Next by thread: Re: [Qemu-devel] Qemu memory operations
Index(es):
- Date
- Thread