Re: [Qemu-devel] dump-guest-memory command?

[Greg Kurz]

On Fri, 16 May 2014 16:51:36 +0800
Jun Koi <address@hidden> wrote:
> On Fri, May 16, 2014 at 4:45 PM, Andreas Färber <address@hidden> wrote:
> 
> > Am 16.05.2014 10:40, schrieb Jun Koi:
> > > What I want
> > > to know is how to map 0x12345 (virtual address) back to the dump file.
> > >
> > > For example, if 0x12345 was executing some filesystem code at the time I
> > > dumped the VM, then I can locate exactly that code in the dumpfile,
> > > thanks to the given RIP address (which is 0x12345 in this example)
> > >
> > > I hope I explain my idea clear enough this time?
> >
> > Using dump-guest-memory sounds more complicated than needed.
> 
> 
> No, this is important, since i can have a whole image to do offline
> analysis.
> 
> 
> > You can
> > just use the monitor commands for disassembling that address
> 
> 
> What is this command? I try "help" but cannot find any. Before I remember
> we had "disas" or something like that, but I cannot find that again in
> latest Qemu code.
> 

It is the 'x' command.

(qemu) x/i $pc

> 
> > or the
> > built-in gdb stub (-s).
> >
> >
> Is this true that this only works for pure emulator, not for kvm-enable VM?
> 

Dunno the status for intel targets... give it a try ! ;)

> Thanks,
> Jun

-- 
Gregory Kurz                                     address@hidden
                                                 address@hidden
Software Engineer @ IBM/Meiosys                  http://www.ibm.com
Tel +33 (0)562 165 496

"Anarchy is about taking complete responsibility for yourself."
        Alan Moore.