|
| From: | anton . trapanese |
| Subject: | Dynamically change system state |
| Date: | Mon, 30 Jan 2023 15:56:39 +0000 |
| User-agent: | Horde Application Framework 5 |
Hi, I'm a new user of Qemu and i'm sending this mail to ask if it is possible to change the system state during execution in some way. Let me explain my scenario:
I'm running Qemu 7.0.0 in system mode, in particular I'm emulating a MPC8548 Power PC board, which is running an hypervisor, which is running two virtual boards on top. The first VB send through a channel some data to the second one. The second VB just prints the data received on a serial port.
What I'd like to do, is modifying the inputs sent by VB1 to VB2 dynamically, "from the outside", without having to recompile the entire project and restart the execution. My first guess was using TCG plugins, but when I opened the documentation one of the first sentence is, and I quote: "TCG plugins are unable to change the system state, only monitor it passively", which made me think that this is not the answer. However, I happened to come across a paper that talked about the possibilities of mutation fuzzing on Qemu. Basically what these guys did was dynamically inserting a new Translation Block (with a modified intermediate code) and put in place of the original TB, effectively changing the istructions. Now, as I mentioned earlier, I'm very new to Qemu and i definetly lack a lot of knowledge, and that is why I'm making this question in the first place: Didn't they change the system state with plugins, or am I interpreting it the wrong way? Is it possible to change the system's behavior/instructions after all? If so, how?
I should also mention that the guys who wrote the paper were working in user mode, while I'm working in system mode.
Thank you for you time, regards Antonio
| [Prev in Thread] | Current Thread | [Next in Thread] |