Hi,
i am trying to hook guest vm memory access (i386-softmmu) by compiling
custom hooking functions into tcg_gen_qemu_{st|ld}*. There are two main
problems: the first is that the output seems weird (see below), the
second is that I am running into a BSOD with my windows xp guest after
some calls (to I modify any values here?). Does anyone of you see
problems? Will that code catch all memory access or is there anything I
will miss? Is there a better method than using a dummy TCGv for the
flx_memtrace_read return value (sth. like hooks of return type void)?
static inline void tcg_gen_qemu_ld8u(TCGv ret, TCGv addr, int mem_index)
{
tcg_gen_qemu_ldst_op(INDEX_op_qemu_ld8u, ret, addr, mem_index);
if(memtrace_enabled){
int sizemask = 0;
sizemask |= tcg_gen_sizemask(0, 0, 0);
sizemask |= tcg_gen_sizemask(1, 0, 0);
sizemask |= tcg_gen_sizemask(2, 0, 0);
TCGv dummy = ret;
tcg_gen_helper4(flx_memtrace_read, sizemask, dummy, ret, addr,
tcg_const_i32(mem_index), tcg_const_i32(8));
}
}
static inline void tcg_gen_helper4(void *func, int sizemask, TCGv_i32 ret,
TCGv_i32 a, TCGv_i32 b, TCGv_i32 c,
TCGv_i32 d)
{
TCGv_ptr fn;
TCGArg args[4];
fn = tcg_const_ptr((tcg_target_long)func);
args[0] = GET_TCGV_I32(a);
args[1] = GET_TCGV_I32(b);
args[2] = GET_TCGV_I32(c);
args[3] = GET_TCGV_I32(d);
tcg_gen_callN(&tcg_ctx, fn, TCG_CALL_CONST | TCG_CALL_PURE, sizemask,
GET_TCGV_I32(ret), 4, args);
tcg_temp_free_ptr(fn);
}
static inline int32_t flx_memtrace_read(int32_t value, int32_t address,
int32_t offset, int32_t size){
if(instrumentation_active){
if(!memtrace_enabled)
printf("memtrace_read called but memtrace disabled! check
invalidation!!!\n");
flx_memtrace_event(value, address, size, 0);
}
return value;
}
Output:
1. Addresses look weird
2. Read values look like addresses and if they are, EIP reads seem to be
included
Read: 0x21664 , Addr: 0x3d4
Read: 0x21666 , Addr: 0xe
Read: 0x2165c , Addr: 0x0
Read: 0x2165e , Addr: 0xe
Read: 0x21660 , Addr: 0x1674
Read: 0x21662 , Addr: 0x42f0
Read: 0x2166a , Addr: 0x0
Read: 0x21668 , Addr: 0x3d4
Write: 0x21662 , Addr: 0x4305
Read: 0x21664 , Addr: 0x3d5
Read: 0x21666 , Addr: 0x0
Read: 0x2165c , Addr: 0x0
Read: 0x2165e , Addr: 0x3d5
Read: 0x21660 , Addr: 0x1674
Read: 0x21662 , Addr: 0x4305
Read: 0x21668 , Addr: 0x3d4
Write: 0x21662 , Addr: 0x4312
Read: 0x21664 , Addr: 0x3d4
Read: 0x21666 , Addr: 0xf
Read: 0x2165c , Addr: 0x0
Read: 0x2165e , Addr: 0xf
Read: 0x21660 , Addr: 0x1674
Read: 0x21662 , Addr: 0x4312
Read: 0x2166a , Addr: 0x0
Read: 0x21668 , Addr: 0x3d4
Write: 0x21662 , Addr: 0x4323
Read: 0x21664 , Addr: 0x3d5
Read: 0x21666 , Addr: 0x0
Read: 0x2165c , Addr: 0x0
Read: 0x2165e , Addr: 0x3d5
Read: 0x21660 , Addr: 0x1674
Read: 0x21662 , Addr: 0x4323
Read: 0x21674 , Addr: 0x168a
Read: 0x21676 , Addr: 0x4507
Read: 0x2168a , Addr: 0x16a
Best regards,
Felix
