Hi,
since some people independently asked me if I got memory access tracing
working, here is how one can do it for the archive:
I did this on a 64bit Host with a 32bit x86 Guest
Patch tcg/tcg-op.h:
tcg_gen_qemu_ld* functions are responsible to read from memory
tcg_gen_qemu_st* functions are responsible to write to memory
Arguments:
Memory access functions have the arguments (ret/arg, addr, mem_index) ,
you can ignore mem_index in this use case and use ret/arg as the value
to be read/written and addr as the address which will be accessed.
Patch target-i386/translate.c
Write your own memtrace_read/memtrace_write function in
target-i386/translate.c and use gen_helper there to translate your hook.
Call these functions from tcg/tcg-op.h
Example:
in tcg/tcg-op.h:
static inline void
tcg_gen_qemu_st8(TCGv arg, TCGv addr, int mem_index)
{
#if TARGET_LONG_BITS == 32
tcg_gen_op3i_i32(INDEX_op_qemu_st8, arg, addr, mem_index);
#else
tcg_gen_op4i_i32(INDEX_op_qemu_st8, TCGV_LOW(arg), TCGV_LOW(addr),
TCGV_HIGH(addr), mem_index);
#endif
flx_memtrace_write(arg, addr, 8); // Custom function where the hook
will be translated
}
in target-i386/translate.c:
void flx_memtrace_write(TCGv arg, TCGv addr, uint8_t size){
gen_helper_flx_memtrace_write(arg, addr, tcg_const_i32(size));
}
in target-i386/helper.h:
DEF_HELPER_3(flx_memtrace_write, void, i64, i64, i32)
in target-i386/op_helper.c:
void helper_flx_memtrace_write(uint64_t value, uint64_t address,
uint32_t size){
// so sth. with the write event...
}
I hope this will help everyone which wants to do that in the future.
Regards,
Felix
