Hello,
I am currently implementing some heuristics using a patched qemu
(i386-softmmu). Two of them take some time for each vm memory access. If
I run them both, suddenly qemu segfaults while executing a BBL. Using
just one of them never triggers this problem. Are there any known timing
issue
On 06/25/2011 06:26 AM, Mulyadi Santosa wrote:
On Sat, Jun 25, 2011 at 09:34, felix.matenaar@rwth-aachen
wrote:
Hello,
I am currently implementing some heuristics using a patched qemu
(i386-softmmu). Two of them take some time for each vm memory access. If I
run them both, suddenly qemu
On 06/25/2011 10:02 PM, Mulyadi Santosa wrote:
On Sat, Jun 25, 2011 at 23:28, felix.matenaar@rwth-aachen
wrote:
No. What I do is using gen_helper_ to compile hooks into call/ret/jmp and
memory access. The Heuristics can then hook the events so calculation is
done during the execution of a
On 06/26/2011 06:49 AM, Mulyadi Santosa wrote:
On Sun, Jun 26, 2011 at 05:29, felix.matenaar@rwth-aachen
wrote:
Think I found the problem. It was a bug in my code and because of some weird
circumstances, backtrace and addresses seemed to be a segfault in a BBL.
glad you find it. care to
Hi *,
I have the following question regarding qemu binary translation of
target-i386 (and maybe other targets):
As far as I understood the code, when a basic block is executed, there
is no event which can interrupt the execution until the bbl reaches its
end and the control flow is then back at q
Hi,
gen_intermediate_code_internal in ./target-i386/translate.c is a good
starting point. This is where Basic Blocks are translated into native
code by TCG. I recently did some patches for program analysis in the
i386 part so dont hesitate to contact me.
regards,
felix
Hi,
i am trying to hook guest vm memory access (i386-softmmu) by compiling
custom hooking functions into tcg_gen_qemu_{st|ld}*. There are two main
problems: the first is that the output seems weird (see below), the
second is that I am running into a BSOD with my windows xp guest after
some calls (
Hello *,
modifying target-i386/translate.c for calling helper functions when
specific arithmetic operations are executed.
Example:
static void gen_shift(DisasContext *s1, int op, int ot, int d, int s,
target_ulong pc_start)
{
if (s != OR_TMP1)
gen_op_mov_TN_reg(ot, 1, s);
if(optra
Hello everyone,
I started implementing BBL execution hooking. Requirements were that two
callbacks (bbl_start and bbl_stop) are called when a BBL is executed.
Since bbl_start is called through a gen_helper in
gen_intermediate_code_internal, that is not a problem.
But I saw that modifying gen_eob(
Hi,
since some people independently asked me if I got memory access tracing
working, here is how one can do it for the archive:
I did this on a 64bit Host with a 32bit x86 Guest
Patch tcg/tcg-op.h:
tcg_gen_qemu_ld* functions are responsible to read from memory
tcg_gen_qemu_st* functions are respo
Hello everyone,
i am working on a project adding instrumentation into qemu. My approach
is to use gen_helper stuff do hook specific opcodes like call or ret to
gain information about running processes in the virtual machine.
Today I noticed that the CPUState* env is not in all cases up-to-date
wh
On 02/13/2011 06:38 AM, Mulyadi Santosa wrote:
> Hi
>
> On Sun, Feb 13, 2011 at 10:48, felix.matenaar@rwth-aachen
> wrote:
>> To achieve my goal, it is necessary being able reading actual register
>> configuration like eax when a ret hook is called to get a functio
Hi *,
i am currently trying to trace guest memory access (i386-softmmu). tcg
README says tcg_gen_(st|ld)X_Y functions are responsible for memory
access. Now I've got the following code snippets in tcg-op.h:
/* representing all tcg_gen_st and tcg_gen_ld functions in README*/
static inline void tcg
13 matches
Mail list logo
