From: "Yan Vugenfirer" <yvugenfi@redhat.com>
To: "'Raindog'" <raindog@macrohmasheen.com>, <kvm@vger.kernel.org>
Subject: RE: debugging windows guests
Date: Tue, 15 Dec 2009 10:29:38 -0500 (EST) [thread overview]
Message-ID: <018101ca7d9b$6c0d1500$44273f00$@com> (raw)
In-Reply-To: <4B26D775.90809@macrohmasheen.com>
> -----Original Message-----
> From: kvm-owner@vger.kernel.org [mailto:kvm-owner@vger.kernel.org] On
> Behalf Of Raindog
> Sent: Tuesday, December 15, 2009 2:25 AM
> To: kvm@vger.kernel.org
> Subject: debugging windows guests
>
> Hello,
>
> I am researching KVM as a malware analysis platform and had some
> questions about debugging the guest OS. In my case I intend to use
> windows guests. So my questsions are as follows:
>
> Questions:
>
> 1. What instrumentation facilities are their available?
[YV] http://www.linux-kvm.org/page/WindowsGuestDrivers/GuestDebugging
>
> 2. Is it possible to extend the debugging interface so that debugging
> is
> more transparent to the guest OS? IE: there is still a limit of 4 HW
> breakpoints (which makes me wonder why a LIST is used for them...)
>
> 3. I'm not finding any published API for interfacing with
> KVM/KQEMU/QEMU
> at a low level, for example, for writing custom tracers, etc. Is there
> one? Or is there something similar?
>
>
> Bugs:
>
> 1. I hit a bug w/ instruction logging using a RAM based temp folder. If
> I ran w/ the following command line:
> (Version info: QEMU PC emulator version 0.10.50 (qemu-kvm-devel-88))
>
> qemu-system-x86_64 -hda debian.img -enable-nesting -d in_asm
>
> It would successfully log to the tmp log file, but obviously, KVM would
> be disabled.
>
> If I use sudo, it won't log to the file, is this a known issue?
>
> 2. -enable-nesting on AMD hardware using a xen guest OS causes xen to
> GPF somewhere in svm_cpu_up. Is nesting supposed to work w/ Xen based
> guests?
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-12-15 15:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-15 0:25 debugging windows guests Raindog
2009-12-15 15:29 ` Yan Vugenfirer [this message]
2009-12-15 23:39 ` Jan Kiszka
2009-12-16 4:07 ` Raindog
2009-12-16 8:12 ` Jan Kiszka
2009-12-16 8:14 ` Vadim Rozenfeld
2009-12-16 9:38 ` Alexander Graf
2009-12-16 22:06 ` Raindog
2009-12-17 5:36 ` Avi Kivity
2009-12-17 7:05 ` Raindog
2009-12-17 8:37 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='018101ca7d9b$6c0d1500$44273f00$@com' \
--to=yvugenfi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=raindog@macrohmasheen.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.