From mboxrd@z Thu Jan 1 00:00:00 1970 From: Raindog Subject: debugging windows guests Date: Mon, 14 Dec 2009 16:25:25 -0800 Message-ID: <4B26D775.90809@macrohmasheen.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit To: kvm@vger.kernel.org Return-path: Received: from macrohmasheen.com ([206.123.88.147]:58117 "EHLO macrohmasheen.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754905AbZLOAnr (ORCPT ); Mon, 14 Dec 2009 19:43:47 -0500 Received: from [10.0.1.102] (unknown [209.90.234.203]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by macrohmasheen.com (Postfix) with ESMTPSA id 5025F2D80075 for ; Mon, 14 Dec 2009 16:25:26 -0800 (PST) Sender: kvm-owner@vger.kernel.org List-ID: Hello, I am researching KVM as a malware analysis platform and had some questions about debugging the guest OS. In my case I intend to use windows guests. So my questsions are as follows: Questions: 1. What instrumentation facilities are their available? 2. Is it possible to extend the debugging interface so that debugging is more transparent to the guest OS? IE: there is still a limit of 4 HW breakpoints (which makes me wonder why a LIST is used for them...) 3. I'm not finding any published API for interfacing with KVM/KQEMU/QEMU at a low level, for example, for writing custom tracers, etc. Is there one? Or is there something similar? Bugs: 1. I hit a bug w/ instruction logging using a RAM based temp folder. If I ran w/ the following command line: (Version info: QEMU PC emulator version 0.10.50 (qemu-kvm-devel-88)) qemu-system-x86_64 -hda debian.img -enable-nesting -d in_asm It would successfully log to the tmp log file, but obviously, KVM would be disabled. If I use sudo, it won't log to the file, is this a known issue? 2. -enable-nesting on AMD hardware using a xen guest OS causes xen to GPF somewhere in svm_cpu_up. Is nesting supposed to work w/ Xen based guests?