From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35456) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WlEwC-0004qZ-MI for qemu-devel@nongnu.org; Fri, 16 May 2014 06:00:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WlEw4-0000N6-Hy for qemu-devel@nongnu.org; Fri, 16 May 2014 06:00:24 -0400 Received: from e06smtp15.uk.ibm.com ([195.75.94.111]:33036) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WlEw4-0000IA-9j for qemu-devel@nongnu.org; Fri, 16 May 2014 06:00:16 -0400 Received: from /spool/local by e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 16 May 2014 11:00:14 +0100 Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by d06dlp02.portsmouth.uk.ibm.com (Postfix) with ESMTP id 47ECE219005F for ; Fri, 16 May 2014 11:00:04 +0100 (BST) Received: from d06av11.portsmouth.uk.ibm.com (d06av11.portsmouth.uk.ibm.com [9.149.37.252]) by b06cxnps4076.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id s4GA0DIK65208478 for ; Fri, 16 May 2014 10:00:13 GMT Received: from d06av11.portsmouth.uk.ibm.com (localhost [127.0.0.1]) by d06av11.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id s4GA0Cb1009589 for ; Fri, 16 May 2014 04:00:12 -0600 Date: Fri, 16 May 2014 12:00:08 +0200 From: Greg Kurz Message-ID: <20140516120008.1bce59b3@bahia.local> In-Reply-To: References: <20140516090322.78f174a3@bahia.local> <5375D03C.50906@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] dump-guest-memory command? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jun Koi Cc: Andreas =?UTF-8?B?RsOkcmJlcg==?= , "qemu-devel@nongnu.org" On Fri, 16 May 2014 16:51:36 +0800 Jun Koi wrote: > On Fri, May 16, 2014 at 4:45 PM, Andreas F=C3=A4rber w= rote: >=20 > > Am 16.05.2014 10:40, schrieb Jun Koi: > > > What I want > > > to know is how to map 0x12345 (virtual address) back to the dump file. > > > > > > For example, if 0x12345 was executing some filesystem code at the tim= e I > > > dumped the VM, then I can locate exactly that code in the dumpfile, > > > thanks to the given RIP address (which is 0x12345 in this example) > > > > > > I hope I explain my idea clear enough this time? > > > > Using dump-guest-memory sounds more complicated than needed. >=20 >=20 > No, this is important, since i can have a whole image to do offline > analysis. >=20 >=20 > > You can > > just use the monitor commands for disassembling that address >=20 >=20 > What is this command? I try "help" but cannot find any. Before I remember > we had "disas" or something like that, but I cannot find that again in > latest Qemu code. >=20 It is the 'x' command. (qemu) x/i $pc >=20 > > or the > > built-in gdb stub (-s). > > > > > Is this true that this only works for pure emulator, not for kvm-enable V= M? >=20 Dunno the status for intel targets... give it a try ! ;) > Thanks, > Jun --=20 Gregory Kurz kurzgreg@fr.ibm.com gkurz@linux.vnet.ibm.com Software Engineer @ IBM/Meiosys http://www.ibm.com Tel +33 (0)562 165 496 "Anarchy is about taking complete responsibility for yourself." Alan Moore.