From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Hyr91-0006WU-1O
	for qemu-devel@nongnu.org; Thu, 14 Jun 2007 11:21:55 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Hyr8z-0006W9-GG
	for qemu-devel@nongnu.org; Thu, 14 Jun 2007 11:21:54 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Hyr8z-0006W6-A0
	for qemu-devel@nongnu.org; Thu, 14 Jun 2007 11:21:53 -0400
Received: from mail.gmx.net ([213.165.64.20])
	by monty-python.gnu.org with smtp (Exim 4.60)
	(envelope-from <clemens.kol@gmx.at>) id 1Hyr8y-0000Ip-Sk
	for qemu-devel@nongnu.org; Thu, 14 Jun 2007 11:21:53 -0400
Message-ID: <46715D0D.8040909@gmx.at>
Date: Thu, 14 Jun 2007 17:21:49 +0200
From: Clemens Kolbitsch <clemens.kol@gmx.at>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Debugging guest OS / tracing instruction pointer
References: <20070606095708.28535gmx1@mx017.gmx.net> <467152A6.9060805@gmx.at>
	<200706141603.52939.paul@codesourcery.com>
In-Reply-To: <200706141603.52939.paul@codesourcery.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paul Brook <paul@codesourcery.com>
Cc: qemu-devel@nongnu.org

Paul Brook wrote:
> On Thursday 14 June 2007, Clemens Kolbitsch wrote:
>   
>> hi!
>> i'm looking for a way to monitor the eip register. is there a simple way
>> to do this? i know that that produces tons of data...
>>
>> even better would be to know where i could intercept the main-loop
>> (exec_cpu ??) to check for a certain eip value...
>>     
>
> qemu already has mechanisms for supporting debugger breakpoints. Sounds like 
> you want something very similar.
>
> Paul
>   
the thing is: i want to monitor the eip... or where the code will jump 
NEXT. the code there is never executed (as it results in a kernel failure)

e.g. i know a buffer overflow will set the return-pointer to 0xABCD and 
"ret" is executed i want the breakpoint to hit

when using casual breakpoints, i think the code there must be executed 
(i.e. the jump must be successful .. what will definitely not be the 
case with 0xABCD)

thanks!