* [Qemu-devel] hooking interrupt
@ 2008-05-14 18:54 Antonio Ricci
2008-05-15 2:10 ` Mulyadi Santosa
0 siblings, 1 reply; 2+ messages in thread
From: Antonio Ricci @ 2008-05-14 18:54 UTC (permalink / raw)
To: qemu-devel
Hi all,
I'm new on this list.
I need to to intercept system calls running in the virtual machine from
the host system. To do it I think that it could be useful to check when
the interrupt 0x80 is called and evaluate the value of the registers.
Is it a correct way to proceed?
In the case of Argos I want to do this operations modifying the file
target-i386/translate.c in order to check the registers value. Do you
know if this is a correct way?
Someone suggested me to read the document explaining how to port qemu to
new CPU, but I can't understand how to do hooking.
Thank in advance for your help
--
Antonio
My Mobile Phone: +393286739562
My Public Key: http://tonyr.altervista.org/chiave_pubblica
MSN: ricciantonio@hotmail.it
Skype: tonyr81fg
Linux Member #374272
*********************************************************************
What is the difference between Jurassic Park and Microsoft?
One is an over-rated high tech theme park based on prehistoric
information and populated mostly by dinosaurs, the other is a Steven
Spielberg movie.
*********************************************************************
There are only 10 types of people in this world:
those who understand binary, and those who don't.
*********************************************************************
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] hooking interrupt
2008-05-14 18:54 [Qemu-devel] hooking interrupt Antonio Ricci
@ 2008-05-15 2:10 ` Mulyadi Santosa
0 siblings, 0 replies; 2+ messages in thread
From: Mulyadi Santosa @ 2008-05-15 2:10 UTC (permalink / raw)
To: qemu-devel
Hi....
On Thu, May 15, 2008 at 1:54 AM, Antonio Ricci <ricciantonio@slacky.it> wrote:
> Hi all,
> I'm new on this list.
Same here :)
> I need to to intercept system calls running in the virtual machine from the
> host system. To do it I think that it could be useful to check when the
> interrupt 0x80 is called and evaluate the value of the registers.
if it's Linux, yes. But remember, now it could be SYSENTER (Intel) or
SYSCALL (AMD) ops too.
And for your inputs too (sorry if you already know it), in Linux
syscall is now done initially by jumping into vsyscall page. So to get
complete trace, I think you should catch a jump (not sure, maybe long
jump) to a predefined virtual address.
> In the case of Argos I want to do this operations modifying the file
> target-i386/translate.c in order to check the registers value.
I guess so....it's the big switch table that checks the ops then call
the related micro ops which was produced by dyngen (now replaced by
TCG).
Beware that it will really slows down Qemu due to the very frequent
check of conditions (interrupt number..that's EAX, right?)
> Someone suggested me to read the document explaining how to port qemu to new
> CPU, but I can't understand how to do hooking.
IMO, hooking is nothing more than modifying related code, either
placing static hook or putting a call toward function pointer.
However, I prefer static patching...since I think it will produce
faster execution since you do direct function call, not indirect one
that happens when you do call using pointer.
CMIIW too, people...
regards,
Mulyadi.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-05-15 2:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-05-14 18:54 [Qemu-devel] hooking interrupt Antonio Ricci
2008-05-15 2:10 ` Mulyadi Santosa
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).