From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=52227 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PuRS4-0003JF-90
	for qemu-devel@nongnu.org; Tue, 01 Mar 2011 10:25:29 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <felix.matenaar@rwth-aachen.de>) id 1PuRMy-0003KI-Uz
	for qemu-devel@nongnu.org; Tue, 01 Mar 2011 10:20:13 -0500
Received: from mta-1.ms.rz.rwth-aachen.de ([134.130.7.72]:49525)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <felix.matenaar@rwth-aachen.de>) id 1PuRMy-0003JL-Ph
	for qemu-devel@nongnu.org; Tue, 01 Mar 2011 10:20:12 -0500
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=ISO-8859-1
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40])
	by mta-1.ms.rz.RWTH-Aachen.de
	(Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008))
	with ESMTP id <0LHD008RXX9MV4B0@mta-1.ms.rz.RWTH-Aachen.de> for
	qemu-devel@nongnu.org; Tue, 01 Mar 2011 16:20:10 +0100 (CET)
Received: from [10.9.0.6] ([unknown] [178.63.246.163])
	by relay-auth-1.ms.rz.rwth-aachen.de
	(Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9
	2008))
	with ESMTPA id <0LHD006C1X9LRC80@relay-auth-1.ms.rz.rwth-aachen.de> for
	qemu-devel@nongnu.org; Tue, 01 Mar 2011 16:20:10 +0100 (CET)
Message-id: <4D6D0EA9.8050100@rwth-aachen.de>
Date: Tue, 01 Mar 2011 16:20:09 +0100
From: "felix.matenaar@rwth-aachen" <felix.matenaar@rwth-aachen.de>
Subject: [Qemu-devel] Tracing memory access (tcg_gen_qemu_st|ld)
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hi,

i am trying to hook guest vm memory access (i386-softmmu) by compiling
custom hooking functions into tcg_gen_qemu_{st|ld}*. There are two main
problems: the first is that the output seems weird (see below), the
second is that I am running into a BSOD with my windows xp guest after
some calls (to I modify any values here?). Does anyone of you see
problems? Will that code catch all memory access or is there anything I
will miss? Is there a better method than using a dummy TCGv for the
flx_memtrace_read return value (sth. like hooks of return type void)?

static inline void tcg_gen_qemu_ld8u(TCGv ret, TCGv addr, int mem_index)
{
    tcg_gen_qemu_ldst_op(INDEX_op_qemu_ld8u, ret, addr, mem_index);
    if(memtrace_enabled){
        int sizemask = 0;
        sizemask |= tcg_gen_sizemask(0, 0, 0);
        sizemask |= tcg_gen_sizemask(1, 0, 0);
        sizemask |= tcg_gen_sizemask(2, 0, 0);
        TCGv dummy = ret;
        tcg_gen_helper4(flx_memtrace_read, sizemask, dummy, ret, addr,
tcg_const_i32(mem_index), tcg_const_i32(8));
    }
}

static inline void tcg_gen_helper4(void *func, int sizemask, TCGv_i32 ret,
                                    TCGv_i32 a, TCGv_i32 b, TCGv_i32 c,
TCGv_i32 d)
{
    TCGv_ptr fn;
    TCGArg args[4];
    fn = tcg_const_ptr((tcg_target_long)func);
    args[0] = GET_TCGV_I32(a);
    args[1] = GET_TCGV_I32(b);
    args[2] = GET_TCGV_I32(c);
    args[3] = GET_TCGV_I32(d);
    tcg_gen_callN(&tcg_ctx, fn, TCG_CALL_CONST | TCG_CALL_PURE, sizemask,
                  GET_TCGV_I32(ret), 4, args);
    tcg_temp_free_ptr(fn);
}

static inline int32_t flx_memtrace_read(int32_t value, int32_t address,
int32_t offset, int32_t size){
    if(instrumentation_active){
        if(!memtrace_enabled)
            printf("memtrace_read called but memtrace disabled! check
invalidation!!!\n");
        flx_memtrace_event(value, address, size, 0);
    }
    return value;
}

Output:

1. Addresses look weird
2. Read values look like addresses and if they are, EIP reads seem to be
included

Read:  0x21664 , Addr: 0x3d4
Read:  0x21666 , Addr: 0xe
Read:  0x2165c , Addr: 0x0
Read:  0x2165e , Addr: 0xe
Read:  0x21660 , Addr: 0x1674
Read:  0x21662 , Addr: 0x42f0
Read:  0x2166a , Addr: 0x0
Read:  0x21668 , Addr: 0x3d4
Write: 0x21662 , Addr: 0x4305
Read:  0x21664 , Addr: 0x3d5
Read:  0x21666 , Addr: 0x0
Read:  0x2165c , Addr: 0x0
Read:  0x2165e , Addr: 0x3d5
Read:  0x21660 , Addr: 0x1674
Read:  0x21662 , Addr: 0x4305
Read:  0x21668 , Addr: 0x3d4
Write: 0x21662 , Addr: 0x4312
Read:  0x21664 , Addr: 0x3d4
Read:  0x21666 , Addr: 0xf
Read:  0x2165c , Addr: 0x0
Read:  0x2165e , Addr: 0xf
Read:  0x21660 , Addr: 0x1674
Read:  0x21662 , Addr: 0x4312
Read:  0x2166a , Addr: 0x0
Read:  0x21668 , Addr: 0x3d4
Write: 0x21662 , Addr: 0x4323
Read:  0x21664 , Addr: 0x3d5
Read:  0x21666 , Addr: 0x0
Read:  0x2165c , Addr: 0x0
Read:  0x2165e , Addr: 0x3d5
Read:  0x21660 , Addr: 0x1674
Read:  0x21662 , Addr: 0x4323
Read:  0x21674 , Addr: 0x168a
Read:  0x21676 , Addr: 0x4507
Read:  0x2168a , Addr: 0x16a

Best regards,
    Felix