From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:55691)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <johannes.stuettgen@googlemail.com>)
	id 1RC7A5-0007S9-LG
	for qemu-devel@nongnu.org; Fri, 07 Oct 2011 05:56:15 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <johannes.stuettgen@googlemail.com>)
	id 1RC7A4-0000Aq-EX
	for qemu-devel@nongnu.org; Fri, 07 Oct 2011 05:56:13 -0400
Received: from mail-ey0-f173.google.com ([209.85.215.173]:33059)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <johannes.stuettgen@googlemail.com>)
	id 1RC7A4-0000Ah-A6
	for qemu-devel@nongnu.org; Fri, 07 Oct 2011 05:56:12 -0400
Received: by eye4 with SMTP id 4so1111702eye.4
	for <qemu-devel@nongnu.org>; Fri, 07 Oct 2011 02:56:11 -0700 (PDT)
Message-ID: <4E8ECCD2.6070905@gmail.com>
Date: Fri, 07 Oct 2011 11:56:34 +0200
From: Johannes Stuettgen <johannes.stuettgen@googlemail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Logging Memory Writes in Qemu
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hello,

i am trying to perform some memory measurements and was hoping you could 
point me in the right direction:

My goal is to log every write access to physical memory, the physical 
address written as well as the total amount of bytes that are written 
(modified) in each access.
My first idea after reading the documentation was to change the 
MemoryOps->write ptr to point to a logging function and then pass the 
arguments back to the original. However i could'nt reliably locate the 
place in the code where these ops get initialized.

I also had a look at exec.c, and tried to hook into 'void 
cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf, int len, 
int is_write)'. This function gets called when starting qemu without any 
arguments (and thus no harddiscs or cdrom images), however as soon as i 
boot a harddisk the function does not seem to get called anymore.

These are the calls i get when booting an empty system:
0xAdress:written_bytes
-------------------------------
0x07FDD000:590
0x07FDC900:16
0x07FDC88C:4
0x07FDD800:590
0x07FDC910:16
0x07FDC89C:4
0x07FDE000:590
0x07FDC920:16
0x07FDC8AC:4

What would be the 'right' place to place such a hook in your opinion?

Sincerly,
Johannes Stuettgen