[Qemu-devel] Catching system calls and PIDs in Qemu

[Qemu-devel] Catching system calls and PIDs in Qemu

[Ricardo Alves]

Need Help!

I am editing the Qemu source code to be able to catch every system call made by the guest OS and which processes do those system calls.

I catch the system calls in the "void do_interrupt(CPUState *env1)" (op_helper.c) function by accessing the exception index on the cpu environment (env->exception_index == 0x80) and inspecting the system call ID in the eax register.

The difficulty resides in finding the process that made the system call. Linux uses the thread_info struct to store process information. The method to find this struct location is to apply a mask to the esp register and I would get the struct pointer. In qemu I would just do this -- target_ulong pos = env->regs[R_ESP] & 0xFFFFE000.

The problem is that I don't know how to access the guest main memory. The qemu function I found to access memory was this one -- void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,int len, int is_write) (exec.c). But as far as I know (I could be wrong) this function receives a guest physical adress and the one I have is a guest virtual adress. Can anybody help me convert this guest virtual adress to a guest physical adress?

Thank you.

Re: [Qemu-devel] Catching system calls and PIDs in Qemu

[shu ming]

I don't know how to convert the guest virtual address to a guest 
physical address.  But I believe that the guest virtual address to
guest physical address mapping table should belong to the guest OS and 
stay at guest context.  So you should know where is the mapping
table in the guest OS by guest physical address before you have a way to 
do the conversion.  After the guest physical address of the table
is known,  cpu_physical_memory_rw() can be used to walking the table and 
get the guest physical address of the guest virtual address
you want to convert.  The time spending on the walk should be non-trival.

On 2011-11-3 2:25, Ricardo Alves wrote:
> Need Help!
>
> I am editing the Qemu source code to be able to catch every system call made by the guest OS and which processes do those system calls.
>
> I catch the system calls in the "void do_interrupt(CPUState *env1)" (op_helper.c) function by accessing the exception index on the cpu environment (env->exception_index == 0x80) and inspecting the system call ID in the eax register.
>
> The difficulty resides in finding the process that made the system call. Linux uses the thread_info struct to store process information. The method to find this struct location is to apply a mask to the esp register and I would get the struct pointer. In qemu I would just do this -- target_ulong pos = env->regs[R_ESP]&  0xFFFFE000.
>
> The problem is that I don't know how to access the guest main memory. The qemu function I found to access memory was this one -- void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,int len, int is_write) (exec.c). But as far as I know (I could be wrong) this function receives a guest physical adress and the one I have is a guest virtual adress. Can anybody help me convert this guest virtual adress to a guest physical adress?
>
> Thank you.
>
>