From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59432)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mike@unifieddefense.net>) id 1a3y2F-0004eM-DI
	for qemu-devel@nongnu.org; Tue, 01 Dec 2015 22:24:52 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mike@unifieddefense.net>) id 1a3y2E-0001l7-CP
	for qemu-devel@nongnu.org; Tue, 01 Dec 2015 22:24:51 -0500
Received: from mail-lf0-x235.google.com ([2a00:1450:4010:c07::235]:35355)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mike@unifieddefense.net>) id 1a3y2D-0001l1-S0
	for qemu-devel@nongnu.org; Tue, 01 Dec 2015 22:24:50 -0500
Received: by lfdl133 with SMTP id l133so34088043lfd.2
	for <qemu-devel@nongnu.org>; Tue, 01 Dec 2015 19:24:48 -0800 (PST)
MIME-Version: 1.0
Date: Tue, 1 Dec 2015 22:24:48 -0500
Message-ID: <CANLmMVAFm0NrApgMyBHF_OLHPcFyWZzoyHQCZUHwkAwOQ2pfgA@mail.gmail.com>
From: Mike Guidry <mike@unifieddefense.net>
Content-Type: multipart/alternative; boundary=001a114065080b30630525e1d1db
Subject: [Qemu-devel] KVMonitor-like technology
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

--001a114065080b30630525e1d1db
Content-Type: text/plain; charset=UTF-8

I have a project where I would like to inspect a QEMU Guest.  I came across
KVMonitor and really like some of the concepts.

I'd like to use shared memory/file backed memory to read guest memory
immediately using CR3 for Guest->Host memory address translation.

Has anyone has experience doing this?  I first changed qemu_try_memalign()
and realized that its for local memory allocations, usually.  I proceeded
to change other functions, and came across qemu_anon_ram_alloc() which
seemed to be where the larger (gigabyte) allocations were heading.  I
enabled prealloc and finally began getting the allocations I wanted...

I'm curious if anyone has any other suggestions than to use shm_open()
here.  I wanted to quickly hack this together and realized I cannot list
shared memory regions on OSX, so I dumped them to files.  My question is:
 I realize there is file-back for 'Large TLB,' although I didn't much
success converting that function for non-TLB based file systems.  I
considered doing mkramfs (with modified kernel for larger amounts, such as
larger shared memory is necessary), and putting the file system on top.  I
really haven't decided if I wanted to add another 'type' of backend, or to
quickly modify one of these.

 Am i missing some feature that may allow me to handle this quickly?  I
even considered using LD_PRELOAD to quickly hijack and enable all memory
under shared memory for reading guest VM memory from another process.  I
just have to ensure I have the CR3 context at all times of the particular
process I'd like to  read.

Thanks,
Mike

--001a114065080b30630525e1d1db
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I have a project where I would like to inspect a QEMU Gues=
t.=C2=A0 I came across KVMonitor and really like some of the concepts.<div>=
<br></div><div>I&#39;d like to use shared memory/file backed memory to read=
 guest memory immediately using CR3 for Guest-&gt;Host memory address trans=
lation.</div><div><br></div><div>Has anyone has experience doing this?=C2=
=A0 I first changed=C2=A0qemu_try_memalign() and realized that its for loca=
l memory allocations, usually.=C2=A0 I proceeded to change other functions,=
 and came across=C2=A0qemu_anon_ram_alloc() which seemed to be where the la=
rger (gigabyte) allocations were heading.=C2=A0 I enabled prealloc and fina=
lly began getting the allocations I wanted...</div><div><br></div><div>I&#3=
9;m curious if anyone has any other suggestions than to use shm_open() here=
.=C2=A0 I wanted to quickly hack this together and realized I cannot list s=
hared memory regions on OSX, so I dumped them to files.=C2=A0 My question i=
s: =C2=A0I realize there is file-back for &#39;Large TLB,&#39; although I d=
idn&#39;t much success converting that function for non-TLB based file syst=
ems.=C2=A0 I considered doing mkramfs (with modified kernel for larger amou=
nts, such as larger shared memory is necessary), and putting the file syste=
m on top.=C2=A0 I really haven&#39;t decided if I wanted to add another &#3=
9;type&#39; of backend, or to quickly modify one of these.=C2=A0</div><div>=
<br></div><div>=C2=A0Am i missing some feature that may allow me to handle =
this quickly?=C2=A0 I even considered using LD_PRELOAD to quickly hijack an=
d enable all memory under shared memory for reading guest VM memory from an=
other process.=C2=A0 I just have to ensure I have the CR3 context at all ti=
mes of the particular process I&#39;d like to =C2=A0read.</div><div><br></d=
iv><div>Thanks,</div><div>Mike</div></div>

--001a114065080b30630525e1d1db--