[Qemu-devel] How to hook syscall in guest OS?

[Qemu-devel] How to hook syscall in guest OS?

[Antonio Ricci]

[-- Attachment #1: Type: text/plain, Size: 858 bytes --]

Hi all,

i want to know if is it possible to intercept syscall's entry point and exit
point for both  Linux and Windows guest operating system in Qemu from the
host Operating System. If is it possible how can I do it?

Thanks in advance for help

Best Regards

-- 
Antonio
MSN: ricciantonio@hotmail.it
Skype: tonyr81fg
Linux Member #374272
*********************************************************************
What is the difference between Jurassic Park and Microsoft?
One is an over-rated high tech theme park based on prehistoric information
and populated mostly by dinosaurs, the other is a Steven Spielberg movie.
*********************************************************************
There are only 10 types of people in this world:
those who understand binary, and those who don't.
*********************************************************************

[-- Attachment #2: Type: text/html, Size: 1108 bytes --]

Re: [Qemu-devel] How to hook syscall in guest OS?

[Clemens Kolbitsch]

> Hi all,
>
> i want to know if is it possible to intercept syscall's entry point and
> exit point for both  Linux and Windows guest operating system in Qemu from
> the host Operating System. If is it possible how can I do it?
>
> Thanks in advance for help
>
> Best Regards

Hi Antonio,

I'm not sure if there is an easier way, but back when Qemu still had TB code 
together with dyn_gen, it was very easy to insert a function call (i.e. a 
hook) into the code of the "int" and "sysenter" code blocks.

Using this hook, you can use the registers, etc. to see if it was a system 
call. I'm not sure how it works with the current intermediay code generation, 
but maybe this hint can guide you into a direction that might work ;-)

Cheers,
Clemens