Re: [Qemu-devel] hooking interrupt

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Mulyadi Santosa" <mulyadi.santosa@gmail.com>
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] hooking interrupt
Date: Thu, 15 May 2008 09:10:31 +0700	[thread overview]
Message-ID: <f284c33d0805141910q286e6bean9d22d5bf29b42be0@mail.gmail.com> (raw)
In-Reply-To: <482B3562.1000509@slacky.it>

Hi....

On Thu, May 15, 2008 at 1:54 AM, Antonio Ricci <ricciantonio@slacky.it> wrote:
> Hi all,
> I'm new on this list.
Same here :)

> I need to to intercept system calls running in the virtual machine from the
> host system. To do it I think that it could be useful to check when  the
> interrupt 0x80 is called and evaluate the value of the registers.

if it's Linux, yes. But remember, now it could be SYSENTER (Intel) or
SYSCALL (AMD) ops too.

And for your inputs too (sorry if you already know it), in Linux
syscall is now done initially by jumping into vsyscall page. So to get
complete trace, I think you should catch a jump (not sure, maybe long
jump) to a predefined virtual address.

> In the case of Argos I want to do this operations modifying the file
> target-i386/translate.c in order to check the registers value.

I guess so....it's the big switch table that checks the ops then call
the related micro ops which was produced by dyngen (now replaced by
TCG).

Beware that it will really slows down Qemu due to the very frequent
check of conditions (interrupt number..that's EAX, right?)

> Someone suggested me to read the document explaining how to port qemu to new
> CPU, but I can't understand how to do hooking.

IMO, hooking is nothing more than modifying related code, either
placing static hook or putting a call toward function pointer.
However, I prefer static patching...since I think it will produce
faster execution since you do direct function call, not indirect one
that happens when you do call using pointer.

CMIIW too, people...

regards,

Mulyadi.

     prev parent reply	other threads:[~2008-05-15  2:10 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-05-14 18:54 [Qemu-devel] hooking interrupt Antonio Ricci
2008-05-15  2:10 ` Mulyadi Santosa [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f284c33d0805141910q286e6bean9d22d5bf29b42be0@mail.gmail.com \
    --to=mulyadi.santosa@gmail.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).