From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JwSvU-0001kd-Dx for qemu-devel@nongnu.org; Wed, 14 May 2008 22:10:36 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JwSvS-0001gs-LS for qemu-devel@nongnu.org; Wed, 14 May 2008 22:10:35 -0400 Received: from [199.232.76.173] (port=49811 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JwSvS-0001gc-IA for qemu-devel@nongnu.org; Wed, 14 May 2008 22:10:34 -0400 Received: from ti-out-0910.google.com ([209.85.142.190]:1088) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1JwSvS-0006ZO-21 for qemu-devel@nongnu.org; Wed, 14 May 2008 22:10:34 -0400 Received: by ti-out-0910.google.com with SMTP id y6so154327tia.18 for ; Wed, 14 May 2008 19:10:31 -0700 (PDT) Message-ID: Date: Thu, 15 May 2008 09:10:31 +0700 From: "Mulyadi Santosa" Subject: Re: [Qemu-devel] hooking interrupt In-Reply-To: <482B3562.1000509@slacky.it> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <482B3562.1000509@slacky.it> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi.... On Thu, May 15, 2008 at 1:54 AM, Antonio Ricci wrote: > Hi all, > I'm new on this list. Same here :) > I need to to intercept system calls running in the virtual machine from the > host system. To do it I think that it could be useful to check when the > interrupt 0x80 is called and evaluate the value of the registers. if it's Linux, yes. But remember, now it could be SYSENTER (Intel) or SYSCALL (AMD) ops too. And for your inputs too (sorry if you already know it), in Linux syscall is now done initially by jumping into vsyscall page. So to get complete trace, I think you should catch a jump (not sure, maybe long jump) to a predefined virtual address. > In the case of Argos I want to do this operations modifying the file > target-i386/translate.c in order to check the registers value. I guess so....it's the big switch table that checks the ops then call the related micro ops which was produced by dyngen (now replaced by TCG). Beware that it will really slows down Qemu due to the very frequent check of conditions (interrupt number..that's EAX, right?) > Someone suggested me to read the document explaining how to port qemu to new > CPU, but I can't understand how to do hooking. IMO, hooking is nothing more than modifying related code, either placing static hook or putting a call toward function pointer. However, I prefer static patching...since I think it will produce faster execution since you do direct function call, not indirect one that happens when you do call using pointer. CMIIW too, people... regards, Mulyadi.