On Fri, May 16, 2014 at 4:45 PM, Andreas Färber <afaer...@suse.de> wrote:
> Am 16.05.2014 10:40, schrieb Jun Koi: > > What I want > > to know is how to map 0x12345 (virtual address) back to the dump file. > > > > For example, if 0x12345 was executing some filesystem code at the time I > > dumped the VM, then I can locate exactly that code in the dumpfile, > > thanks to the given RIP address (which is 0x12345 in this example) > > > > I hope I explain my idea clear enough this time? > > Using dump-guest-memory sounds more complicated than needed. No, this is important, since i can have a whole image to do offline analysis. > You can > just use the monitor commands for disassembling that address What is this command? I try "help" but cannot find any. Before I remember we had "disas" or something like that, but I cannot find that again in latest Qemu code. > or the > built-in gdb stub (-s). > > Is this true that this only works for pure emulator, not for kvm-enable VM? Thanks, Jun
