On Fri, 16 May 2014 16:51:36 +0800
Jun Koi <junkoi2...@gmail.com> wrote:
> On Fri, May 16, 2014 at 4:45 PM, Andreas Färber <afaer...@suse.de> wrote:
>
> > Am 16.05.2014 10:40, schrieb Jun Koi:
> > > What I want
> > > to know is how to map 0x12345 (virtual address) back to the dump file.
> > >
> > > For example, if 0x12345 was executing some filesystem code at the time I
> > > dumped the VM, then I can locate exactly that code in the dumpfile,
> > > thanks to the given RIP address (which is 0x12345 in this example)
> > >
> > > I hope I explain my idea clear enough this time?
> >
> > Using dump-guest-memory sounds more complicated than needed.
>
>
> No, this is important, since i can have a whole image to do offline
> analysis.
>
>
> > You can
> > just use the monitor commands for disassembling that address
>
>
> What is this command? I try "help" but cannot find any. Before I remember
> we had "disas" or something like that, but I cannot find that again in
> latest Qemu code.
>
It is the 'x' command.
(qemu) x/i $pc
>
> > or the
> > built-in gdb stub (-s).
> >
> >
> Is this true that this only works for pure emulator, not for kvm-enable VM?
>
Dunno the status for intel targets... give it a try ! ;)
> Thanks,
> Jun
--
Gregory Kurz kurzg...@fr.ibm.com
gk...@linux.vnet.ibm.com
Software Engineer @ IBM/Meiosys http://www.ibm.com
Tel +33 (0)562 165 496
"Anarchy is about taking complete responsibility for yourself."
Alan Moore.
