hi! finally found out why it did not work ... the problem was kqemu after all. after compiling qemu with kqemu-support disabled, the address translation/access worked as expected :-)
is there a good documentation/technical paper online that could help me understand how address handling is done using kqemu? thanks!! > hi! > aaaaah... i'm going crazy... could someone help me please: > > i'm still (as previously posted on irc) trying to catch when the guest OS > (or a program running in it) accesses a certain virtual address (e.g. reads > from it). > > my guest code is something like: > > ... > unsigned long *p = (unsigned long*)0xdeadbeef; > unsigned long l = *p; > ... > > now, i know it is compiled into something like this: > > ... > movl $0xdeadbeef,0xfffffff8(%ebp) > mov 0xfffffff8(%ebp),%eax > mov (%eax),%eax > ... > > what will be translated by qemu into something like > > ... > movl_A0_EAX > ldl_kernel_T0_A0 > movl_EAX_T0 > ... > > I hope that that's correct up to here (i'm not quite sure about the > ldl_kernel as it could also be ldl_user!!). but... as > ldl_(kernel|user)_T0_A0 simply calls the ld-functions in softmmu_header i > inserted a line into these functions that simply dumps out the currently > accessed address (i.e. the parameter ptr) to stdout. > > i run qemu and grep for my "deadbeef" output, but it NEVER occurs!! how can > that be?? I've been trying for hours now, could someone please help me > here?? > > don't know if that makes a difference but i've tried using -kernel-kqemu > and also without kqemu. > > any help is greatly appreciated ... thanks!!