Hello, <Please disregard the earlier email by me. I forgot to add the subject. So reposting this email!!>
I was trying to understand the ELF file generated by the virsh dump (--memory-only) command. I have successfully generated a dump of the QEMU VM memory using this command. I specifically am trying to understand the loadable segments of this ELF file. I ran readelf -a <filename> to get the information that I need. Below shows the details of the loadable segments (PT_LOAD) in a much better format :- (I am basically trying to make sense of the memory dump of the QEMU machine here) Loading ELF header #1. offset: 1320 filesize: 655360 memsize: 655360 vaddr: 0 paddr: 0 align: 0 flags: 0 Loading ELF header #2. offset: 656680 filesize: 65536 memsize: 65536 vaddr: 0 paddr: a0000 align: 0 flags: 0 Loading ELF header #3. offset: 722216 filesize: 1072955392 memsize: 1072955392 vaddr: 0 paddr: c0000 align: 0 flags: 0 Loading ELF header #4. offset: 1073677608 filesize: 67108864 memsize: 67108864 vaddr: 0 paddr: f4000000 align: 0 flags: 0 Loading ELF header #5. offset: 1140786472 filesize: 67108864 memsize: 67108864 vaddr: 0 paddr: f8000000 align: 0 flags: 0 Loading ELF header #6. offset: 1207895336 filesize: 8192 memsize: 8192 vaddr: 0 paddr: fc054000 align: 0 flags: 0 Loading ELF header #7. offset: 1207903528 filesize: 262144 memsize: 262144 vaddr: 0 paddr: fffc0000 align: 0 flags: 0 I wanted to know why in this case, is the virtual address (denoted by vaddr) 0 for each of the loadable segments ? Will it be okay if I load the elf file taking the values of physical address (denoted by paddr) into account ? Specifically after loading the file, can I be certain that all of my contents will have been loaded into memory address starting from 0 ? I am trying to understand the contents of the QEMU memory - so I am loading this ELF into my host machine and possibly read from there. Can I read from it once it gets loaded ? Thanks and Regards. Arnab
