[Qemu-devel] SoftMMU address tracing

[Clemens Kolbitsch]

hi!
aaaaah... i'm going crazy... could someone help me please:

i'm still (as previously posted on irc) trying to catch when the guest OS (or 
a program running in it) accesses a certain virtual address (e.g. reads from 
it).

my guest code is something like:

...
unsigned long *p = (unsigned long*)0xdeadbeef;
unsigned long l = *p;
...

now, i know it is compiled into something like this:

...
movl $0xdeadbeef,0xfffffff8(%ebp)
mov  0xfffffff8(%ebp),%eax
mov  (%eax),%eax
...

what will be translated by qemu into something like

...
movl_A0_EAX
ldl_kernel_T0_A0
movl_EAX_T0
...

I hope that that's correct up to here (i'm not quite sure about the ldl_kernel 
as it could also be ldl_user!!). but... as ldl_(kernel|user)_T0_A0 simply 
calls the ld-functions in softmmu_header i inserted a line into these 
functions that simply dumps out the currently accessed address (i.e. the 
parameter ptr) to stdout.

i run qemu and grep for my "deadbeef" output, but it NEVER occurs!! how can 
that be?? I've been trying for hours now, could someone please help me here??

don't know if that makes a difference but i've tried using -kernel-kqemu and 
also without kqemu.

any help is greatly appreciated ... thanks!!