Re: [Qemu-devel] Finding first TranslationBlock in user mode emulation

[Ivan Jovanovic]

Thank you for your reply!

The thing is that, for one particular binary I can determine the address of main() in the way that you've described, or even by compiling the program with debug information and observing the in_asm log. What I need is this to work in a general case, for every binary, without the need to locate the entry point manually, but like Peter said, it cannot be done in qemu.

I can survive without this functionality. Thanks again and cheers,

Ivan

On Fri, Apr 5, 2013 at 4:32 PM, Laurent Desnogues <address@hidden> wrote:

On Fri, Apr 5, 2013 at 4:15 PM, Peter Maydell <address@hidden> wrote:
> On 5 April 2013 15:06, Ivan Jovanovic <address@hidden> wrote:
>> When I examine in_asm and out_asm logs I notice that before my program
>> starts emulating, dynamic linker code is being emulated, which is, of
>> course, expected.
>>
>> My question is, is there a way in qemu (a flag or something similar) to
>> determine during emulation when the dl code finishes executing and execution
>> of the first TranslationBlock of my code starts?
>
> No, because QEMU doesn't care what your program does -- it just
> emulates code and doesn't need to know whether it is in the
> dynamic linker or the main program binary or a shared library
> or even code your program has dynamically generated at runtime.
>
> I suggest you look at the symbols for your guest binary (with
> 'nm' or 'objdump', for example) and match up the addresses in
> them with your code. (In particular this should let you find out
> which TB corresponds to the main() function.) You can either do
> this by hand or you could probably write a script to annotate
> the logs for you.

There's an easier way that will work even with stripped execs:
use the ELF entry point.

readelf -l prog | grep -i entry

HTH,

Laurent