[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-discuss] 答复: How to execute an image under QEMU
From: |
EricSong |
Subject: |
[Qemu-discuss] 答复: How to execute an image under QEMU |
Date: |
Fri, 12 Dec 2014 11:52:40 +0800 |
Hi, Peter and all
I am still confused on that problem, I delete the code "((int
(*)(void))(env->eip))();" and just change env->eip to my image entrypoint, In
the end the qemu is crash with useful information. After executing my helper
function, EIP cannot go to entrypoint, but to physical address 0. After
sequential execution(0->4->8->C->10...) , EIP = 0xAFFFC. Please help me to
check these error message, Thank you very much.
New GDT :
Eric add contents based on memory addr=1f001540
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xff 0xff 0x00 0x00 0x00
0x9b 0xcf 0x00
0xff 0xff 0x00 0x00 0x00 0x93 0xcf 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00
Eric add Getsec cs selector =8
Eric add Getsec ds selector =10
Eric add env->eip =1f000530
----------------
IN:
0x000000001e82eb81: leave
0x000000001e82eb82: ret
...
----------------
IN:
0x00000000000afffc: add %al,(%eax)
0x00000000000afffe: add %al,(%eax)
0x00000000000b0000: (bad)
0x00000000000b0001: (bad)
qemu: fatal: Trying to execute code outside RAM or ROM at 0x00000000000b0000
EAX=00000004 EBX=1e8c0018 ECX=003f0028 EDX=1feede98
ESI=00000000 EDI=00000000 EBP=1ff68450 ESP=1ff68428
EIP=000afffc EFL=00000096 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0008 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
CS =0008 00000000 ffffffff 00cf9b00 DPL=0 CS32 [-RA]
SS =0008 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
FS =0008 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
GS =0008 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT= 1f001540 0000001f
IDT= 1f8af018 00000fff
CR0=00000033 CR2=00000000 CR3=1ff07000 CR4=00004628
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
CCS=00000004 CCD=000000f0 CCO=ADDW
EFER=0000000000000000
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
Best wishes,
Eric
-----邮件原件-----
发件人: Peter Maydell [mailto:address@hidden
发送时间: 2014年12月10日 20:21
收件人: Eric Song
抄送: qemu-discuss
主题: Re: [Qemu-discuss] How to execute an image under QEMU
On 10 December 2014 at 07:58, <address@hidden> wrote:
> 4) Execute the binary
>
> ((int (*)(void))(env->eip))();
This makes no sense. You're taking a guest virtual address (EIP value) and
treating it as a host function pointer.
This is obviously going to crash.
-- PMM