From 91361d5b3287d3fff774e058254ea6174ad9a89d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ciro=20Santilli=20=E5=85=AD=E5=9B=9B=E4=BA=8B=E4=BB=B6=20?= =?UTF-8?q?=E6=B3=95=E8=BD=AE=E5=8A=9F?= Date: Tue, 15 Oct 2019 00:00:00 +0000 Subject: [PATCH] qemu memory access tracing is impossible --- README.adoc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.adoc b/README.adoc index 63c18d0..b1749f7 100644 --- a/README.adoc +++ b/README.adoc @@ -10021,6 +10021,19 @@ PANDA can list memory addresses, so I bet it can also decode the instructions: h gem5 can do it as shown at: xref:gem5-tracing[xrefstyle=full]. +==== QEMU trace memory accesses + +Not possible apparently, not even with the `memory_region_ops_read` and `memory_region_ops_write` trace events, Peter comments https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg07482.html + +____ +No. You will miss all the fast-path memory accesses, which are +done with custom generated assembly in the TCG backend. In +general QEMU is not designed to support this kind of monitoring +of guest operations. +____ + +Related question: https://reverseengineering.stackexchange.com/questions/12260/how-to-log-all-memory-accesses-read-and-write-including-the-memory-content-in + ==== Trace source lines We can further use Binutils' `addr2line` to get the line that corresponds to each address: