qemu memory access tracing is impossible

2026-01-23 02:05:57 +01:00 · 2019-10-15 00:00:00 +00:00
parent 22274a0ea5
commit 91361d5b32
1 changed files with 13 additions and 0 deletions
--- a/README.adoc
+++ b/README.adoc
@@ -10021,6 +10021,19 @@ PANDA can list memory addresses, so I bet it can also decode the instructions: h

 gem5 can do it as shown at: xref:gem5-tracing[xrefstyle=full].

+==== QEMU trace memory accesses
+
+Not possible apparently, not even with the `memory_region_ops_read` and `memory_region_ops_write` trace events, Peter comments https://lists.gnu.org/archive/html/qemu-devel/2015-06/msg07482.html
+
+____
+No. You will miss all the fast-path memory accesses, which are
+done with custom generated assembly in the TCG backend. In
+general QEMU is not designed to support this kind of monitoring
+of guest operations.
+____
+
+Related question: https://reverseengineering.stackexchange.com/questions/12260/how-to-log-all-memory-accesses-read-and-write-including-the-memory-content-in
+
 ==== Trace source lines

 We can further use Binutils' `addr2line` to get the line that corresponds to each address: