binary translation in softmmu mode

[second-reality]

From "https://github.com/atos-tools/qemu-plugins-tutorial/issues/2", by s0i37

Hello. I try to write test plugin or use icount in softmmu-mode, but I dont see anything in output. I do so:

./x86_64-softmmu/qemu-system-x86_64 -hda ~/os/images/winXP.qcow2 --tcg-plugin icount -m 1G -monitor stdio (qemu) stop (qemu) loadvm some_state (qemu) cont

May be I make something wrong?

[second-reality]

While plugins could work theorically in softmmu mode, we didn't work in this direction. So far, we only used it in user mode.

Indeed, it didn't work in system mode, thus I made a patch (pushed on next/master): https://github.com/atos-tools/qemu/commit/054b07ac2360489ee760f97ca80fac7e08b557ab. It allows icount plugin to work (at least).

However, any access to guest memory is failing cause we only implemented that for user mode. I'll check if it is possible easily.

[second-reality]

Hello,

please check branch next/master, I implemented access to memory in system mode. Tell me if you need more help!

[s0i37]

Good. Its seems works. And yes, I want to ask a couple of question:

• How can I can get access to some registers? In Panda(based on QEMU) I made like this:

  CPUState *env;
  CPUArchState * cpu = (CPUArchState *)env->env_ptr
  uint64_t cr3 = ( (CPUX86State *)cpu )->cr[3]
  uint64_t eax = ( (CPUX86State *)cpu )->regs[R_EAX]

  But in Qemu I have an empty CPUState in TCGContext struct (tpi->tcg_ctx->cpu).

• How can I read guest memory?

Thank you.

[s0i37]

So, for obtaining registry value we need to get CPUArchState in pre_tb_helper_code handler: CPUArchState *cpu = tpi_current_cpu_arch(tpi); after that we can get registry value:

( (CPUX86State *)cpu )->regs[R_EAX];
( (CPUX86State *)cpu )->cr[3];

For reading guest memory in after_gen_opc handler: (void *)(intptr_t)tpi_guest_ptr(tpi, tpi_opcode->pc);

It seems something like that

[second-reality]

Thanks for update.