4

How do you write to the processor registers and specific memory addresses of a virtual system running in QEMU?

My desire would be to accomplish this from a user space program running outside of QEMU. This would be to induce interrupts and finely control execution of the processor and virtual hardware.

The QEMU Monitor is supposed to read parameters or do simple injects of mouse or keyboard events, but I haven't seen anything about writing.

jeremiah
  • 181
  • 3
  • 11

1 Answers1

2

GDB server within QEMU Monitor seems to be the best for your purpose. One of your options is implementing a gdb protocol, another one is driving gdb itself through its command line.

I've tested it a bit: attaching, reading and writing memory seems to work (I read what I write); jumping to another address seems to work too. (If you may call injected code, you can do anything, theoretically). Writing to text-mode video memory doesn't work (I don't even read what I wrote, and nothing changes on display).

Anton Kovalenko
  • 20,999
  • 2
  • 37
  • 69
  • *guest* system inside qemu can be anything. When I tested its gdbserver, it was (1) with `grub` bootloader showing menu, (2) with `memtest`, (3) with some real-mode bootloader for freeDOS (just to ensure it doesn't break for real mode). – Anton Kovalenko Jan 27 '13 at 16:08
  • I couldn't tell if the target system had to be a Unix or Linux system at first, but it doesn't look like it. The claim at the [OS Dev Wiki](http://wiki.osdev.org/GDB) is that it does source level debugging, not machine level - so it looks like it can't write to registers and video memory based on what you said. – jeremiah Jan 27 '13 at 16:23
  • Anton, I think this is at least pointing me in the right direction. I'll have to look at the [GDB Documentation](http://sourceware.org/gdb/current/onlinedocs/gdb/) and I found [OSDev Wiki - QEMU GDB Documentation](http://wiki.osdev.org/QEMU#GDB-stub) which tells how to set an immediate breakpoint. – jeremiah Jan 27 '13 at 16:33
  • you need to read up on text mode before making false statements, there are different areas of display related memory that gets mapped in text mode. you need to write to the correct area – DevZer0 Oct 18 '17 at 14:32