Hello,
I am researching KVM as a malware analysis platform and had some
questions about debugging the guest OS. In my case I intend to use
windows guests. So my questsions are as follows:
Questions:
1. What instrumentation facilities are their available?
2. Is it possible to extend the debugging interface so that debugging is
more transparent to the guest OS? IE: there is still a limit of 4 HW
breakpoints (which makes me wonder why a LIST is used for them...)
3. I'm not finding any published API for interfacing with KVM/KQEMU/QEMU
at a low level, for example, for writing custom tracers, etc. Is there
one? Or is there something similar?
Bugs:
1. I hit a bug w/ instruction logging using a RAM based temp folder. If
I ran w/ the following command line:
(Version info: QEMU PC emulator version 0.10.50 (qemu-kvm-devel-88))
qemu-system-x86_64 -hda debian.img -enable-nesting -d in_asm
It would successfully log to the tmp log file, but obviously, KVM would
be disabled.
If I use sudo, it won't log to the file, is this a known issue?
2. -enable-nesting on AMD hardware using a xen guest OS causes xen to
GPF somewhere in svm_cpu_up. Is nesting supposed to work w/ Xen based
guests?
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html