On 12/15/2009 3:39 PM, Jan Kiszka wrote:
Raindog wrote: > Hello, > > I am researching KVM as a malware analysis platform and had some > questions about debugging the guest OS. In my case I intend to use > windows guests. So my questsions are as follows: > > Questions: > > 1. What instrumentation facilities are their available? > > 2. Is it possible to extend the debugging interface so that debugging is > more transparent to the guest OS? IE: there is still a limit of 4 HW > breakpoints (which makes me wonder why a LIST is used for them...) In accelerated KVM mode, the x86 architecture restricts us to 4 break- or watchpoints that can be active at the same time. If you switch to emulation mode, there are no such limits. Actually, I just made use of this for debugging a subtle stack corruption in a guest, and I had more than 70 watchpoints active at the same time. It's just "slightly" slower than KVM...
Are there any advantages over stock qemu if using kvm w/out the kernel module?
-- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
