|Subject:||Re: [Qemu-discuss] using qemu to sandbox/trace a process and its children on linux|
|Date:||Tue, 2 Oct 2012 23:22:08 +0000|
Qemu is great for this kind of thing. When you are running a VM in qemu you can access the ‘qemu monitor’ and perform lots of functions including VM snapshots, screenshots of the console, ejecting cd’s etc.
In relation to your question you can also use the monitor to dump VM memory, dump CPU registers, or connect the VM to an external instance of GDB on the host machine.
This is kernel level debugging, not application level. As such it will not be exactly what strace would produce.
I have found it easier to wrap a VM in Python to automate the monitor commands and some of the debugging.
From: qemu-discuss-bounces+address@hidden [mailto:qemu-discuss-bounces+address@hidden
On Behalf Of Peter Privus
I'm wondering if it is possible to use qemu to sandbox a program (on linux) such that it becomes possible to trace all system calls made by that program and its children.
(The program does not need to be a running process yet).
Until now, I've been using "strace" utility for that purpose, but it turns out that strace cannot be invoked recursively (you cannot invoke strace on a process that invokes strace itself; this is different from using the "-f" flag to strace).
So any tools I make that depend on strace essentially become "bad citizens" because they cannot be straced themselves, and I want to avoid that.
|[Prev in Thread]||Current Thread||[Next in Thread]|