[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-discuss] How to execute an image under QEMU

From: EricSong
Subject: [Qemu-discuss] How to execute an image under QEMU
Date: Wed, 10 Dec 2014 15:58:25 +0800

Hi, Experts

   For my special application, I need to implement one extra instruction Getsec under QEMU. I use the helper function for the implementation suggested by Peter.

Now, I continue to walk into this narrow road.

My Getsec function need to execute one external binary. I get this binary and put it to physical memory, then get its entrypoint, and want to execute it. But the Error is coming unexpectedly:

6989 Segmentation fault       (core dumped) qemu-system-x86_64 –L disks –bios OVMF.fd –serial pty –nographic –had fat:./data/ -m 512M –k en-us


My function code is included in helper function as followings:

1)       Sec_base is the memory address for binary saved. And the entrypoint, GDT base, GDT limit and other information are included in binary header.

2)       Building the executing environment

                cpu_x86_update_cr0(env, env->cr[0] & ~0x80050000);

                cpu_x86_update_cr4(env, env->cr[4] & ~0x40);

                env->eflags = 2;     //reset eflags

                env->efer = 0;       //ia32_efer=0

                env->regs[R_EBX] = env->eip;                                                     // Save original EIP

                env->regs[R_ECX] = (((env->gdt.limit)&0xFFFF)<<16) | ((env->segs[R_CS].selector)&0xFFFF);   // Save original GDT.limit:CS.sel

                env->regs[R_EDX] = env->gdt.base;                                                // Save original GDT.base

                env->regs[R_EBP] = sec_base;//

3)       Change the gdt of the binary

                env->gdt.base = sec_base + cpu_ldl_data(env, sec_base + 0x2C);  //Binary GDT.base

                env->gdt.limit = cpu_ldl_data(env, sec_base + 0x28);            //Binary GDT.limit

                printf("New GDT : \n");

                printmem(env, env->gdt.base, env->gdt.limit+1);

                cpu_x86_load_seg_cache(env, R_CS, 0, 0, 0xffffffff,

                                       DESC_P_MASK | DESC_S_MASK | DESC_W_MASK | DESC_A_MASK);

                cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0xffffffff,

                                       DESC_P_MASK | DESC_S_MASK | DESC_W_MASK | DESC_A_MASK);

                env->dr[7] = 0x400;//dr[7]=0x400

                env->eip = sec_base + ac_entrypoint;

4)       Execute the binary

                ((int (*)(void))(env->eip))();


Where is the wrong code?

Thank you very much!


Best wishes,


reply via email to

[Prev in Thread] Current Thread [Next in Thread]