|
From: | EricSong |
Subject: | [Qemu-discuss] How to execute an image under QEMU |
Date: | Wed, 10 Dec 2014 15:58:25 +0800 |
Hi, Experts For my special application, I need to implement one extra instruction Getsec under QEMU. I use the helper function for the implementation suggested by Peter. Now, I continue to walk into this narrow road. My Getsec function need to execute one external binary. I get this binary and put it to physical memory, then get its entrypoint, and want to execute it. But the Error is coming unexpectedly: 6989 Segmentation fault (core dumped) qemu-system-x86_64 –L disks –bios OVMF.fd –serial pty –nographic –had fat:./data/ -m 512M –k en-us My function code is included in helper function as followings: 1) Sec_base is the memory address for binary saved. And the entrypoint, GDT base, GDT limit and other information are included in binary header. 2) Building the executing environment cpu_x86_update_cr0(env, env->cr[0] & ~0x80050000); cpu_x86_update_cr4(env, env->cr[4] & ~0x40); env->eflags = 2; //reset eflags env->efer = 0; //ia32_efer=0 env->regs[R_EBX] = env->eip; // Save original EIP env->regs[R_ECX] = (((env->gdt.limit)&0xFFFF)<<16) | ((env->segs[R_CS].selector)&0xFFFF); // Save original GDT.limit:CS.sel env->regs[R_EDX] = env->gdt.base; // Save original GDT.base env->regs[R_EBP] = sec_base;// 3) Change the gdt of the binary env->gdt.base = sec_base + cpu_ldl_data(env, sec_base + 0x2C); //Binary GDT.base env->gdt.limit = cpu_ldl_data(env, sec_base + 0x28); //Binary GDT.limit printf("New GDT : \n"); printmem(env, env->gdt.base, env->gdt.limit+1); cpu_x86_load_seg_cache(env, R_CS, 0, 0, 0xffffffff, DESC_P_MASK | DESC_S_MASK | DESC_W_MASK | DESC_A_MASK); cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0xffffffff, DESC_P_MASK | DESC_S_MASK | DESC_W_MASK | DESC_A_MASK); env->dr[7] = 0x400;//dr[7]=0x400 env->eip = sec_base + ac_entrypoint; 4) Execute the binary ((int (*)(void))(env->eip))(); Where is the wrong code? Thank you very much! Best wishes, Eric |
[Prev in Thread] | Current Thread | [Next in Thread] |