Hi,
I mean Windows there - my primary aim is to monitor WinAPI calls. There exists quite a few of monitor apps to achieve this. But their nature is soft-intrusive - they patch system DLLs on disk or PE images in memory.
I'd like to monitor calling of a functions from a lower-level side. One possibility is to rewrite system DLLs, which is hard in a case of Windows. Maybe another possibility can be to run OS in machine emulator and to break on reading/executing some virtual memory addresses? I imagine physical memory maps into linear addresses which maps into virtual addresses (perhaps into unshared space of each win32 process).
Then it would be nice to implement a Debug Logging similar to one from the Wine project. [*]
What effort is needed to implement breaking of emulation on execution of given/defined virtual addresses (plus reading a CPU state and virtual memory) of different Windows OS versions inside machine emulator?
Can such code be put as some plugin to BOCHS or so? Maybe I need to look at the different machine virtualization projects like Qemu?
Hi,
well, how should this be possible with the help of an emulator like bochs? All you have is a binary image containing windows that is executed by bochs, how do you want to find out which API functions are called? At least you need a windows image that also contains debug symbols so you can find out which addresses are related to a OS API call. When you have this you may extend the simulation of the call-instruction to trace the OS API calls.
Ciao, Fabian
2006/3/25, Saulius Krasuckas saulius2@ar.fi.lt:
Hi,
I mean Windows there - my primary aim is to monitor WinAPI calls. There exists quite a few of monitor apps to achieve this. But their nature is soft-intrusive - they patch system DLLs on disk or PE images in memory.
I'd like to monitor calling of a functions from a lower-level side. One possibility is to rewrite system DLLs, which is hard in a case of Windows. Maybe another possibility can be to run OS in machine emulator and to break on reading/executing some virtual memory addresses? I imagine physical memory maps into linear addresses which maps into virtual addresses (perhaps into unshared space of each win32 process).
Then it would be nice to implement a Debug Logging similar to one from the Wine project. [*]
What effort is needed to implement breaking of emulation on execution of given/defined virtual addresses (plus reading a CPU state and virtual memory) of different Windows OS versions inside machine emulator?
Can such code be put as some plugin to BOCHS or so? Maybe I need to look at the different machine virtualization projects like Qemu?
[*] http://winehq.org/site/developer-cheatsheet
This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&da... _______________________________________________ bochs-developers mailing list bochs-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bochs-developers
Hello,
Bochs already has two tools which able to do the things you describing.
Bochs instrumentation allows you to set callback function for memory access occurred (it actually has a lot more capabilities) and you could write the callbacks to monitor WinAPI calls or everything else you want.
Bochs internal debugger has virtual/linear/physical address breakpoint capability already, it also has some code to monitor Linux system calls as example.
May be part of the code is outdate and should be modified/fixed but I don't think it should be a big effort to do that and I also could help you to do it fixing bugs or adding debug capabilities to the CPU. I think the tight choose for you it is Bochs with instrumentation; QEMU is less attractive because it has DT and it is much harder to instrument translated and not emulated code.
Stanislav
-----Original Message----- From: bochs-developers-admin@lists.sourceforge.net [mailto:bochs-developers-admin@lists.sourceforge.net] On Behalf Of Saulius Krasuckas Sent: Saturday, March 25, 2006 11:58 AM To: bochs-developers@lists.sourceforge.net Cc: wine-devel@winehq.org Subject: [Bochs-developers] monitoring OS API calls
Hi,
I mean Windows there - my primary aim is to monitor WinAPI calls. There exists quite a few of monitor apps to achieve this. But their nature is soft-intrusive - they patch system DLLs on disk or PE images in memory.
I'd like to monitor calling of a functions from a lower-level side. One possibility is to rewrite system DLLs, which is hard in a case of Windows. Maybe another possibility can be to run OS in machine emulator and to break on reading/executing some virtual memory addresses? I imagine physical memory maps into linear addresses which maps into virtual addresses (perhaps into unshared space of each win32 process).
Then it would be nice to implement a Debug Logging similar to one from the Wine project. [*]
What effort is needed to implement breaking of emulation on execution of given/defined virtual addresses (plus reading a CPU state and virtual memory) of different Windows OS versions inside machine emulator?
Can such code be put as some plugin to BOCHS or so? Maybe I need to look at the different machine virtualization projects like Qemu?
[*] http://winehq.org/site/developer-cheatsheet
------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&da... _______________________________________________ bochs-developers mailing list bochs-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bochs-developers
-
Fabian Scheler -
Saulius Krasuckas -
Stanislav Shwartsman