Login  •  Register


The time is now: Fri Dec 13, 2019 3:24 am

Emaculation wiki  •  Delete all board cookies



Post new topic  Reply to topic Page 1 of 1 [ 2 posts ]
Print view Previous topic  |  Next topic
Author Message
 Post subject: Memory Tracing in QEMU
PostPosted: Fri Mar 01, 2019 4:29 am 
Offline
Space Cadet

Joined: Fri Mar 01, 2019 4:25 am
Posts: 1
I found that within QEMU I could trace memory events with -d trace:memory_region_ops_read but it traces physical memory read events. I would like to trace virtual memory read events from the guest machine or read events before they reach the mmu. This is for malware analysis and just need to record the order of the read and write events. Do you guys know if there is a way to trace the memory events of the guest machine or the virtual memory access?


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Fri Mar 01, 2019 5:02 am 
Offline
Forum All-Star
User avatar

Joined: Fri Nov 27, 2009 5:11 am
Posts: 2757
Location: Emaculation.com
The easiest way would be to use gdb or macsbug in the guest, or even IdaPro if you've got it (the PPC license is thrown in as a freebie).

However, if you're attempting to instrument the analysis from outside, it'll get a bit trickier.

I'm curious about the PPC-era malware analysis though; pretty much all PPC-era malware's been given a pretty thorough static and dynamic analysis already. Are you looking at historical malware, or the intersection of modern malware in a PPC/Classic environment (javascript, etc.)?


Top
 Profile  
Reply with quote Post a reply  
Display posts from previous:  Sort by  
Post new topic  Reply to topic Page 1 of 1 [ 2 posts ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
 

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group