Skip to content

qemu ¤

Determine whether the target is being run under QEMU.

Classes:

Functions:

QemuPhysAddressNotResolvedError ¤

QemuPhysAddressNotResolvedError(address: int)

Bases: Exception

QemuMtree ¤

QemuMtree()

Methods:

Attributes:

mtree instance-attribute ¤

mtree = []

find ¤

find(physical_address: int) -> tuple[int, int]

QemuMachine ¤

QemuMachine()

Bases: Machine

Methods:

Attributes:

pid instance-attribute ¤

pid = get_qemu_pid()

file instance-attribute ¤

file = open(f'/proc/{pid}/mem', O_RDONLY)

mtree instance-attribute ¤

mtree = QemuMtree()

__del__ ¤

__del__() -> None

search_pids_for_file staticmethod ¤

search_pids_for_file(pids: list[str], filename: str) -> str | None

get_qemu_pid staticmethod ¤

get_qemu_pid() -> int

read_memory ¤

read_memory(address: int, length: int) -> bytearray

read_physical_memory ¤

read_physical_memory(physical_address: int, length: int) -> bytearray

Assumes each RAM chunk (defined by each line of the mtree output) is virtually contiguous on the host side Assumes any changes to the mtree output does not change the gpa2hva computed earlier, verified as follows: used -S to compare the mtree output during bootloading and when kernel has finished initialization

read_register ¤

read_register(register_name: str) -> int

qemu_gdbserver_version ¤

qemu_gdbserver_version() -> tuple[int, ...] | None

Returns QEMU version. Works since QEMU 10.1.0

is_qemu ¤

is_qemu() -> bool

is_usermode ¤

is_usermode() -> bool

is_qemu_usermode ¤

is_qemu_usermode() -> bool

Returns True if the target remote is being run under QEMU usermode emulation.

is_qemu_kernel ¤

is_qemu_kernel() -> bool

is_old_qemu_user ¤

is_old_qemu_user() -> bool

exec_file_supported ¤

exec_file_supported() -> bool

Returns True if the remote target understands the 'qXfer:exec-file:read' packet. A check for this feature is done in vmmap code, to warn against running legacy Qemu versions.

get_qemu_machine ¤

get_qemu_machine(verbose: bool = False) -> QemuMachine | None