For the purpose of studying, I want to have full access to the physical memory of the guest QEMU in real-time mode. The "pmemsave" command freezes the guest OS. Is there a way for me to somehow map the physical memory to a Linux partition in order to have access in real-time mode?
i try use pmemsave, but it freezes, and i want have realtime access
Wel, this dumps memory in qemu-monitor not creating file on hdd.
xp /fmt addr
xp
Physical memory dump starting at addr.
fmt is a format which tells the command how to format the data.
Its syntax is: /{count}{format}{size}
countis the number of items to be dumped.
formatcan be x (hex), d (signed decimal), u (unsigned decimal), o (octal), c (char) or i (asm instruction).
size
can be b (8 bits), h (16 bits), w (32 bits) or g (64 bits). On x86, h or w can be specified with the i format to respectively select 16 or 32 bit code instruction size.
Examples:
Dump 10 instructions at the current instruction pointer:
(qemu) x/10i $eip
0x90107063: ret
0x90107064: sti
0x90107065: lea 0x0(%esi,1),%esi
0x90107069: lea 0x0(%edi,1),%edi
0x90107070: ret
0x90107071: jmp 0x90107080
0x90107073: nop
0x90107074: nop
0x90107075: nop
0x90107076: nop
If app is freezing maybe try smaller chunks. This dumps 1 MB...
pmemsave 0x000 1048576 file.dmp
