Menu
▾
▴
[kvm-devel] Setting hardware breakpoints in guest OS
|
From: <du...@so...> - 2008-01-11 01:24:33
|
Can hardware breakpoints be set (and trapped, and handled) inside a guest OS (specifially Windows XP2)? I noticed the other day that software (malicious code, in fact) packed with the EXE compressor PELock won't run under QEMU+KVM. I guessed that this was because h/w breakpoints aren't being trapped. (The PELock incarnation used in this case relies on SEH and H/W breaks -- verifying that they take place correctly -- in its decryption code in order to try to make it harder to extract the original content from packed files.) A quick try with OllyDbg suggested that I wasn't able to provoke hardware traps in my own code, either. Olly allows me to specify a H/W breakpoint but I never seem to get control back at the desired address. INT 1 and INT 3 debugging work just fine (i.e. tracing and software breakpoints). Is this "one of those things" to do with virtualisation? QEMU+kqemu handles PELock files just fine. Apologies if this is an already-answered question. I couldn't find an answer on my own. |
