[Bochs-developers] monitoring OS API calls

Stanislav Shwartsman stl at fidonet.org.il
Sat Mar 25 04:00:10 CST 2006


Bochs already has two tools which able to do the things you describing.

Bochs instrumentation allows you to set callback function for memory access
occurred (it actually has a lot more capabilities) and you could write the
callbacks to monitor WinAPI calls or everything else you want.

Bochs internal debugger has virtual/linear/physical address breakpoint
capability already, it also has some code to monitor Linux system calls as

May be part of the code is outdate and should be modified/fixed but I don't
think it should be a big effort to do that and I also could help you to do
it fixing bugs or adding debug capabilities to the CPU.
I think the tight choose for you it is Bochs with instrumentation; QEMU is
less attractive because it has DT and it is much harder to instrument
translated and not emulated code.


-----Original Message-----
From: bochs-developers-admin at lists.sourceforge.net
[mailto:bochs-developers-admin at lists.sourceforge.net] On Behalf Of Saulius
Sent: Saturday, March 25, 2006 11:58 AM
To: bochs-developers at lists.sourceforge.net
Cc: wine-devel at winehq.org
Subject: [Bochs-developers] monitoring OS API calls


I mean Windows there - my primary aim is to monitor WinAPI calls.  There 
exists quite a few of monitor apps to achieve this.  But their nature is 
soft-intrusive - they patch system DLLs on disk or PE images in memory.

I'd like to monitor calling of a functions from a lower-level side.  One 
possibility is to rewrite system DLLs, which is hard in a case of Windows.  
Maybe another possibility can be to run OS in machine emulator and to 
break on reading/executing some virtual memory addresses?  I imagine 
physical memory maps into linear addresses which maps into virtual 
addresses (perhaps into unshared space of each win32 process).

Then it would be nice to implement a Debug Logging similar to one from the 
Wine project. [*]

What effort is needed to implement breaking of emulation on execution of 
given/defined virtual addresses (plus reading a CPU state and virtual 
memory) of different Windows OS versions inside machine emulator?

Can such code be put as some plugin to BOCHS or so?  Maybe I need to look 
at the different machine virtualization projects like Qemu?

[*] http://winehq.org/site/developer-cheatsheet

This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
bochs-developers mailing list
bochs-developers at lists.sourceforge.net

More information about the wine-devel mailing list