📄 main.c.svn-base
字号:
info.si_errno = 0; info.si_code = SEGV_NOOP; info.si_addr = 0; gdb_handlesig (env, SIGSEGV); queue_signal(info.si_signo, &info); break; case EXCP06_ILLOP: info.si_signo = SIGILL; info.si_errno = 0; info.si_code = ILL_ILLOPN; info.si_addr = (void*)env->eip; gdb_handlesig (env, SIGILL); queue_signal(info.si_signo, &info); break; case EXCP_INTERRUPT: /* just indicate that signals should be handled asap */ break; case EXCP_DEBUG: { int sig; sig = gdb_handlesig (env, SIGTRAP); if (sig) { info.si_signo = sig; info.si_errno = 0; info.si_code = TRAP_BRKPT; queue_signal(info.si_signo, &info); } } break; default: pc = (void*)(env->segs[R_CS].base + env->eip); fprintf(stderr, "qemu: 0x%08lx: unhandled CPU exception 0x%x - aborting\n", (long)pc, trapnr); abort(); } process_pending_signals(env); }}#endifvoid usage(void){ printf("qemu-" TARGET_ARCH " version " QEMU_VERSION ", Copyright (c) 2003-2004 Fabrice Bellard\n" "usage: qemu-" TARGET_ARCH " [-h] [-d opts] [-L path] [-s size] program [arguments...]\n" "Darwin CPU emulator (compiled for %s emulation)\n" "\n" "-h print this help\n" "-L path set the %s library path (default='%s')\n" "-s size set the stack size in bytes (default=%ld)\n" "\n" "debug options:\n" "-d options activate log (logfile='%s')\n" "-g wait for gdb on port 1234\n" "-p pagesize set the host page size to 'pagesize'\n", TARGET_ARCH, TARGET_ARCH, interp_prefix, stack_size, DEBUG_LOGFILE); _exit(1);}/* XXX: currently only used for async signals (see signal.c) */CPUState *global_env;/* used only if single thread */CPUState *cpu_single_env = NULL;/* used to free thread contexts */TaskState *first_task_state;int main(int argc, char **argv){ const char *filename; struct target_pt_regs regs1, *regs = ®s1; TaskState ts1, *ts = &ts1; CPUState *env; int optind; short use_gdbstub = 0; const char *r; const char *cpu_model; if (argc <= 1) usage(); /* init debug */ cpu_set_log_filename(DEBUG_LOGFILE); optind = 1; for(;;) { if (optind >= argc) break; r = argv[optind]; if (r[0] != '-') break; optind++; r++; if (!strcmp(r, "-")) { break; } else if (!strcmp(r, "d")) { int mask; CPULogItem *item; if (optind >= argc) break; r = argv[optind++]; mask = cpu_str_to_log_mask(r); if (!mask) { printf("Log items (comma separated):\n"); for(item = cpu_log_items; item->mask != 0; item++) { printf("%-10s %s\n", item->name, item->help); } exit(1); } cpu_set_log(mask); } else if (!strcmp(r, "s")) { r = argv[optind++]; stack_size = strtol(r, (char **)&r, 0); if (stack_size <= 0) usage(); if (*r == 'M') stack_size *= 1024 * 1024; else if (*r == 'k' || *r == 'K') stack_size *= 1024; } else if (!strcmp(r, "L")) { interp_prefix = argv[optind++]; } else if (!strcmp(r, "p")) { qemu_host_page_size = atoi(argv[optind++]); if (qemu_host_page_size == 0 || (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) { fprintf(stderr, "page size must be a power of two\n"); exit(1); } } else if (!strcmp(r, "g")) { use_gdbstub = 1; } else if (!strcmp(r, "cpu")) { cpu_model = argv[optind++]; if (strcmp(cpu_model, "?") == 0) {/* XXX: implement xxx_cpu_list for targets that still miss it */#if defined(cpu_list) cpu_list(stdout, &fprintf);#endif _exit(1); } } else { usage(); } } if (optind >= argc) usage(); filename = argv[optind]; /* Zero out regs */ memset(regs, 0, sizeof(struct target_pt_regs)); if (cpu_model == NULL) {#if defined(TARGET_I386)#ifdef TARGET_X86_64 cpu_model = "qemu64";#else cpu_model = "qemu32";#endif#elif defined(TARGET_PPC)#ifdef TARGET_PPC64 cpu_model = "970";#else cpu_model = "750";#endif#else#error unsupported CPU#endif } /* NOTE: we need to init the CPU at this stage to get qemu_host_page_size */ env = cpu_init(cpu_model); printf("Starting %s with qemu\n----------------\n", filename); commpage_init(); if (mach_exec(filename, argv+optind, environ, regs) != 0) { printf("Error loading %s\n", filename); _exit(1); } syscall_init(); signal_init(); global_env = env; /* build Task State */ memset(ts, 0, sizeof(TaskState)); env->opaque = ts; ts->used = 1; env->user_mode_only = 1;#if defined(TARGET_I386) cpu_x86_set_cpl(env, 3); env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK; env->hflags |= HF_PE_MASK; if (env->cpuid_features & CPUID_SSE) { env->cr[4] |= CR4_OSFXSR_MASK; env->hflags |= HF_OSFXSR_MASK; } /* flags setup : we activate the IRQs by default as in user mode */ env->eflags |= IF_MASK; /* darwin register setup */ env->regs[R_EAX] = regs->eax; env->regs[R_EBX] = regs->ebx; env->regs[R_ECX] = regs->ecx; env->regs[R_EDX] = regs->edx; env->regs[R_ESI] = regs->esi; env->regs[R_EDI] = regs->edi; env->regs[R_EBP] = regs->ebp; env->regs[R_ESP] = regs->esp; env->eip = regs->eip; /* Darwin LDT setup */ /* 2 - User code segment 3 - User data segment 4 - User cthread */ bzero(ldt_table, LDT_TABLE_SIZE * sizeof(ldt_table[0])); env->ldt.base = (uint32_t) ldt_table; env->ldt.limit = sizeof(ldt_table) - 1; write_dt(ldt_table + 2, 0, 0xfffff, DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK | (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT)); write_dt(ldt_table + 3, 0, 0xfffff, DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK | (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT)); write_dt(ldt_table + 4, 0, 0xfffff, DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK | (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT)); /* Darwin GDT setup. * has changed a lot between old Darwin/x86 (pre-Mac Intel) and Mac OS X/x86, now everything is done via int 0x81(mach) int 0x82 (thread) and sysenter/sysexit(unix) */ bzero(gdt_table, sizeof(gdt_table)); env->gdt.base = (uint32_t)gdt_table; env->gdt.limit = sizeof(gdt_table) - 1; /* Set up a back door to handle sysenter syscalls (unix) */ char * syscallbackdoor = malloc(64); page_set_flags((int)syscallbackdoor, (int)syscallbackdoor + 64, PROT_EXEC | PROT_READ | PAGE_VALID); int i = 0; syscallbackdoor[i++] = 0xcd; syscallbackdoor[i++] = 0x90; /* int 0x90 */ syscallbackdoor[i++] = 0x0F; syscallbackdoor[i++] = 0x35; /* sysexit */ /* Darwin sysenter/sysexit setup */ env->sysenter_cs = 0x1; //XXX env->sysenter_eip = (int)syscallbackdoor; env->sysenter_esp = (int)malloc(64); /* Darwin TSS setup This must match up with GDT[4] */ env->tr.base = (uint32_t) tss; env->tr.limit = sizeof(tss) - 1; env->tr.flags = DESC_P_MASK | (0x9 << DESC_TYPE_SHIFT); stw(tss + 2, 0x10); // ss0 = 0x10 = GDT[2] = Kernel Data Segment /* Darwin interrupt setup */ bzero(idt_table, sizeof(idt_table)); env->idt.base = (uint32_t) idt_table; env->idt.limit = sizeof(idt_table) - 1; set_idt(0, 0); set_idt(1, 0); set_idt(2, 0); set_idt(3, 3); set_idt(4, 3); set_idt(5, 3); set_idt(6, 0); set_idt(7, 0); set_idt(8, 0); set_idt(9, 0); set_idt(10, 0); set_idt(11, 0); set_idt(12, 0); set_idt(13, 0); set_idt(14, 0); set_idt(15, 0); set_idt(16, 0); set_idt(17, 0); set_idt(18, 0); set_idt(19, 0); /* Syscalls are done via int 0x80 (unix) (rarely used) int 0x81 (mach) int 0x82 (thread) int 0x83 (diag) (not handled here) sysenter/sysexit (unix) -> we redirect that to int 0x90 */ set_idt(0x79, 3); /* Commpage hack, here is our backdoor interrupt */ set_idt(0x80, 3); /* Unix Syscall */ set_idt(0x81, 3); /* Mach Syscalls */ set_idt(0x82, 3); /* thread Syscalls */ set_idt(0x90, 3); /* qemu-darwin-user's Unix syscalls backdoor */ cpu_x86_load_seg(env, R_CS, __USER_CS); cpu_x86_load_seg(env, R_DS, __USER_DS); cpu_x86_load_seg(env, R_ES, __USER_DS); cpu_x86_load_seg(env, R_SS, __USER_DS); cpu_x86_load_seg(env, R_FS, __USER_DS); cpu_x86_load_seg(env, R_GS, __USER_DS);#elif defined(TARGET_PPC) { int i;#if defined(TARGET_PPC64)#if defined(TARGET_ABI32) env->msr &= ~((target_ulong)1 << MSR_SF);#else env->msr |= (target_ulong)1 << MSR_SF;#endif#endif env->nip = regs->nip; for(i = 0; i < 32; i++) { env->gpr[i] = regs->gpr[i]; } }#else#error unsupported target CPU#endif if (use_gdbstub) { printf("Waiting for gdb Connection on port 1234...\n"); gdbserver_start (1234); gdb_handlesig(env, 0); } cpu_loop(env); /* never exits */ return 0;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -