I've tried to use KVMI_VCPU_TRANSLATE_GVA to translate a user space gva to gpa, so that eventually I could read this memory. (I have a breakpoint at syscalls, and I'd like to read the filename, which pointer is in %edi/%esi.) However, KVM returns ~0, meaning that it's an UNMAPPED_GVA. Would you know why is that so?
The KVM source code has a comment that functions which read memory are "meant" for instructions fetching. However, I don't understand why that would matter. I try to perform address translation while the vcpu is executing, so I expected it to just work. I've seen that libvmi has code that performs page table lookup, so there must be a good reason behind it...
I'll be grateful for your insight.
Thank you.
I've tried to use KVMI_VCPU_TRANSLATE_GVA to translate a user space gva to gpa, so that eventually I could read this memory. (I have a breakpoint at syscalls, and I'd like to read the filename, which pointer is in %edi/%esi.) However, KVM returns ~0, meaning that it's an UNMAPPED_GVA. Would you know why is that so?
The KVM source code has a comment that functions which read memory are "meant" for instructions fetching. However, I don't understand why that would matter. I try to perform address translation while the vcpu is executing, so I expected it to just work. I've seen that libvmi has code that performs page table lookup, so there must be a good reason behind it...
I'll be grateful for your insight.
Thank you.