Hi Andrzej, There were actually two methods described in the thread referred to in the thread to which you were referring in your previous mail. :) The thread was - http://thread.gmane.org/gmane.comp.emulators.qemu/16604
I used the patch provided by Stuart Brady (in the thread referred above) - and I believed that this is the one which helps me extract executed PC values, until you told me in your previous email that this is _not_ the case, and they are just the disassembled and not the executed PC trace! Can you please let me know if you were referring to the same thread or a different one? Thanks, -Shashi. On 7/13/07, andrzej zaborowski <[EMAIL PROTECTED]> wrote:
On 14/07/07, Shashidhar Mysore <[EMAIL PROTECTED]> wrote: > Thanks for the reply, Andrzej! > > Some clarifications below ... > > On 7/13/07, andrzej zaborowski <[EMAIL PROTECTED] > wrote: > > > > > > ************************************************ > > > /* convert one instruction. s->is_jmp is set if the translation must > > > be stopped. Return the next pc value */ > > > static target_ulong disas_insn(DisasContext *s, target_ulong pc_start) > > > { > > > int b, prefixes, aflag, dflag; > > > int shift, ot; > > > int modrm, reg, rm, mod, reg_addr, op, opreg, offset_addr, val; > > > target_ulong next_eip, tval; > > > int rex_w, rex_r; > > > > > > s->pc = pc_start; // This s->pc is what I am using to extract all > > > executed PC values > > > > This s->pc doesn't correspond to executed PC values, qemu is a translator. > > Can you tell me what s->pc is, in this context? Is the the start PC of a It is the PC of the disassembled instruction (hence disasm_insn). > basic block that is about to be executed? Is there any way in which I could > extract the trace of executed PCs in QEMU? Yes, there was a thread about this about two months ago. Regards