Hello there, I've been working to understand how QEMU works in an attempt to use it for a project on dynamic binary translation. I've been tracing my way through the user-mode emulation files via GDB and careful examination of the source code (I'm working with v1.1 as it's a bit simpler to understand for now), but I've come to a point where I could use a bit of help. I'd like to specify which parts of a program get translated, and then extract the results of that part of the program (i.e., start a program in one architecture, translate a subset of instructions to another architecture, execute those in QEMU, then retrieve the results from a particular register and finish program execution in the original architecture). I found the image_info structure in qemu.h, and was wondering if I could modify the start_code and end_code values to denote the subset of instructions I wanted to translate (or am I completely off-base here, in which case I'd appreciate a pointer or two if possible).
Thank you! Anthony C.
