Friends, I'm trying to track the complete execution of the operating system, including processes running on top of it. For this, I want the instructions to be executed by each process and its execution trace, and I want to do this without having to run the objdump of each process.
So, my goals are:
1) Building the address space of each pid.
2) Tracking the execution of each pid.
To achieve the above goals, I run a Linux-based operating system on top of the Qemu emulator.
When qemu first encounters a command, I will check the pid of the process executing this instruction using io-port or a known physical memory address in the guest system. Then I can use this information to do what I need.
My problem is ....... where in the kernel /sched.c I can find out the pid of the process that will be launched next. So I canβt calculate a function call like β launch_process (pid). If someone, please indicate to me this place in the core. Or is there a known place in the system where we can track the address space. One of them is CR3, but I really can't trust him.
For some guys, this may seem like a trivial pointer to this place, but I cannot find this location on my own.
source
share