martinradev

The way it is implemented right now is the following: 1) The page table bound to the architectural register(s) is parsed and the page ranges are saved into a cache...

I think using /proc/QEMU_PID/mem for searching memory also requires that pwndbg would have information about how guest virtual memory is mapped to guest physical memory. The way I've implemented it...

> if we should really use a git submodule or maybe copy the code or sth else and merge to dev. The gdb-pt-dump is "actively" being developed. I usually try...

Similar situation: 0x7ffff7a72374 mov rax, qword ptr [rip + 0x363b2d] 0x7ffff7a7237b lea rdi, [rip + 0x122066] 0x7ffff7a72382 lea rsi, [rsp + 0x30] 0x7ffff7a72387 mov dword ptr [rip + 0x36612f], 0...

I've been slowly working on improving the perf and reliability of gdb-pt-dump by rewriting the core to Rust: https://github.com/martinradev/pt-dump The end goal is to practically delete most the code in...

I'm looking for the right architectural solution to support my usecase. I'm happy to get my hands dirty once direction is agreed.

In particular, I don't know how the container is started since I do not own the infra. My guess is that it's started with strict seccomp applied for security. Thanks...

Thanks for the report Can you please share this info: qemu version launch command kernel version

Sounds good! Could you please provide me steps for emulating an aarch64 hypervisor with QEMU?

I think the -addr option was overall not well thought out. Rather, there should be few architecturally-dependent options to select what to dump: - x86: -cr3 - aarch64: -ttbr0_el1 -ttbr1_el1...