我见过最全的剖析QEMU原理的文章
qemu代码分析
qemu中ELF文件的加载
几个关键点,可以设计断点,观察。
$ cat command.gdb
set breakpoint pending on
file bin/debug/native/x86_64-softmmu/qemu-system-x86_64
handle SIGUSR2 noprint nostop
handle SIGUSR1 noprint nostop
# type_init before main
# break type_init
break main
break main_loop
break qemu_init_cpu_loop
# qemu_coroutine_create when bdrv_open
break qemu_coroutine_create
# drive_init_func -> blk_new_open
break qemu_coroutine_new
break qemu_coroutine_enter
# drive_init_func load linux-0.2.img
break bdrv_open_image
break bdrv_open
# rcu, drive_init_func, ide_create_drive, vnc_init_func
# main_loop -> do_spawn_thread -> qemu_thread_create
break qemu_thread_create
# PC hardware initialisation
break pc_init1
# first init cpu, in pc_cpus_init, and start kvm or TCG
# vcpu thread
break qemu_init_vcpu
break kvm_init_vcpu
break kvm_cpu_exec
# then init pci bus
break i440fx_init
# pci_vga_init load pc-bios/vgabios-stdvga.bin
# pc_nic_init load pc-bios/efi-e1000.rom
# io thread
break iothread_complete
break qemu_thread_create
break load_image
# load kernel
break load_linux
break load_aout
break load_at
break load_elf
break load_elf_strerror
break load_image
break load_image_gzipped
break load_image_gzipped_buffer
break load_image_size
break load_image_targphys
break load_ramdisk
break load_uboot_image
break load_uimage
break load_elf_binary
break load_elf
break load_elf_image
break load_elf_64
break load_elf_32
break loader_exec
# pc-bios/bios-256k.bin
# pc-bios/vgabios-stdvga.bin
# pc-bios/efi-e1000.rom
break get_image_size
run /home/shhfeng/qemu/bin/debug/native/linux-0.2.img -vnc 0.0.0.0:1