This lecture series is adopted from the QEMU Internals blog posts published by Airbus Security Lab. Compared to the original posts, we changed the target architecture to riscv64, rebase qemu to 10.0.2, and removed TCG related content.
This is a series of posts about QEMU internals. It won't cover everything about QEMU, but should help you understand how it works and foremost how to hack into it for fun and profit.
We won't explain usage and other things that can be found in the official documentation. The following topics will be addressed:
- Creating a new machine
- Controlling memory regions
- Creating a new device
- Interrupts controller
- Timers
- PCI controller
- PCI devices
- Options
- Execution loop
- Breakpoints handling
- VM running states
- Snapshots
The official code and documentation can be found here:
The code we modified for this lecture series is available at https://github.com/pkucnc/qemu_internals
If you find any bugs, please feel free to open an issue or submit a pull request.