[go: up one dir, main page]

When QEMU is running, it provides a monitor console for interacting with QEMU. Through various commands, the monitor allows you to inspect the running guest OS, change removable media and USB devices, take screenshots and audio grabs, and control various aspects of the virtual machine.

The monitor is accessed from within QEMU by holding down the Ctrl and Alt keys (or whatever the "mouse grab" keystrokes are), and pressing Ctrl-Alt-2. Once in the monitor, Ctrl-Alt-1 switches back to the guest OS. Typing help or ? in the monitor brings up a list of all commands. Alternatively the monitor can be redirected to using the -monitor <dev> command line option. Using -monitor stdio will send the monitor to the standard output, this is most useful when using qemu on the command line.

Help and information

edit

help

edit
  • help [command] or ? [command]

With no arguments, the help command lists all commands available. For more detail about another command, type help command, e.g.

(qemu) help info

On a small screen / VM window, the list of commands will scroll off the screen too quickly to let you read them. To scroll back and forth so that you can read the whole list, hold down the control key and press Page Up and Page Down.

info

edit
  • info option

Show information on some aspect of the guest OS. Available options are:

  • block – block devices such as hard drives, floppy drives, cdrom
  • blockstats – read and write statistics on block devices
  • capture – active capturing (audio grabs)
  • history – console command history
  • irq – statistics on interrupts (if compiled into QEMU)
  • jit – statistics on QEMU's Just In Time compiler
  • kqemu – whether the kqemu kernel module is being utilised
  • mem – list the active virtual memory mappings
  • mice – mouse on the guest that is receiving events
  • network – network devices and VLANs
  • pci – PCI devices being emulated
  • pcmciaPCMCIA card devices
  • pic – state of i8259 (PIC)
  • profile – info on the internal profiler, if compiled into QEMU
  • registers – the CPU registers
  • snapshots – list the VM snapshots
  • tlb – list the TLB (Translation Lookaside Buffer), i.e. mappings between physical memory and virtual memory
  • usb – USB devices on the virtual USB hub
  • usbhost – USB devices on the host OS
  • version – QEMU version number
  • vncVNC information

Devices

edit

change

edit
  • change device setting

The change command allows you to change removable media (like CD-ROMs), change the display options for a VNC, and change the password used on a VNC.

When you need to change the disc in a CD or DVD drive, or switch between different .iso files, find the name of the CD or DVD drive using info and use change to make the change.

(qemu) info block
ide0-hd0: type=hd removable=0 file=/path/to/winxp.img
ide0-hd1: type=hd removable=0 file=/path/to/pagefile.raw
ide1-hd1: type=hd removable=0 file=/path/to/testing_data.img
ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/sr0 ro=1 drv=host_device
floppy0: type=floppy removable=1 locked=0 [not inserted]
sd0: type=floppy removable=1 locked=0 [not inserted]
(qemu) change ide1-cd0 /path/to/my.iso
(qemu) change ide1-cd0 /dev/sr0 host_device

eject

edit
  • eject [-f] device

Use the eject command to release the device or file connected to the removable media device specified. The -f parameter can be used to force it if it initially refuses!

block_resize

edit

Notify QEMU that a block device has been resized.

$ info block
drive-virtio-disk3 (#block790): /guest/mud_vdd (raw)
$ block_resize  drive-virtio-disk3  16G

usb_add

edit

Add a host file as USB flash device ( you need to create in advance the host file: dd if=/dev/zero of=/tmp/disk.usb bs=1024k count=32 )

usb_add disk:/tmp/disk.usb

usb_del

edit

use info usb to get the usb device list

(qemu) info usb
Device 0.1, Speed 480 Mb/s, Product XXXXXX
Device 0.2, Speed 12 Mb/s, Product XXXXX

(qemu) usb_del 0.2


This deletes the device

mouse_move

edit

Sends Mouse Movevment events to guest. mouse_move dx dy [dz] -- send mouse move events. Example: [qemu]mouse_move -20 20

mouse_button

edit

mouse_set index

edit

sendkey keys

edit

You can emulate keyboard events through sendkey command. The syntax is: sendkey keys. To get a list of keys, type sendkey [tab]. Examples:

  • sendkey a
  • sendkey shift-a
  • sendkey ctrl-u
  • sendkey ctrl-alt-f1

As of QEMU 0.12.5 there are:

shift shift_r alt alt_r altgr altgr_r
ctrl ctrl_r menu esc 1 2
3 4 5 6 7 8
9 0 minus equal backspace tab
q w e r t y
u i o p ret a
s d f g h j
k l z x c v
b n m comma dot slash
asterisk spc caps_lock f1 f2 f3
f4 f5 f6 f7 f8 f9
f10 num_lock scroll_lock kp_divide kp_multiply kp_subtract
kp_add kp_enter kp_decimal sysrq kp_0 kp_1
kp_2 kp_3 kp_4 kp_5 kp_6 kp_7
kp_8 kp_9 < f11 f12 print
home pgup pgdn end left up
down right insert delete

Screen and audio grabs

edit

screendump

edit
  • screendump filename

Capture a screendump and save into a PPM image file.

wavcapture

edit
  • wavcapture filename

Capture the sound of the vm and save it into a specified .wav file.

stopcapture

edit
  • stopcapture index

Stop recording the wavcapture. Index of the first wavcapture is 0.

Virtual machine

edit

commit

edit
  • commit device or commit all

When running QEMU with the -snapshot option, commit changes to the device, or all devices.

quit

edit
  • quit or q

Quit QEMU immediately.

savevm

edit
  • savevm name

Save the virtual machine as the tag 'name'. Not all filesystems support this. raw does not, but qcow2 does.

loadvm

edit
  • loadvm name

Load the virtual machine tagged 'name'. This can also be done on the command line: -loadvm name

With the info snapshots command, you can request a list of available machines.

delvm

edit

Remove the virtual machine tagged 'name'.

stop

edit

Suspend execution of VM

cont

edit

Reverse a previous stop command - resume execution of VM.

system_reset

edit

This has an effect similar to the physical reset button on a PC. Warning: Filesystems may be left in an unclean state.

system_powerdown

edit

This has an effect similar to the physical power button on a modern PC. The VM will get an ACPI shutdown request and usually shutdown cleanly.

  • log option

logfile

edit
  • logfile filename

Write logs to specified file instead of the default path, /tmp/qemu.log .

gdbserver

edit

Starts a remote debugger session for the GNU debugger (gdb). To connect to it from the host machine, run the following commands:

shell$ gdb qemuKernelFile
(gdb) target remote localhost:1234

x /format address

Displays memory at the specified virtual address using the specified format.

Refer to the xp section for details on format and address.

xp /format address

Displays memory at the specified physical address using the specified format.

format: Used to specify the output format the displayed memory. The format is broken down as /[count][data_format][size]

  • count: number of item to display (base 10)
  • data_format: 'x' for hex, 'd' for decimal, 'u' for unsigned decimal, 'o' for octal, 'c' for char and 'i' for (disassembled) processor instructions
  • size: 'b' for 8 bits, 'h' for 16 bits, 'w' for 32 bits or 'g' for 64 bits. On x86 'h' and 'w' can select instruction disassembly code formats.

address:

  • Direct address, for example: 0x20000
  • Register, for example: $eip

Example - Display 3 instructions on an x86 processor starting at the current instruction:

(qemu) xp /3i $eip

Example - Display the last 20 words on the stack for an x86 processor:

(qemu) xp /20wx $esp

print

edit

Print (or p), evaluates and prints the expression given to it. The result will be printed in hexadecimal, but decimal can also be used in the expression. If the result overflows it will wrap around. To use a the value in a CPU register use $<register name>. The name of the register should be lower case. You can see registers with the info registers command.

Example of qemu simulating an i386.

(qemu) print 16
0x10
(qemu) print 16 + 0x10
0x20
(qemu) print $eax
0xc02e4000
(qemu) print $eax + 2
0xc02e4002
(qemu) print ($eax + 2) * 2
0x805c8004
(qemu) print 0x80000000 * 2
0

More information on the architecture specific register names can be found from the below qemu source file

http://git.qemu.org/?p=qemu.git;a=blob;f=monitor.c;h=1266ba06fb032cb0e7c9dbaa1b6d22cd9047c6b4;hb=HEAD#l3044

Usage: sum <address> <size>
Computes the checksum of the specified memory region

memsave

edit

Usage: memsave <address> <size> <filename>

edit

Monitor in QEMU documentation: https://www.qemu.org/docs/master/system/monitor.html