QEMU/Monitor

• help [command] or ? [command]

With no arguments, the help command lists all commands available. For more detail about another command, type help command, e.g.

(qemu) help info

On a small screen / VM window, the list of commands will scroll off the screen too quickly to let you read them. To scroll back and forth so that you can read the whole list, hold down the control key and press Page Up and Page Down.

• info option

Show information on some aspect of the guest OS. Available options are:

• block – block devices such as hard drives, floppy drives, cdrom
• blockstats – read and write statistics on block devices
• capture – active capturing (audio grabs)
• history – console command history
• irq – statistics on interrupts (if compiled into QEMU)
• jit – statistics on QEMU's Just In Time compiler
• kqemu – whether the kqemu kernel module is being utilised
• mem – list the active virtual memory mappings
• mice – mouse on the guest that is receiving events
• network – network devices and VLANs
• pci – PCI devices being emulated
• pcmcia – PCMCIA card devices
• pic – state of i8259 (PIC)
• profile – info on the internal profiler, if compiled into QEMU
• registers – the CPU registers
• snapshots – list the VM snapshots
• tlb – list the TLB (Translation Lookaside Buffer), i.e. mappings between physical memory and virtual memory
• usb – USB devices on the virtual USB hub
• usbhost – USB devices on the host OS
• version – QEMU version number
• vnc – VNC information

• change device setting

The change command allows you to change removable media (like CD-ROMs), change the display options for a VNC, and change the password used on a VNC.

When you need to change the disc in a CD or DVD drive, or switch between different .iso files, find the name of the CD or DVD drive using info and use change to make the change.

(qemu) info block
ide0-hd0: type=hd removable=0 file=/path/to/winxp.img
ide0-hd1: type=hd removable=0 file=/path/to/pagefile.raw
ide1-hd1: type=hd removable=0 file=/path/to/testing_data.img
ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/sr0 ro=1 drv=host_device
floppy0: type=floppy removable=1 locked=0 [not inserted]
sd0: type=floppy removable=1 locked=0 [not inserted]
(qemu) change ide1-cd0 /path/to/my.iso
(qemu) change ide1-cd0 /dev/sr0 host_device

• eject [-f] device

Use the eject command to release the device or file connected to the removable media device specified. The -f parameter can be used to force it if it initially refuses!

Notify QEMU that a block device has been resized.

$ info block
drive-virtio-disk3 (#block790): /guest/mud_vdd (raw)
$ block_resize  drive-virtio-disk3  16G

Add a host file as USB flash device ( you need to create in advance the host file: dd if=/dev/zero of=/tmp/disk.usb bs=1024k count=32 )

usb_add disk:/tmp/disk.usb

use info usb to get the usb device list

(qemu) info usb
Device 0.1, Speed 480 Mb/s, Product XXXXXX
Device 0.2, Speed 12 Mb/s, Product XXXXX

(qemu) usb_del 0.2

This deletes the device

Sends Mouse Movevment events to guest. mouse_move dx dy [dz] -- send mouse move events. Example: [qemu]mouse_move -20 20

You can emulate keyboard events through sendkey command. The syntax is: sendkey keys. To get a list of keys, type sendkey [tab]. Examples:

• sendkey a
• sendkey shift-a
• sendkey ctrl-u
• sendkey ctrl-alt-f1

As of QEMU 0.12.5 there are:

• screendump filename

Capture a screendump and save into a PPM image file.

• wavcapture filename

Capture the sound of the vm and save it into a specified .wav file.

• stopcapture index

Stop recording the wavcapture. Index of the first wavcapture is 0.

• commit device or commit all

When running QEMU with the -snapshot option, commit changes to the device, or all devices.

• quit or q

Quit QEMU immediately.

• savevm name

Save the virtual machine as the tag 'name'. Not all filesystems support this. raw does not, but qcow2 does.

• loadvm name

Load the virtual machine tagged 'name'. This can also be done on the command line: -loadvm name

With the info snapshots command, you can request a list of available machines.

Remove the virtual machine tagged 'name'.

Suspend execution of VM

Reverse a previous stop command - resume execution of VM.

This has an effect similar to the physical reset button on a PC. Warning: Filesystems may be left in an unclean state.

This has an effect similar to the physical power button on a modern PC. The VM will get an ACPI shutdown request and usually shutdown cleanly.

• log option

• logfile filename

Write logs to specified file instead of the default path, /tmp/qemu.log .

Starts a remote debugger session for the GNU debugger (gdb). To connect to it from the host machine, run the following commands:

shell$ gdb qemuKernelFile
(gdb) target remote localhost:1234

x /format address

Displays memory at the specified virtual address using the specified format.

Refer to the xp section for details on format and address.

xp /format address

Displays memory at the specified physical address using the specified format.

format: Used to specify the output format the displayed memory. The format is broken down as /[count][data_format][size]

• count: number of item to display (base 10)
• data_format: 'x' for hex, 'd' for decimal, 'u' for unsigned decimal, 'o' for octal, 'c' for char and 'i' for (disassembled) processor instructions
• size: 'b' for 8 bits, 'h' for 16 bits, 'w' for 32 bits or 'g' for 64 bits. On x86 'h' and 'w' can select instruction disassembly code formats.

address:

• Direct address, for example: 0x20000
• Register, for example: $eip

Example - Display 3 instructions on an x86 processor starting at the current instruction:

(qemu) xp /3i $eip

Example - Display the last 20 words on the stack for an x86 processor:

(qemu) xp /20wx $esp

Print (or p), evaluates and prints the expression given to it. The result will be printed in hexadecimal, but decimal can also be used in the expression. If the result overflows it will wrap around. To use a the value in a CPU register use $<register name>. The name of the register should be lower case. You can see registers with the info registers command.

Example of qemu simulating an i386.

(qemu) print 16
0x10
(qemu) print 16 + 0x10
0x20
(qemu) print $eax
0xc02e4000
(qemu) print $eax + 2
0xc02e4002
(qemu) print ($eax + 2) * 2
0x805c8004
(qemu) print 0x80000000 * 2
0

More information on the architecture specific register names can be found from the below qemu source file

http://git.qemu.org/?p=qemu.git;a=blob;f=monitor.c;h=1266ba06fb032cb0e7c9dbaa1b6d22cd9047c6b4;hb=HEAD#l3044

Usage: sum <address> <size>
Computes the checksum of the specified memory region

Usage: memsave <address> <size> <filename>

Monitor in QEMU documentation: https://www.qemu.org/docs/master/system/monitor.html