QEMU/Monitor
When QEMU is running, it provides a monitor console for interacting with QEMU. Through various commands, the monitor allows you to inspect the running guest OS, change removable media and USB devices, take screenshots and audio grabs, and control various aspects of the virtual machine.
The monitor is accessed from within QEMU by holding down the Ctrl and Alt keys (or whatever the "mouse grab" keystrokes are), and pressing Ctrl-Alt-2
. Once in the monitor, Ctrl-Alt-1
switches back to the guest OS. Typing help
or ?
in the monitor brings up a list of all commands.
Alternatively the monitor can be redirected to using the -monitor <dev>
command line option.
Using -monitor stdio
will send the monitor to the standard output, this is most useful when using qemu on the command line.
Help and information
[edit | edit source]help
[edit | edit source]- help [command] or ? [command]
With no arguments, the help command lists all commands available. For more detail about another command, type help command, e.g.
(qemu) help info
On a small screen / VM window, the list of commands will scroll off the screen too quickly to let you read them. To scroll back and forth so that you can read the whole list, hold down the control key and press Page Up and Page Down.
info
[edit | edit source]- info option
Show information on some aspect of the guest OS. Available options are:
- block – block devices such as hard drives, floppy drives, cdrom
- blockstats – read and write statistics on block devices
- capture – active capturing (audio grabs)
- history – console command history
- irq – statistics on interrupts (if compiled into QEMU)
- jit – statistics on QEMU's Just In Time compiler
- kqemu – whether the kqemu kernel module is being utilised
- mem – list the active virtual memory mappings
- mice – mouse on the guest that is receiving events
- network – network devices and VLANs
- pci – PCI devices being emulated
- pcmcia – PCMCIA card devices
- pic – state of i8259 (PIC)
- profile – info on the internal profiler, if compiled into QEMU
- registers – the CPU registers
- snapshots – list the VM snapshots
- tlb – list the TLB (Translation Lookaside Buffer), i.e. mappings between physical memory and virtual memory
- usb – USB devices on the virtual USB hub
- usbhost – USB devices on the host OS
- version – QEMU version number
- vnc – VNC information
Devices
[edit | edit source]change
[edit | edit source]- change device setting
The change
command allows you to change removable media (like CD-ROMs), change the display options for a VNC, and change the password used on a VNC.
When you need to change the disc in a CD or DVD drive, or switch between different .iso files, find the name of the CD or DVD drive using info
and use change
to make the change.
(qemu) info block ide0-hd0: type=hd removable=0 file=/path/to/winxp.img ide0-hd1: type=hd removable=0 file=/path/to/pagefile.raw ide1-hd1: type=hd removable=0 file=/path/to/testing_data.img ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/sr0 ro=1 drv=host_device floppy0: type=floppy removable=1 locked=0 [not inserted] sd0: type=floppy removable=1 locked=0 [not inserted] (qemu) change ide1-cd0 /path/to/my.iso (qemu) change ide1-cd0 /dev/sr0 host_device
eject
[edit | edit source]- eject [-f] device
Use the eject
command to release the device or file connected to the removable media device specified. The -f
parameter can be used to force it if it initially refuses!
block_resize
[edit | edit source]Notify QEMU that a block device has been resized.
$ info block drive-virtio-disk3 (#block790): /guest/mud_vdd (raw) $ block_resize drive-virtio-disk3 16G
usb_add
[edit | edit source]Add a host file as USB flash device ( you need to create in advance the host file: dd if=/dev/zero of=/tmp/disk.usb bs=1024k count=32 )
usb_add disk:/tmp/disk.usb
usb_del
[edit | edit source]use info usb to get the usb device list
(qemu) info usb Device 0.1, Speed 480 Mb/s, Product XXXXXX Device 0.2, Speed 12 Mb/s, Product XXXXX (qemu) usb_del 0.2
This deletes the device
mouse_move
[edit | edit source]Sends Mouse Movevment events to guest. mouse_move dx dy [dz] -- send mouse move events. Example: [qemu]mouse_move -20 20
mouse_button
[edit | edit source]mouse_set index
[edit | edit source]sendkey keys
[edit | edit source]You can emulate keyboard events through sendkey command. The syntax is: sendkey keys. To get a list of keys, type sendkey [tab]. Examples:
- sendkey a
- sendkey shift-a
- sendkey ctrl-u
- sendkey ctrl-alt-f1
As of QEMU 0.12.5 there are:
shift | shift_r | alt | alt_r | altgr | altgr_r |
ctrl | ctrl_r | menu | esc | 1 | 2 |
3 | 4 | 5 | 6 | 7 | 8 |
9 | 0 | minus | equal | backspace | tab |
q | w | e | r | t | y |
u | i | o | p | ret | a |
s | d | f | g | h | j |
k | l | z | x | c | v |
b | n | m | comma | dot | slash |
asterisk | spc | caps_lock | f1 | f2 | f3 |
f4 | f5 | f6 | f7 | f8 | f9 |
f10 | num_lock | scroll_lock | kp_divide | kp_multiply | kp_subtract |
kp_add | kp_enter | kp_decimal | sysrq | kp_0 | kp_1 |
kp_2 | kp_3 | kp_4 | kp_5 | kp_6 | kp_7 |
kp_8 | kp_9 | < | f11 | f12 | |
home | pgup | pgdn | end | left | up |
down | right | insert | delete |
Screen and audio grabs
[edit | edit source]screendump
[edit | edit source]- screendump filename
Capture a screendump and save into a PPM image file.
wavcapture
[edit | edit source]- wavcapture filename
Capture the sound of the vm and save it into a specified .wav file.
stopcapture
[edit | edit source]- stopcapture index
Stop recording the wavcapture. Index of the first wavcapture is 0.
Virtual machine
[edit | edit source]commit
[edit | edit source]- commit device or commit all
When running QEMU with the -snapshot
option, commit changes to the device, or all devices.
quit
[edit | edit source]- quit or q
Quit QEMU immediately.
savevm
[edit | edit source]- savevm name
Save the virtual machine as the tag 'name'. Not all filesystems support this. raw does not, but qcow2 does.
loadvm
[edit | edit source]- loadvm name
Load the virtual machine tagged 'name'. This can also be done on the command line: -loadvm name
With the info snapshots command, you can request a list of available machines.
delvm
[edit | edit source]Remove the virtual machine tagged 'name'.
stop
[edit | edit source]Suspend execution of VM
cont
[edit | edit source]Reverse a previous stop command - resume execution of VM.
system_reset
[edit | edit source]This has an effect similar to the physical reset button on a PC. Warning: Filesystems may be left in an unclean state.
system_powerdown
[edit | edit source]This has an effect similar to the physical power button on a modern PC. The VM will get an ACPI shutdown request and usually shutdown cleanly.
log
[edit | edit source]- log option
logfile
[edit | edit source]- logfile filename
Write logs to specified file instead of the default path, /tmp/qemu.log
.
gdbserver
[edit | edit source]Starts a remote debugger session for the GNU debugger (gdb). To connect to it from the host machine, run the following commands:
shell$ gdb qemuKernelFile (gdb) target remote localhost:1234
x
[edit | edit source]x /format address
Displays memory at the specified virtual address using the specified format.
Refer to the xp section for details on format and address.
xp
[edit | edit source]xp /format address
Displays memory at the specified physical address using the specified format.
format: Used to specify the output format the displayed memory. The format is broken down as /[count][data_format][size]
- count: number of item to display (base 10)
- data_format: 'x' for hex, 'd' for decimal, 'u' for unsigned decimal, 'o' for octal, 'c' for char and 'i' for (disassembled) processor instructions
- size: 'b' for 8 bits, 'h' for 16 bits, 'w' for 32 bits or 'g' for 64 bits. On x86 'h' and 'w' can select instruction disassembly code formats.
address:
- Direct address, for example: 0x20000
- Register, for example: $eip
Example - Display 3 instructions on an x86 processor starting at the current instruction:
(qemu) xp /3i $eip
Example - Display the last 20 words on the stack for an x86 processor:
(qemu) xp /20wx $esp
Print (or p), evaluates and prints the expression given to it. The result will be printed in hexadecimal, but decimal can also be used in the expression. If the result overflows it will wrap around. To use a the value in a CPU register use $<register name>. The name of the register should be lower case. You can see registers with the info registers command.
Example of qemu simulating an i386.
(qemu) print 16 0x10 (qemu) print 16 + 0x10 0x20 (qemu) print $eax 0xc02e4000 (qemu) print $eax + 2 0xc02e4002 (qemu) print ($eax + 2) * 2 0x805c8004 (qemu) print 0x80000000 * 2 0
More information on the architecture specific register names can be found from the below qemu source file
sum
[edit | edit source]Usage: sum <address> <size>
Computes the checksum of the specified memory region
memsave
[edit | edit source]Usage: memsave <address> <size> <filename>
Links
[edit | edit source]Monitor in QEMU documentation: https://www.qemu.org/docs/master/system/monitor.html