Skip to content

vm86

Intro

vm86 - Allows a user space program to execute 8086-CPU instructions in virtual 8086 mode.

Description

The vm86() system call provides a program with a way to execute 8086 instructions in virtual 8086 mode, with access to the protected-mode resources of the kernel such as memory and I/O ports. It provides a program a safe and controlled way to enter the realm of protected mode code. It is useful when emulation a x86 instruction set which is normally executed in 16-bit mode.

There are few drawbacks when using this system call. Notably, it cannot be used in a multithreaded environment, as the virtual 8086 mode facility is not thread-safe. It also requires full control over the current processes virtual address space, meaning that the process must be single-threaded, without shared memory.

Arguments

  • fn:unsigned long[K] - A bitmask indicating the requested functions.
  • v86:struct vm86plus_struct*[K] - A pointer to a struct vm86plus_struct containing a state to be used when entering or leaving virtual 8086 mode.

Available Tags

  • K - Originated from kernel-space.

Hooks

Entry point

Type

Kprobes

Purpose

To monitor the entry of system call vm86

Example Use Case

A typical use case is when an emulator is running a 32-bit x86 instruction set in 16-bit mode. This can be done by using the vm86() system call, which switches the virtual address spaces for the process and loads up the registers and segments. The process can then execute the 16-bit code in the virtual 8086 mode environment.

Issues

The virtual 8086 mode environment is not thread safe, so the vm86() system call cannot be used in a multithreaded environment. It also requires full control over the current processes virtual address space, meaning that the process must be single-threaded, without shared memory.

  • execve() - Used to run ARM emulator

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.