0.7.1-alt1

[qemu] / qemu / qemu-doc.html

<HTML>
<HEAD>
<!-- Created by texi2html 1.56k from qemu-doc.texi on 24 July 2005 -->

<TITLE>QEMU CPU Emulator User Documentation</TITLE>
</HEAD>
<BODY>
<H1>QEMU CPU Emulator User Documentation</H1>
<P>
<P><HR><P>
<H1>Table of Contents</H1>
<UL>
<LI><A NAME="TOC1" HREF="qemu-doc.html#SEC1">1. Introduction</A>
<UL>
<LI><A NAME="TOC2" HREF="qemu-doc.html#SEC2">1.1 Features</A>
</UL>
<LI><A NAME="TOC3" HREF="qemu-doc.html#SEC3">2. Installation</A>
<UL>
<LI><A NAME="TOC4" HREF="qemu-doc.html#SEC4">2.1 Linux</A>
<LI><A NAME="TOC5" HREF="qemu-doc.html#SEC5">2.2 Windows</A>
<LI><A NAME="TOC6" HREF="qemu-doc.html#SEC6">2.3 Mac OS X</A>
</UL>
<LI><A NAME="TOC7" HREF="qemu-doc.html#SEC7">3. QEMU PC System emulator invocation</A>
<UL>
<LI><A NAME="TOC8" HREF="qemu-doc.html#SEC8">3.1 Introduction</A>
<LI><A NAME="TOC9" HREF="qemu-doc.html#SEC9">3.2 Quick Start</A>
<LI><A NAME="TOC10" HREF="qemu-doc.html#SEC10">3.3 Invocation</A>
<LI><A NAME="TOC11" HREF="qemu-doc.html#SEC11">3.4 Keys</A>
<LI><A NAME="TOC12" HREF="qemu-doc.html#SEC12">3.5 QEMU Monitor</A>
<UL>
<LI><A NAME="TOC13" HREF="qemu-doc.html#SEC13">3.5.1 Commands</A>
<LI><A NAME="TOC14" HREF="qemu-doc.html#SEC14">3.5.2 Integer expressions</A>
</UL>
<LI><A NAME="TOC15" HREF="qemu-doc.html#SEC15">3.6 Disk Images</A>
<UL>
<LI><A NAME="TOC16" HREF="qemu-doc.html#SEC16">3.6.1 Quick start for disk image creation</A>
<LI><A NAME="TOC17" HREF="qemu-doc.html#SEC17">3.6.2 Snapshot mode</A>
<LI><A NAME="TOC18" HREF="qemu-doc.html#SEC18">3.6.3 <CODE>qemu-img</CODE> Invocation</A>
</UL>
<LI><A NAME="TOC19" HREF="qemu-doc.html#SEC19">3.7 Network emulation</A>
<UL>
<LI><A NAME="TOC20" HREF="qemu-doc.html#SEC20">3.7.1 Using tun/tap network interface</A>
<LI><A NAME="TOC21" HREF="qemu-doc.html#SEC21">3.7.2 Using the user mode network stack</A>
</UL>
<LI><A NAME="TOC22" HREF="qemu-doc.html#SEC22">3.8 Direct Linux Boot</A>
<LI><A NAME="TOC23" HREF="qemu-doc.html#SEC23">3.9 GDB usage</A>
<LI><A NAME="TOC24" HREF="qemu-doc.html#SEC24">3.10 Target OS specific information</A>
<UL>
<LI><A NAME="TOC25" HREF="qemu-doc.html#SEC25">3.10.1 Linux</A>
<LI><A NAME="TOC26" HREF="qemu-doc.html#SEC26">3.10.2 Windows</A>
<UL>
<LI><A NAME="TOC27" HREF="qemu-doc.html#SEC27">3.10.2.1 SVGA graphic modes support</A>
<LI><A NAME="TOC28" HREF="qemu-doc.html#SEC28">3.10.2.2 CPU usage reduction</A>
<LI><A NAME="TOC29" HREF="qemu-doc.html#SEC29">3.10.2.3 Windows 2000 disk full problem</A>
<LI><A NAME="TOC30" HREF="qemu-doc.html#SEC30">3.10.2.4 Windows XP security problems</A>
</UL>
<LI><A NAME="TOC31" HREF="qemu-doc.html#SEC31">3.10.3 MS-DOS and FreeDOS</A>
<UL>
<LI><A NAME="TOC32" HREF="qemu-doc.html#SEC32">3.10.3.1 CPU usage reduction</A>
</UL>
</UL>
</UL>
<LI><A NAME="TOC33" HREF="qemu-doc.html#SEC33">4. QEMU PowerPC System emulator invocation</A>
<LI><A NAME="TOC34" HREF="qemu-doc.html#SEC34">5. Sparc32 System emulator invocation</A>
<LI><A NAME="TOC35" HREF="qemu-doc.html#SEC35">6. Sparc64 System emulator invocation</A>
<LI><A NAME="TOC36" HREF="qemu-doc.html#SEC36">7. MIPS System emulator invocation</A>
<LI><A NAME="TOC37" HREF="qemu-doc.html#SEC37">8. QEMU User space emulator invocation</A>
<UL>
<LI><A NAME="TOC38" HREF="qemu-doc.html#SEC38">8.1 Quick Start</A>
<LI><A NAME="TOC39" HREF="qemu-doc.html#SEC39">8.2 Wine launch</A>
<LI><A NAME="TOC40" HREF="qemu-doc.html#SEC40">8.3 Command line options</A>
</UL>
<LI><A NAME="TOC41" HREF="qemu-doc.html#SEC41">9. Compilation from the sources</A>
<UL>
<LI><A NAME="TOC42" HREF="qemu-doc.html#SEC42">9.1 Linux/Unix</A>
<UL>
<LI><A NAME="TOC43" HREF="qemu-doc.html#SEC43">9.1.1 Compilation</A>
<LI><A NAME="TOC44" HREF="qemu-doc.html#SEC44">9.1.2 Tested tool versions</A>
</UL>
<LI><A NAME="TOC45" HREF="qemu-doc.html#SEC45">9.2 Windows</A>
<LI><A NAME="TOC46" HREF="qemu-doc.html#SEC46">9.3 Cross compilation for Windows with Linux</A>
<LI><A NAME="TOC47" HREF="qemu-doc.html#SEC47">9.4 Mac OS X</A>
</UL>
</UL>
<P><HR><P>

<P>
QEMU CPU Emulator User Documentation




<H1><A NAME="SEC1" HREF="qemu-doc.html#TOC1">1. Introduction</A></H1>



<H2><A NAME="SEC2" HREF="qemu-doc.html#TOC2">1.1 Features</A></H2>

<P>
QEMU is a FAST! processor emulator using dynamic translation to
achieve good emulation speed.


<P>
QEMU has two operating modes:



<UL>

<LI>

Full system emulation. In this mode, QEMU emulates a full system (for
example a PC), including a processor and various peripherals. It can
be used to launch different Operating Systems without rebooting the
PC or to debug system code.

<LI>

User mode emulation (Linux host only). In this mode, QEMU can launch
Linux processes compiled for one CPU on another CPU. It can be used to
launch the Wine Windows API emulator (<A HREF="http://www.winehq.org">http://www.winehq.org</A>) or
to ease cross-compilation and cross-debugging.

</UL>

<P>
QEMU can run without an host kernel driver and yet gives acceptable
performance. 


<P>
For system emulation, the following hardware targets are supported:

<UL>
<LI>PC (x86 or x86_64 processor)

<LI>PREP (PowerPC processor)

<LI>G3 BW PowerMac (PowerPC processor)

<LI>Mac99 PowerMac (PowerPC processor, in progress)

<LI>Sun4m (32-bit Sparc processor)

<LI>Sun4u (64-bit Sparc processor, in progress)

<LI>Malta board (32-bit MIPS processor, in progress)

</UL>

<P>
For user emulation, x86, PowerPC, ARM, and Sparc32/64 CPUs are supported.




<H1><A NAME="SEC3" HREF="qemu-doc.html#TOC3">2. Installation</A></H1>

<P>
If you want to compile QEMU yourself, see section <A HREF="qemu-doc.html#SEC41">9. Compilation from the sources</A>.




<H2><A NAME="SEC4" HREF="qemu-doc.html#TOC4">2.1 Linux</A></H2>

<P>
If a precompiled package is available for your distribution - you just
have to install it. Otherwise, see section <A HREF="qemu-doc.html#SEC41">9. Compilation from the sources</A>.




<H2><A NAME="SEC5" HREF="qemu-doc.html#TOC5">2.2 Windows</A></H2>

<P>
Download the experimental binary installer at
<A HREF="http://www.freeoszoo.org/download.php">http://www.freeoszoo.org/download.php</A>.




<H2><A NAME="SEC6" HREF="qemu-doc.html#TOC6">2.3 Mac OS X</A></H2>

<P>
Download the experimental binary installer at
<A HREF="http://www.freeoszoo.org/download.php">http://www.freeoszoo.org/download.php</A>.




<H1><A NAME="SEC7" HREF="qemu-doc.html#TOC7">3. QEMU PC System emulator invocation</A></H1>



<H2><A NAME="SEC8" HREF="qemu-doc.html#TOC8">3.1 Introduction</A></H2>

<P>
The QEMU System emulator simulates the
following PC peripherals:



<UL>
<LI>

i440FX host PCI bridge and PIIX3 PCI to ISA bridge
<LI>

Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
extensions (hardware level, including all non standard modes).
<LI>

PS/2 mouse and keyboard
<LI>

2 PCI IDE interfaces with hard disk and CD-ROM support
<LI>

Floppy disk
<LI>

NE2000 PCI network adapters
<LI>

Serial ports
<LI>

Soundblaster 16 card
</UL>

<P>
QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL
VGA BIOS.




<H2><A NAME="SEC9" HREF="qemu-doc.html#TOC9">3.2 Quick Start</A></H2>

<P>
Download and uncompress the linux image (<TT>`linux.img'</TT>) and type:



<PRE>
qemu linux.img
</PRE>

<P>
Linux should boot and give you a prompt.




<H2><A NAME="SEC10" HREF="qemu-doc.html#TOC10">3.3 Invocation</A></H2>


<PRE>
usage: qemu [options] [disk_image]
</PRE>

<P>
<VAR>disk_image</VAR> is a raw hard disk image for IDE hard disk 0.


<P>
General options:
<DL COMPACT>

<DT><SAMP>`-fda file'</SAMP>
<DD>
<DT><SAMP>`-fdb file'</SAMP>
<DD>
Use <VAR>file</VAR> as floppy disk 0/1 image (See section <A HREF="qemu-doc.html#SEC15">3.6 Disk Images</A>). You can
use the host floppy by using <TT>`/dev/fd0'</TT> as filename.

<DT><SAMP>`-hda file'</SAMP>
<DD>
<DT><SAMP>`-hdb file'</SAMP>
<DD>
<DT><SAMP>`-hdc file'</SAMP>
<DD>
<DT><SAMP>`-hdd file'</SAMP>
<DD>
Use <VAR>file</VAR> as hard disk 0, 1, 2 or 3 image (See section <A HREF="qemu-doc.html#SEC15">3.6 Disk Images</A>).

<DT><SAMP>`-cdrom file'</SAMP>
<DD>
Use <VAR>file</VAR> as CD-ROM image (you cannot use <SAMP>`-hdc'</SAMP> and and
<SAMP>`-cdrom'</SAMP> at the same time). You can use the host CD-ROM by
using <TT>`/dev/cdrom'</TT> as filename.

<DT><SAMP>`-boot [a|c|d]'</SAMP>
<DD>
Boot on floppy (a), hard disk (c) or CD-ROM (d). Hard disk boot is
the default.

<DT><SAMP>`-snapshot'</SAMP>
<DD>
Write to temporary files instead of disk image files. In this case,
the raw disk image you use is not written back. You can however force
the write back by pressing <KBD>C-a s</KBD> (See section <A HREF="qemu-doc.html#SEC15">3.6 Disk Images</A>). 

<DT><SAMP>`-m megs'</SAMP>
<DD>
Set virtual RAM size to <VAR>megs</VAR> megabytes. Default is 128 MB.

<DT><SAMP>`-nographic'</SAMP>
<DD>
Normally, QEMU uses SDL to display the VGA output. With this option,
you can totally disable graphical output so that QEMU is a simple
command line application. The emulated serial port is redirected on
the console. Therefore, you can still use QEMU to debug a Linux kernel
with a serial console.

<DT><SAMP>`-k language'</SAMP>
<DD>
Use keyboard layout <VAR>language</VAR> (for example <CODE>fr</CODE> for
French). This option is only needed where it is not easy to get raw PC
keycodes (e.g. on Macs or with some X11 servers). You don't need to
use it on PC/Linux or PC/Windows hosts.

The available layouts are:

<PRE>
ar  de-ch  es  fo     fr-ca  hu  ja  mk     no  pt-br  sv
da  en-gb  et  fr     fr-ch  is  lt  nl     pl  ru     th
de  en-us  fi  fr-be  hr     it  lv  nl-be  pt  sl     tr
</PRE>

The default is <CODE>en-us</CODE>.

<DT><SAMP>`-enable-audio'</SAMP>
<DD>
The SB16 emulation is disabled by default as it may give problems with
Windows. You can enable it manually with this option.

<DT><SAMP>`-localtime'</SAMP>
<DD>
Set the real time clock to local time (the default is to UTC
time). This option is needed to have correct date in MS-DOS or
Windows.

<DT><SAMP>`-full-screen'</SAMP>
<DD>
Start in full screen.

<DT><SAMP>`-pidfile file'</SAMP>
<DD>
Store the QEMU process PID in <VAR>file</VAR>. It is useful if you launch QEMU
from a script.

<DT><SAMP>`-win2k-hack'</SAMP>
<DD>
Use it when installing Windows 2000 to avoid a disk full bug. After
Windows 2000 is installed, you no longer need this option (this option
slows down the IDE transfers).

</DL>

<P>
Network options:


<DL COMPACT>

<DT><SAMP>`-n script'</SAMP>
<DD>
Set TUN/TAP network init script [default=/etc/qemu-ifup]. This script
is launched to configure the host network interface (usually tun0)
corresponding to the virtual NE2000 card.

<DT><SAMP>`-nics n'</SAMP>
<DD>
Simulate <VAR>n</VAR> network cards (the default is 1).

<DT><SAMP>`-macaddr addr'</SAMP>
<DD>
Set the mac address of the first interface (the format is
aa:bb:cc:dd:ee:ff in hexa). The mac address is incremented for each
new network interface.

<DT><SAMP>`-tun-fd fd'</SAMP>
<DD>
Assumes <VAR>fd</VAR> talks to a tap/tun host network interface and use
it. Read <A HREF="http://bellard.org/qemu/tetrinet.html">http://bellard.org/qemu/tetrinet.html</A> to have an
example of its use.

<DT><SAMP>`-user-net'</SAMP>
<DD>
Use the user mode network stack. This is the default if no tun/tap
network init script is found.

<DT><SAMP>`-tftp prefix'</SAMP>
<DD>
When using the user mode network stack, activate a built-in TFTP
server. All filenames beginning with <VAR>prefix</VAR> can be downloaded
from the host to the guest using a TFTP client. The TFTP client on the
guest must be configured in binary mode (use the command <CODE>bin</CODE> of
the Unix TFTP client). The host IP address on the guest is as usual
10.0.2.2.

<DT><SAMP>`-smb dir'</SAMP>
<DD>
When using the user mode network stack, activate a built-in SMB
server so that Windows OSes can access to the host files in <TT>`dir'</TT>
transparently.

In the guest Windows OS, the line:

<PRE>
10.0.2.4 smbserver
</PRE>

must be added in the file <TT>`C:\WINDOWS\LMHOSTS'</TT> (for windows 9x/Me)
or <TT>`C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS'</TT> (Windows NT/2000).

Then <TT>`dir'</TT> can be accessed in <TT>`\\smbserver\qemu'</TT>.

Note that a SAMBA server must be installed on the host OS in
<TT>`/usr/sbin/smbd'</TT>. QEMU was tested succesfully with smbd version
2.2.7a from the Red Hat 9.

<DT><SAMP>`-redir [tcp|udp]:host-port:[guest-host]:guest-port'</SAMP>
<DD>
When using the user mode network stack, redirect incoming TCP or UDP
connections to the host port <VAR>host-port</VAR> to the guest
<VAR>guest-host</VAR> on guest port <VAR>guest-port</VAR>. If <VAR>guest-host</VAR>
is not specified, its value is 10.0.2.15 (default address given by the
built-in DHCP server).

For example, to redirect host X11 connection from screen 1 to guest
screen 0, use the following:


<PRE>
# on the host
qemu -redir tcp:6001::6000 [...]
# this host xterm should open in the guest X11 server
xterm -display :1
</PRE>

To redirect telnet connections from host port 5555 to telnet port on
the guest, use the following:


<PRE>
# on the host
qemu -redir tcp:5555::23 [...]
telnet localhost 5555
</PRE>

Then when you use on the host <CODE>telnet localhost 5555</CODE>, you
connect to the guest telnet server.

<DT><SAMP>`-dummy-net'</SAMP>
<DD>
Use the dummy network stack: no packet will be received by the network
cards.

</DL>

<P>
Linux boot specific. When using this options, you can use a given
Linux kernel without installing it in the disk image. It can be useful
for easier testing of various kernels.


<DL COMPACT>

<DT><SAMP>`-kernel bzImage'</SAMP>
<DD>
Use <VAR>bzImage</VAR> as kernel image.

<DT><SAMP>`-append cmdline'</SAMP>
<DD>
Use <VAR>cmdline</VAR> as kernel command line

<DT><SAMP>`-initrd file'</SAMP>
<DD>
Use <VAR>file</VAR> as initial ram disk.

</DL>

<P>
Debug/Expert options:
<DL COMPACT>

<DT><SAMP>`-serial dev'</SAMP>
<DD>
Redirect the virtual serial port to host device <VAR>dev</VAR>. Available
devices are:
<DL COMPACT>

<DT><CODE>vc</CODE>
<DD>
Virtual console
<DT><CODE>pty</CODE>
<DD>
[Linux only] Pseudo TTY (a new PTY is automatically allocated)
<DT><CODE>null</CODE>
<DD>
void device
<DT><CODE>stdio</CODE>
<DD>
[Unix only] standard input/output
</DL>
The default device is <CODE>vc</CODE> in graphical mode and <CODE>stdio</CODE> in
non graphical mode.

This option can be used several times to simulate up to 4 serials
ports.

<DT><SAMP>`-monitor dev'</SAMP>
<DD>
Redirect the monitor to host device <VAR>dev</VAR> (same devices as the
serial port).
The default device is <CODE>vc</CODE> in graphical mode and <CODE>stdio</CODE> in
non graphical mode.

<DT><SAMP>`-s'</SAMP>
<DD>
Wait gdb connection to port 1234 (See section <A HREF="qemu-doc.html#SEC23">3.9 GDB usage</A>). 
<DT><SAMP>`-p port'</SAMP>
<DD>
Change gdb connection port.
<DT><SAMP>`-S'</SAMP>
<DD>
Do not start CPU at startup (you must type 'c' in the monitor).
<DT><SAMP>`-d'</SAMP>
<DD>
Output log in /tmp/qemu.log
<DT><SAMP>`-hdachs c,h,s,[,t]'</SAMP>
<DD>
Force hard disk 0 physical geometry (1 &#60;= <VAR>c</VAR> &#60;= 16383, 1 &#60;=
<VAR>h</VAR> &#60;= 16, 1 &#60;= <VAR>s</VAR> &#60;= 63) and optionally force the BIOS
translation mode (<VAR>t</VAR>=none, lba or auto). Usually QEMU can guess
all thoses parameters. This option is useful for old MS-DOS disk
images.

<DT><SAMP>`-isa'</SAMP>
<DD>
Simulate an ISA-only system (default is PCI system).
<DT><SAMP>`-std-vga'</SAMP>
<DD>
Simulate a standard VGA card with Bochs VBE extensions (default is
Cirrus Logic GD5446 PCI VGA)
<DT><SAMP>`-loadvm file'</SAMP>
<DD>
Start right away with a saved state (<CODE>loadvm</CODE> in monitor)
</DL>



<H2><A NAME="SEC11" HREF="qemu-doc.html#TOC11">3.4 Keys</A></H2>

<P>
During the graphical emulation, you can use the following keys:
<DL COMPACT>

<DT><KBD>Ctrl-Alt-f</KBD>
<DD>
Toggle full screen

<DT><KBD>Ctrl-Alt-n</KBD>
<DD>
Switch to virtual console 'n'. Standard console mappings are:
<DL COMPACT>

<DT><EM>1</EM>
<DD>
Target system display
<DT><EM>2</EM>
<DD>
Monitor
<DT><EM>3</EM>
<DD>
Serial port
</DL>

<DT><KBD>Ctrl-Alt</KBD>
<DD>
Toggle mouse and keyboard grab.
</DL>

<P>
In the virtual consoles, you can use <KBD>Ctrl-Up</KBD>, <KBD>Ctrl-Down</KBD>,
<KBD>Ctrl-PageUp</KBD> and <KBD>Ctrl-PageDown</KBD> to move in the back log.


<P>
During emulation, if you are using the <SAMP>`-nographic'</SAMP> option, use
<KBD>Ctrl-a h</KBD> to get terminal commands:


<DL COMPACT>

<DT><KBD>Ctrl-a h</KBD>
<DD>
Print this help
<DT><KBD>Ctrl-a x</KBD>
<DD>
Exit emulatior
<DT><KBD>Ctrl-a s</KBD>
<DD>
Save disk data back to file (if -snapshot)
<DT><KBD>Ctrl-a b</KBD>
<DD>
Send break (magic sysrq in Linux)
<DT><KBD>Ctrl-a c</KBD>
<DD>
Switch between console and monitor
<DT><KBD>Ctrl-a Ctrl-a</KBD>
<DD>
Send Ctrl-a
</DL>



<H2><A NAME="SEC12" HREF="qemu-doc.html#TOC12">3.5 QEMU Monitor</A></H2>

<P>
The QEMU monitor is used to give complex commands to the QEMU
emulator. You can use it to:



<UL>

<LI>

Remove or insert removable medias images
(such as CD-ROM or floppies)

<LI>

Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
from a disk file.

<LI>Inspect the VM state without an external debugger.

</UL>



<H3><A NAME="SEC13" HREF="qemu-doc.html#TOC13">3.5.1 Commands</A></H3>

<P>
The following commands are available:


<DL COMPACT>

<DT><SAMP>`help or ? [cmd]'</SAMP>
<DD>
Show the help for all commands or just for command <VAR>cmd</VAR>.

<DT><SAMP>`commit'</SAMP>
<DD>
Commit changes to the disk images (if -snapshot is used)

<DT><SAMP>`info subcommand'</SAMP>
<DD>
show various information about the system state

<DL COMPACT>

<DT><SAMP>`info network'</SAMP>
<DD>
show the network state
<DT><SAMP>`info block'</SAMP>
<DD>
show the block devices
<DT><SAMP>`info registers'</SAMP>
<DD>
show the cpu registers
<DT><SAMP>`info history'</SAMP>
<DD>
show the command line history
</DL>

<DT><SAMP>`q or quit'</SAMP>
<DD>
Quit the emulator.

<DT><SAMP>`eject [-f] device'</SAMP>
<DD>
Eject a removable media (use -f to force it).

<DT><SAMP>`change device filename'</SAMP>
<DD>
Change a removable media.

<DT><SAMP>`screendump filename'</SAMP>
<DD>
Save screen into PPM image <VAR>filename</VAR>.

<DT><SAMP>`log item1[,...]'</SAMP>
<DD>
Activate logging of the specified items to <TT>`/tmp/qemu.log'</TT>.

<DT><SAMP>`savevm filename'</SAMP>
<DD>
Save the whole virtual machine state to <VAR>filename</VAR>.

<DT><SAMP>`loadvm filename'</SAMP>
<DD>
Restore the whole virtual machine state from <VAR>filename</VAR>.

<DT><SAMP>`stop'</SAMP>
<DD>
Stop emulation.

<DT><SAMP>`c or cont'</SAMP>
<DD>
Resume emulation.

<DT><SAMP>`gdbserver [port]'</SAMP>
<DD>
Start gdbserver session (default port=1234)

<DT><SAMP>`x/fmt addr'</SAMP>
<DD>
Virtual memory dump starting at <VAR>addr</VAR>.

<DT><SAMP>`xp /fmt addr'</SAMP>
<DD>
Physical memory dump starting at <VAR>addr</VAR>.

<VAR>fmt</VAR> is a format which tells the command how to format the
data. Its syntax is: <SAMP>`/{count}{format}{size}'</SAMP>

<DL COMPACT>

<DT><VAR>count</VAR>
<DD>
is the number of items to be dumped.

<DT><VAR>format</VAR>
<DD>
can be x (hexa), d (signed decimal), u (unsigned decimal), o (octal),
c (char) or i (asm instruction).

<DT><VAR>size</VAR>
<DD>
can be b (8 bits), h (16 bits), w (32 bits) or g (64 bits). On x86,
<CODE>h</CODE> or <CODE>w</CODE> can be specified with the <CODE>i</CODE> format to
respectively select 16 or 32 bit code instruction size.

</DL>

Examples: 

<UL>
<LI>

Dump 10 instructions at the current instruction pointer:

<PRE>
(qemu) x/10i $eip
0x90107063:  ret
0x90107064:  sti
0x90107065:  lea    0x0(%esi,1),%esi
0x90107069:  lea    0x0(%edi,1),%edi
0x90107070:  ret
0x90107071:  jmp    0x90107080
0x90107073:  nop
0x90107074:  nop
0x90107075:  nop
0x90107076:  nop
</PRE>

<LI>

Dump 80 16 bit values at the start of the video memory.

<PRE>
(qemu) xp/80hx 0xb8000
0x000b8000: 0x0b50 0x0b6c 0x0b65 0x0b78 0x0b38 0x0b36 0x0b2f 0x0b42
0x000b8010: 0x0b6f 0x0b63 0x0b68 0x0b73 0x0b20 0x0b56 0x0b47 0x0b41
0x000b8020: 0x0b42 0x0b69 0x0b6f 0x0b73 0x0b20 0x0b63 0x0b75 0x0b72
0x000b8030: 0x0b72 0x0b65 0x0b6e 0x0b74 0x0b2d 0x0b63 0x0b76 0x0b73
0x000b8040: 0x0b20 0x0b30 0x0b35 0x0b20 0x0b4e 0x0b6f 0x0b76 0x0b20
0x000b8050: 0x0b32 0x0b30 0x0b30 0x0b33 0x0720 0x0720 0x0720 0x0720
0x000b8060: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
0x000b8070: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
0x000b8080: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
0x000b8090: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
</PRE>

</UL>

<DT><SAMP>`p or print/fmt expr'</SAMP>
<DD>
Print expression value. Only the <VAR>format</VAR> part of <VAR>fmt</VAR> is
used.

<DT><SAMP>`sendkey keys'</SAMP>
<DD>
Send <VAR>keys</VAR> to the emulator. Use <CODE>-</CODE> to press several keys
simultaneously. Example:

<PRE>
sendkey ctrl-alt-f1
</PRE>

This command is useful to send keys that your graphical user interface
intercepts at low level, such as <CODE>ctrl-alt-f1</CODE> in X Window.

<DT><SAMP>`system_reset'</SAMP>
<DD>
Reset the system.

</DL>



<H3><A NAME="SEC14" HREF="qemu-doc.html#TOC14">3.5.2 Integer expressions</A></H3>

<P>
The monitor understands integers expressions for every integer
argument. You can use register names to get the value of specifics
CPU registers by prefixing them with <EM>$</EM>.




<H2><A NAME="SEC15" HREF="qemu-doc.html#TOC15">3.6 Disk Images</A></H2>

<P>
Since version 0.6.1, QEMU supports many disk image formats, including
growable disk images (their size increase as non empty sectors are
written), compressed and encrypted disk images.




<H3><A NAME="SEC16" HREF="qemu-doc.html#TOC16">3.6.1 Quick start for disk image creation</A></H3>

<P>
You can create a disk image with the command:

<PRE>
qemu-img create myimage.img mysize
</PRE>

<P>
where <VAR>myimage.img</VAR> is the disk image filename and <VAR>mysize</VAR> is its
size in kilobytes. You can add an <CODE>M</CODE> suffix to give the size in
megabytes and a <CODE>G</CODE> suffix for gigabytes.


<P>
See section <A HREF="qemu-doc.html#SEC18">3.6.3 <CODE>qemu-img</CODE> Invocation</A> for more information.




<H3><A NAME="SEC17" HREF="qemu-doc.html#TOC17">3.6.2 Snapshot mode</A></H3>

<P>
If you use the option <SAMP>`-snapshot'</SAMP>, all disk images are
considered as read only. When sectors in written, they are written in
a temporary file created in <TT>`/tmp'</TT>. You can however force the
write back to the raw disk images by using the <CODE>commit</CODE> monitor
command (or <KBD>C-a s</KBD> in the serial console).




<H3><A NAME="SEC18" HREF="qemu-doc.html#TOC18">3.6.3 <CODE>qemu-img</CODE> Invocation</A></H3>


<PRE>
usage: qemu-img command [command options]
</PRE>

<P>
The following commands are supported:
<DL COMPACT>

<DT><SAMP>`create [-e] [-b <VAR>base_image</VAR>] [-f <VAR>fmt</VAR>] <VAR>filename</VAR> [<VAR>size</VAR>]'</SAMP>
<DD>
<DT><SAMP>`commit [-f <VAR>fmt</VAR>] <VAR>filename</VAR>'</SAMP>
<DD>
<DT><SAMP>`convert [-c] [-e] [-f <VAR>fmt</VAR>] <VAR>filename</VAR> [-O <VAR>output_fmt</VAR>] <VAR>output_filename</VAR>'</SAMP>
<DD>
<DT><SAMP>`info [-f <VAR>fmt</VAR>] <VAR>filename</VAR>'</SAMP>
<DD>
</DL>

<P>
Command parameters:
<DL COMPACT>

<DT><VAR>filename</VAR>
<DD>
 is a disk image filename
<DT><VAR>base_image</VAR>
<DD>
is the read-only disk image which is used as base for a copy on
    write image; the copy on write image only stores the modified data

<DT><VAR>fmt</VAR>
<DD>
is the disk image format. It is guessed automatically in most cases. The following formats are supported:

<DL COMPACT>

<DT><CODE>raw</CODE>
<DD>
Raw disk image format (default). This format has the advantage of
being simple and easily exportable to all other emulators. If your file
system supports <EM>holes</EM> (for example in ext2 or ext3 on Linux),
then only the written sectors will reserve space. Use <CODE>qemu-img
info</CODE> to know the real size used by the image or <CODE>ls -ls</CODE> on
Unix/Linux.

<DT><CODE>qcow</CODE>
<DD>
QEMU image format, the most versatile format. Use it to have smaller
images (useful if your filesystem does not supports holes, for example
on Windows), optional AES encryption and zlib based compression.
<DT><CODE>cow</CODE>
<DD>
User Mode Linux Copy On Write image format. Used to be the only growable
image format in QEMU. It is supported only for compatibility with
previous versions. It does not work on win32.
<DT><CODE>vmdk</CODE>
<DD>
VMware 3 and 4 compatible image format.
<DT><CODE>cloop</CODE>
<DD>
Linux Compressed Loop image, useful only to reuse directly compressed
CD-ROM images present for example in the Knoppix CD-ROMs.
</DL>

<DT><VAR>size</VAR>
<DD>
is the disk image size in kilobytes. Optional suffixes <CODE>M</CODE>
(megabyte) and <CODE>G</CODE> (gigabyte) are supported 

<DT><VAR>output_filename</VAR>
<DD>
is the destination disk image filename 

<DT><VAR>output_fmt</VAR>
<DD>
 is the destination format

<DT><VAR>-c</VAR>
<DD>
indicates that target image must be compressed (qcow format only)
<DT><VAR>-e</VAR>
<DD>
indicates that the target image must be encrypted (qcow format only)
</DL>

<P>
Command description:


<DL COMPACT>

<DT><SAMP>`create [-e] [-b <VAR>base_image</VAR>] [-f <VAR>fmt</VAR>] <VAR>filename</VAR> [<VAR>size</VAR>]'</SAMP>
<DD>
Create the new disk image <VAR>filename</VAR> of size <VAR>size</VAR> and format
<VAR>fmt</VAR>. 

If <VAR>base_image</VAR> is specified, then the image will record only the
differences from <VAR>base_image</VAR>. No size needs to be specified in
this case. <VAR>base_image</VAR> will never be modified unless you use the
<CODE>commit</CODE> monitor command.

<DT><SAMP>`commit [-f <VAR>fmt</VAR>] <VAR>filename</VAR>'</SAMP>
<DD>
Commit the changes recorded in <VAR>filename</VAR> in its base image.

<DT><SAMP>`convert [-c] [-e] [-f <VAR>fmt</VAR>] <VAR>filename</VAR> [-O <VAR>output_fmt</VAR>] <VAR>output_filename</VAR>'</SAMP>
<DD>
Convert the disk image <VAR>filename</VAR> to disk image <VAR>output_filename</VAR>
using format <VAR>output_fmt</VAR>. It can be optionnaly encrypted
(<CODE>-e</CODE> option) or compressed (<CODE>-c</CODE> option).

Only the format <CODE>qcow</CODE> supports encryption or compression. The
compression is read-only. It means that if a compressed sector is
rewritten, then it is rewritten as uncompressed data.

Encryption uses the AES format which is very secure (128 bit keys). Use
a long password (16 characters) to get maximum protection.

Image conversion is also useful to get smaller image when using a
growable format such as <CODE>qcow</CODE> or <CODE>cow</CODE>: the empty sectors
are detected and suppressed from the destination image.

<DT><SAMP>`info [-f <VAR>fmt</VAR>] <VAR>filename</VAR>'</SAMP>
<DD>
Give information about the disk image <VAR>filename</VAR>. Use it in
particular to know the size reserved on disk which can be different
from the displayed size.
</DL>



<H2><A NAME="SEC19" HREF="qemu-doc.html#TOC19">3.7 Network emulation</A></H2>

<P>
QEMU simulates up to 6 networks cards (NE2000 boards). Each card can
be connected to a specific host network interface.




<H3><A NAME="SEC20" HREF="qemu-doc.html#TOC20">3.7.1 Using tun/tap network interface</A></H3>

<P>
This is the standard way to emulate network. QEMU adds a virtual
network device on your host (called <CODE>tun0</CODE>), and you can then
configure it as if it was a real ethernet card.


<P>
As an example, you can download the <TT>`linux-test-xxx.tar.gz'</TT>
archive and copy the script <TT>`qemu-ifup'</TT> in <TT>`/etc'</TT> and
configure properly <CODE>sudo</CODE> so that the command <CODE>ifconfig</CODE>
contained in <TT>`qemu-ifup'</TT> can be executed as root. You must verify
that your host kernel supports the TUN/TAP network interfaces: the
device <TT>`/dev/net/tun'</TT> must be present.


<P>
See section <A HREF="qemu-doc.html#SEC22">3.8 Direct Linux Boot</A> to have an example of network use with a
Linux distribution.




<H3><A NAME="SEC21" HREF="qemu-doc.html#TOC21">3.7.2 Using the user mode network stack</A></H3>

<P>
By using the option <SAMP>`-user-net'</SAMP> or if you have no tun/tap init
script, QEMU uses a completely user mode network stack (you don't need
root priviledge to use the virtual network). The virtual network
configuration is the following:



<PRE>

QEMU Virtual Machine    &#60;------&#62;  Firewall/DHCP server &#60;-----&#62; Internet
     (10.0.2.x)            |          (10.0.2.2)
                           |
                           ----&#62;  DNS server (10.0.2.3)
                           |     
                           ----&#62;  SMB server (10.0.2.4)
</PRE>

<P>
The QEMU VM behaves as if it was behind a firewall which blocks all
incoming connections. You can use a DHCP client to automatically
configure the network in the QEMU VM.


<P>
In order to check that the user mode network is working, you can ping
the address 10.0.2.2 and verify that you got an address in the range
10.0.2.x from the QEMU virtual DHCP server.


<P>
Note that <CODE>ping</CODE> is not supported reliably to the internet as it
would require root priviledges. It means you can only ping the local
router (10.0.2.2).


<P>
When using the built-in TFTP server, the router is also the TFTP
server.


<P>
When using the <SAMP>`-redir'</SAMP> option, TCP or UDP connections can be
redirected from the host to the guest. It allows for example to
redirect X11, telnet or SSH connections.




<H2><A NAME="SEC22" HREF="qemu-doc.html#TOC22">3.8 Direct Linux Boot</A></H2>

<P>
This section explains how to launch a Linux kernel inside QEMU without
having to make a full bootable image. It is very useful for fast Linux
kernel testing. The QEMU network configuration is also explained.



<OL>
<LI>

Download the archive <TT>`linux-test-xxx.tar.gz'</TT> containing a Linux
kernel and a disk image. 

<LI>Optional: If you want network support (for example to launch X11 examples), you

must copy the script <TT>`qemu-ifup'</TT> in <TT>`/etc'</TT> and configure
properly <CODE>sudo</CODE> so that the command <CODE>ifconfig</CODE> contained in
<TT>`qemu-ifup'</TT> can be executed as root. You must verify that your host
kernel supports the TUN/TAP network interfaces: the device
<TT>`/dev/net/tun'</TT> must be present.

When network is enabled, there is a virtual network connection between
the host kernel and the emulated kernel. The emulated kernel is seen
from the host kernel at IP address 172.20.0.2 and the host kernel is
seen from the emulated kernel at IP address 172.20.0.1.

<LI>Launch <CODE>qemu.sh</CODE>. You should have the following output:


<PRE>
&#62; ./qemu.sh 
Connected to host network interface: tun0
Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
BIOS-provided physical RAM map:
 BIOS-e801: 0000000000000000 - 000000000009f000 (usable)
 BIOS-e801: 0000000000100000 - 0000000002000000 (usable)
32MB LOWMEM available.
On node 0 totalpages: 8192
zone(0): 4096 pages.
zone(1): 4096 pages.
zone(2): 0 pages.
Kernel command line: root=/dev/hda sb=0x220,5,1,5 ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe console=ttyS0
ide_setup: ide2=noprobe
ide_setup: ide3=noprobe
ide_setup: ide4=noprobe
ide_setup: ide5=noprobe
Initializing CPU#0
Detected 2399.621 MHz processor.
Console: colour EGA 80x25
Calibrating delay loop... 4744.80 BogoMIPS
Memory: 28872k/32768k available (1210k kernel code, 3508k reserved, 266k data, 64k init, 0k highmem)
Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
CPU: Intel Pentium Pro stepping 03
Checking 'hlt' instruction... OK.
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
apm: BIOS not found.
Starting kswapd
Journalled Block Device driver loaded
Detected PS/2 Mouse Port.
pty: 256 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with no serial options enabled
ttyS00 at 0x03f8 (irq = 4) is a 16450
ne.c:v1.10 9/23/94 Donald Becker (becker@scyld.com)
Last modified Nov 1, 2000 by Paul Gortmaker
NE*000 ethercard probe at 0x300: 52 54 00 12 34 56
eth0: NE2000 found at 0x300, using IRQ 9.
RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
hda: QEMU HARDDISK, ATA DISK drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
hda: attached ide-disk driver.
hda: 20480 sectors (10 MB) w/256KiB Cache, CHS=20/16/63
Partition check:
 hda:
Soundblaster audio driver Copyright (C) by Hannu Savolainen 1993-1996
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP, IGMP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 2048 bind 4096)
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
VFS: Mounted root (ext2 filesystem).
Freeing unused kernel memory: 64k freed
 
Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
 
QEMU Linux test distribution (based on Redhat 9)
 
Type 'exit' to halt the system
 
sh-2.05b# 
</PRE>

<LI>

Then you can play with the kernel inside the virtual serial console. You
can launch <CODE>ls</CODE> for example. Type <KBD>Ctrl-a h</KBD> to have an help
about the keys you can type inside the virtual serial console. In
particular, use <KBD>Ctrl-a x</KBD> to exit QEMU and use <KBD>Ctrl-a b</KBD> as
the Magic SysRq key.

<LI>

If the network is enabled, launch the script <TT>`/etc/linuxrc'</TT> in the
emulator (don't forget the leading dot):

<PRE>
. /etc/linuxrc
</PRE>

Then enable X11 connections on your PC from the emulated Linux: 

<PRE>
xhost +172.20.0.2
</PRE>

You can now launch <TT>`xterm'</TT> or <TT>`xlogo'</TT> and verify that you have
a real Virtual Linux system !

</OL>

<P>
NOTES:

<OL>
<LI>

A 2.5.74 kernel is also included in the archive. Just
replace the bzImage in qemu.sh to try it.

<LI>

In order to exit cleanly from qemu, you can do a <EM>shutdown</EM> inside
qemu. qemu will automatically exit when the Linux shutdown is done.

<LI>

You can boot slightly faster by disabling the probe of non present IDE
interfaces. To do so, add the following options on the kernel command
line:

<PRE>
ide1=noprobe ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe
</PRE>

<LI>

The example disk image is a modified version of the one made by Kevin
Lawton for the plex86 Project (<A HREF="www.plex86.org">www.plex86.org</A>).

</OL>



<H2><A NAME="SEC23" HREF="qemu-doc.html#TOC23">3.9 GDB usage</A></H2>

<P>
QEMU has a primitive support to work with gdb, so that you can do
'Ctrl-C' while the virtual machine is running and inspect its state.


<P>
In order to use gdb, launch qemu with the '-s' option. It will wait for a
gdb connection:

<PRE>
&#62; qemu -s -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda"
Connected to host network interface: tun0
Waiting gdb connection on port 1234
</PRE>

<P>
Then launch gdb on the 'vmlinux' executable:

<PRE>
&#62; gdb vmlinux
</PRE>

<P>
In gdb, connect to QEMU:

<PRE>
(gdb) target remote localhost:1234
</PRE>

<P>
Then you can use gdb normally. For example, type 'c' to launch the kernel:

<PRE>
(gdb) c
</PRE>

<P>
Here are some useful tips in order to use gdb on system code:



<OL>
<LI>

Use <CODE>info reg</CODE> to display all the CPU registers.
<LI>

Use <CODE>x/10i $eip</CODE> to display the code at the PC position.
<LI>

Use <CODE>set architecture i8086</CODE> to dump 16 bit code. Then use
<CODE>x/10i $cs*16+*eip</CODE> to dump the code at the PC position.
</OL>



<H2><A NAME="SEC24" HREF="qemu-doc.html#TOC24">3.10 Target OS specific information</A></H2>



<H3><A NAME="SEC25" HREF="qemu-doc.html#TOC25">3.10.1 Linux</A></H3>

<P>
To have access to SVGA graphic modes under X11, use the <CODE>vesa</CODE> or
the <CODE>cirrus</CODE> X11 driver. For optimal performances, use 16 bit
color depth in the guest and the host OS.


<P>
When using a 2.6 guest Linux kernel, you should add the option
<CODE>clock=pit</CODE> on the kernel command line because the 2.6 Linux
kernels make very strict real time clock checks by default that QEMU
cannot simulate exactly.


<P>
When using a 2.6 guest Linux kernel, verify that the 4G/4G patch is
not activated because QEMU is slower with this patch. The QEMU
Accelerator Module is also much slower in this case. Earlier Fedora
Core 3 Linux kernel (&#60; 2.6.9-1.724_FC3) were known to incorporte this
patch by default. Newer kernels don't have it.




<H3><A NAME="SEC26" HREF="qemu-doc.html#TOC26">3.10.2 Windows</A></H3>

<P>
If you have a slow host, using Windows 95 is better as it gives the
best speed. Windows 2000 is also a good choice.




<H4><A NAME="SEC27" HREF="qemu-doc.html#TOC27">3.10.2.1 SVGA graphic modes support</A></H4>

<P>
QEMU emulates a Cirrus Logic GD5446 Video
card. All Windows versions starting from Windows 95 should recognize
and use this graphic card. For optimal performances, use 16 bit color
depth in the guest and the host OS.




<H4><A NAME="SEC28" HREF="qemu-doc.html#TOC28">3.10.2.2 CPU usage reduction</A></H4>

<P>
Windows 9x does not correctly use the CPU HLT
instruction. The result is that it takes host CPU cycles even when
idle. You can install the utility from
<A HREF="http://www.user.cityline.ru/~maxamn/amnhltm.zip">http://www.user.cityline.ru/~maxamn/amnhltm.zip</A> to solve this
problem. Note that no such tool is needed for NT, 2000 or XP.




<H4><A NAME="SEC29" HREF="qemu-doc.html#TOC29">3.10.2.3 Windows 2000 disk full problem</A></H4>

<P>
Windows 2000 has a bug which gives a disk full problem during its
installation. When installing it, use the <SAMP>`-win2k-hack'</SAMP> QEMU
option to enable a specific workaround. After Windows 2000 is
installed, you no longer need this option (this option slows down the
IDE transfers).




<H4><A NAME="SEC30" HREF="qemu-doc.html#TOC30">3.10.2.4 Windows XP security problems</A></H4>

<P>
Some releases of Windows XP install correctly but give a security
error when booting:

<PRE>
A problem is preventing Windows from accurately checking the
license for this computer. Error code: 0x800703e6.
</PRE>

<P>
The only known workaround is to boot in Safe mode
without networking support. 


<P>
Future QEMU releases are likely to correct this bug.




<H3><A NAME="SEC31" HREF="qemu-doc.html#TOC31">3.10.3 MS-DOS and FreeDOS</A></H3>



<H4><A NAME="SEC32" HREF="qemu-doc.html#TOC32">3.10.3.1 CPU usage reduction</A></H4>

<P>
DOS does not correctly use the CPU HLT instruction. The result is that
it takes host CPU cycles even when idle. You can install the utility
from <A HREF="http://www.vmware.com/software/dosidle210.zip">http://www.vmware.com/software/dosidle210.zip</A> to solve this
problem.




<H1><A NAME="SEC33" HREF="qemu-doc.html#TOC33">4. QEMU PowerPC System emulator invocation</A></H1>

<P>
Use the executable <TT>`qemu-system-ppc'</TT> to simulate a complete PREP
or PowerMac PowerPC system.


<P>
QEMU emulates the following PowerMac peripherals:



<UL>
<LI>

UniNorth PCI Bridge 
<LI>

PCI VGA compatible card with VESA Bochs Extensions
<LI>

2 PMAC IDE interfaces with hard disk and CD-ROM support
<LI>

NE2000 PCI adapters
<LI>

Non Volatile RAM
<LI>

VIA-CUDA with ADB keyboard and mouse.
</UL>

<P>
QEMU emulates the following PREP peripherals:



<UL>
<LI>

PCI Bridge
<LI>

PCI VGA compatible card with VESA Bochs Extensions
<LI>

2 IDE interfaces with hard disk and CD-ROM support
<LI>

Floppy disk
<LI>

NE2000 network adapters
<LI>

Serial port
<LI>

PREP Non Volatile RAM
<LI>

PC compatible keyboard and mouse.
</UL>

<P>
QEMU uses the Open Hack'Ware Open Firmware Compatible BIOS available at
<A HREF="http://site.voila.fr/jmayer/OpenHackWare/index.htm">http://site.voila.fr/jmayer/OpenHackWare/index.htm</A>.


<P>
You can read the qemu PC system emulation chapter to have more
informations about QEMU usage.


<P>
The following options are specific to the PowerPC emulation:


<DL COMPACT>

<DT><SAMP>`-prep'</SAMP>
<DD>
Simulate a PREP system (default is PowerMAC)

<DT><SAMP>`-g WxH[xDEPTH]'</SAMP>
<DD>
Set the initial VGA graphic mode. The default is 800x600x15.

</DL>

<P>
More information is available at
<A HREF="http://jocelyn.mayer.free.fr/qemu-ppc/">http://jocelyn.mayer.free.fr/qemu-ppc/</A>.




<H1><A NAME="SEC34" HREF="qemu-doc.html#TOC34">5. Sparc32 System emulator invocation</A></H1>

<P>
Use the executable <TT>`qemu-system-sparc'</TT> to simulate a JavaStation
(sun4m architecture). The emulation is somewhat complete.


<P>
QEMU emulates the following sun4m peripherals:



<UL>
<LI>

IOMMU
<LI>

TCX Frame buffer
<LI>

Lance (Am7990) Ethernet
<LI>

Non Volatile RAM M48T08
<LI>

Slave I/O: timers, interrupt controllers, Zilog serial ports, keyboard
and power/reset logic
<LI>

ESP SCSI controller with hard disk and CD-ROM support
<LI>

Floppy drive
</UL>

<P>
The number of peripherals is fixed in the architecture.


<P>
QEMU uses the Proll, a PROM replacement available at
<A HREF="http://people.redhat.com/zaitcev/linux/">http://people.redhat.com/zaitcev/linux/</A>. The required
QEMU-specific patches are included with the sources.


<P>
A sample Linux 2.6 series kernel and ram disk image are available on
the QEMU web site. Please note that currently neither Linux 2.4
series, NetBSD, nor OpenBSD kernels work.


<P>
The following options are specific to the Sparc emulation:


<DL COMPACT>

<DT><SAMP>`-g WxH'</SAMP>
<DD>
Set the initial TCX graphic mode. The default is 1024x768.

</DL>



<H1><A NAME="SEC35" HREF="qemu-doc.html#TOC35">6. Sparc64 System emulator invocation</A></H1>

<P>
Use the executable <TT>`qemu-system-sparc64'</TT> to simulate a Sun4u machine.
The emulator is not usable for anything yet.


<P>
QEMU emulates the following sun4u peripherals:



<UL>
<LI>

UltraSparc IIi APB PCI Bridge 
<LI>

PCI VGA compatible card with VESA Bochs Extensions
<LI>

Non Volatile RAM M48T59
<LI>

PC-compatible serial ports
</UL>



<H1><A NAME="SEC36" HREF="qemu-doc.html#TOC36">7. MIPS System emulator invocation</A></H1>

<P>
Use the executable <TT>`qemu-system-mips'</TT> to simulate a MIPS machine.
The emulator begins to launch a Linux kernel.




<H1><A NAME="SEC37" HREF="qemu-doc.html#TOC37">8. QEMU User space emulator invocation</A></H1>



<H2><A NAME="SEC38" HREF="qemu-doc.html#TOC38">8.1 Quick Start</A></H2>

<P>
In order to launch a Linux process, QEMU needs the process executable
itself and all the target (x86) dynamic libraries used by it. 



<UL>

<LI>On x86, you can just try to launch any process by using the native

libraries:


<PRE>
qemu-i386 -L / /bin/ls
</PRE>

<CODE>-L /</CODE> tells that the x86 dynamic linker must be searched with a
<TT>`/'</TT> prefix.

<LI>Since QEMU is also a linux process, you can launch qemu with qemu (NOTE: you can only do that if you compiled QEMU from the sources):


<PRE>
qemu-i386 -L / qemu-i386 -L / /bin/ls
</PRE>

<LI>On non x86 CPUs, you need first to download at least an x86 glibc

(<TT>`qemu-runtime-i386-XXX-.tar.gz'</TT> on the QEMU web page). Ensure that
<CODE>LD_LIBRARY_PATH</CODE> is not set:


<PRE>
unset LD_LIBRARY_PATH 
</PRE>

Then you can launch the precompiled <TT>`ls'</TT> x86 executable:


<PRE>
qemu-i386 tests/i386/ls
</PRE>

You can look at <TT>`qemu-binfmt-conf.sh'</TT> so that
QEMU is automatically launched by the Linux kernel when you try to
launch x86 executables. It requires the <CODE>binfmt_misc</CODE> module in the
Linux kernel.

<LI>The x86 version of QEMU is also included. You can try weird things such as:


<PRE>
qemu-i386 /usr/local/qemu-i386/bin/qemu-i386 /usr/local/qemu-i386/bin/ls-i386
</PRE>

</UL>



<H2><A NAME="SEC39" HREF="qemu-doc.html#TOC39">8.2 Wine launch</A></H2>


<UL>

<LI>Ensure that you have a working QEMU with the x86 glibc

distribution (see previous section). In order to verify it, you must be
able to do:


<PRE>
qemu-i386 /usr/local/qemu-i386/bin/ls-i386
</PRE>

<LI>Download the binary x86 Wine install

(<TT>`qemu-XXX-i386-wine.tar.gz'</TT> on the QEMU web page). 

<LI>Configure Wine on your account. Look at the provided script

<TT>`/usr/local/qemu-i386/bin/wine-conf.sh'</TT>. Your previous
<CODE>${HOME}/.wine</CODE> directory is saved to <CODE>${HOME}/.wine.org</CODE>.

<LI>Then you can try the example <TT>`putty.exe'</TT>:


<PRE>
qemu-i386 /usr/local/qemu-i386/wine/bin/wine /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
</PRE>

</UL>



<H2><A NAME="SEC40" HREF="qemu-doc.html#TOC40">8.3 Command line options</A></H2>


<PRE>
usage: qemu-i386 [-h] [-d] [-L path] [-s size] program [arguments...]
</PRE>

<DL COMPACT>

<DT><SAMP>`-h'</SAMP>
<DD>
Print the help
<DT><SAMP>`-L path'</SAMP>
<DD>
Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
<DT><SAMP>`-s size'</SAMP>
<DD>
Set the x86 stack size in bytes (default=524288)
</DL>

<P>
Debug options:


<DL COMPACT>

<DT><SAMP>`-d'</SAMP>
<DD>
Activate log (logfile=/tmp/qemu.log)
<DT><SAMP>`-p pagesize'</SAMP>
<DD>
Act as if the host page size was 'pagesize' bytes
</DL>



<H1><A NAME="SEC41" HREF="qemu-doc.html#TOC41">9. Compilation from the sources</A></H1>



<H2><A NAME="SEC42" HREF="qemu-doc.html#TOC42">9.1 Linux/Unix</A></H2>



<H3><A NAME="SEC43" HREF="qemu-doc.html#TOC43">9.1.1 Compilation</A></H3>

<P>
First you must decompress the sources:

<PRE>
cd /tmp
tar zxvf qemu-x.y.z.tar.gz
cd qemu-x.y.z
</PRE>

<P>
Then you configure QEMU and build it (usually no options are needed):

<PRE>
./configure
make
</PRE>

<P>
Then type as root user:

<PRE>
make install
</PRE>

<P>
to install QEMU in <TT>`/usr/local'</TT>.




<H3><A NAME="SEC44" HREF="qemu-doc.html#TOC44">9.1.2 Tested tool versions</A></H3>

<P>
In order to compile QEMU succesfully, it is very important that you
have the right tools. The most important one is gcc. I cannot guaranty
that QEMU works if you do not use a tested gcc version. Look at
'configure' and 'Makefile' if you want to make a different gcc
version work.



<PRE>
host      gcc      binutils      glibc    linux       distribution
----------------------------------------------------------------------
x86       3.2      2.13.2        2.1.3    2.4.18
          2.96     2.11.93.0.2   2.2.5    2.4.18      Red Hat 7.3
          3.2.2    2.13.90.0.18  2.3.2    2.4.20      Red Hat 9

PowerPC   3.3 [4]  2.13.90.0.18  2.3.1    2.4.20briq
          3.2

Alpha     3.3 [1]  2.14.90.0.4   2.2.5    2.2.20 [2]  Debian 3.0

Sparc32   2.95.4   2.12.90.0.1   2.2.5    2.4.18      Debian 3.0

ARM       2.95.4   2.12.90.0.1   2.2.5    2.4.9 [3]   Debian 3.0

[1] On Alpha, QEMU needs the gcc 'visibility' attribute only available
    for gcc version &#62;= 3.3.
[2] Linux &#62;= 2.4.20 is necessary for precise exception support
    (untested).
[3] 2.4.9-ac10-rmk2-np1-cerf2

[4] gcc 2.95.x generates invalid code when using too many register
variables. You must use gcc 3.x on PowerPC.
</PRE>



<H2><A NAME="SEC45" HREF="qemu-doc.html#TOC45">9.2 Windows</A></H2>


<UL>
<LI>Install the current versions of MSYS and MinGW from

<A HREF="http://www.mingw.org/">http://www.mingw.org/</A>. You can find detailed installation
instructions in the download section and the FAQ.

<LI>Download

the MinGW development library of SDL 1.2.x
(<TT>`SDL-devel-1.2.x-mingw32.tar.gz'</TT>) from
<A HREF="http://www.libsdl.org">http://www.libsdl.org</A>. Unpack it in a temporary place, and
unpack the archive <TT>`i386-mingw32msvc.tar.gz'</TT> in the MinGW tool
directory. Edit the <TT>`sdl-config'</TT> script so that it gives the
correct SDL directory when invoked.

<LI>Extract the current version of QEMU.

 
<LI>Start the MSYS shell (file <TT>`msys.bat'</TT>).

<LI>Change to the QEMU directory. Launch <TT>`./configure'</TT> and

<TT>`make'</TT>.  If you have problems using SDL, verify that
<TT>`sdl-config'</TT> can be launched from the MSYS command line.

<LI>You can install QEMU in <TT>`Program Files/Qemu'</TT> by typing

<TT>`make install'</TT>. Don't forget to copy <TT>`SDL.dll'</TT> in
<TT>`Program Files/Qemu'</TT>.

</UL>



<H2><A NAME="SEC46" HREF="qemu-doc.html#TOC46">9.3 Cross compilation for Windows with Linux</A></H2>


<UL>
<LI>

Install the MinGW cross compilation tools available at
<A HREF="http://www.mingw.org/">http://www.mingw.org/</A>.

<LI>

Install the Win32 version of SDL (<A HREF="http://www.libsdl.org">http://www.libsdl.org</A>) by
unpacking <TT>`i386-mingw32msvc.tar.gz'</TT>. Set up the PATH environment
variable so that <TT>`i386-mingw32msvc-sdl-config'</TT> can be launched by
the QEMU configuration script.

<LI>

Configure QEMU for Windows cross compilation:

<PRE>
./configure --enable-mingw32
</PRE>

If necessary, you can change the cross-prefix according to the prefix
choosen for the MinGW tools with --cross-prefix. You can also use
--prefix to set the Win32 install path.

<LI>You can install QEMU in the installation directory by typing

<TT>`make install'</TT>. Don't forget to copy <TT>`SDL.dll'</TT> in the
installation directory. 

</UL>

<P>
Note: Currently, Wine does not seem able to launch
QEMU for Win32.




<H2><A NAME="SEC47" HREF="qemu-doc.html#TOC47">9.4 Mac OS X</A></H2>

<P>
The Mac OS X patches are not fully merged in QEMU, so you should look
at the QEMU mailing list archive to have all the necessary
information.


<P><HR><P>
This document was generated on 24 July 2005 using
<A HREF="http://wwwinfo.cern.ch/dis/texi2html/">texi2html</A>&nbsp;1.56k.
</BODY>
</HTML>