QEMU/Monitor

When QEMU is running, it provides a monitor console for interacting with QEMU. Through various commands, the monitor allows you to inspect the running guest OS, change removable media and USB devices, take screenshots and audio grabs, and control various aspects of the virtual machine.

The monitor is accessed from within QEMU by holding down the Ctrl and Alt keys (or whatever the "mouse grab" keystrokes are), and pressing. Once in the monitor,  switches back to the guest OS. Typing  or   in the monitor brings up a list of all commands. Alternatively the monitor can be redirected to using the  command line option. Using  will send the monitor to the standard output, this is most useful when using qemu on the command line.

help
With no arguments, the help command lists all commands available. For more detail about another command, type help command, e.g. (qemu) help info On a small screen / VM window, the list of commands will scroll off the screen too quickly to let you read them. To scroll back and forth so that you can read the whole list, hold down the control key and press Page Up and Page Down.
 * help [command] or ? [command]

info
Show information on some aspect of the guest OS. Available options are:
 * info option
 * block – block devices such as hard drives, floppy drives, cdrom
 * blockstats – read and write statistics on block devices
 * capture – active capturing (audio grabs)
 * history – console command history
 * <tt>irq</tt> – statistics on interrupts (if compiled into QEMU)
 * <tt>jit</tt> – statistics on QEMU's Just In Time compiler
 * <tt>kqemu</tt> – whether the kqemu kernel module is being utilised
 * <tt>mem</tt> – list the active virtual memory mappings
 * <tt>mice</tt> – mouse on the guest that is receiving events
 * <tt>network</tt> – network devices and VLANs
 * <tt>pci</tt> – PCI devices being emulated
 * <tt>pcmcia</tt> – PCMCIA card devices
 * <tt>pic</tt> – state of i8259 (PIC)
 * <tt>profile</tt> – info on the internal profiler, if compiled into QEMU
 * <tt>registers</tt> – the CPU registers
 * <tt>snapshots</tt> – list the VM snapshots
 * <tt>tlb</tt> – list the TLB (Translation Lookaside Buffer), i.e. mappings between physical memory and virtual memory
 * <tt>usb</tt> – USB devices on the virtual USB hub
 * <tt>usbhost</tt> – USB devices on the host OS
 * <tt>version</tt> – QEMU version number
 * <tt>vnc</tt> – VNC information

change
The  command allows you to change removable media (like CD-ROMs), change the display options for a VNC, and change the password used on a VNC.
 * <tt>change device setting</tt>

When you need to change the disc in a CD or DVD drive, or switch between different .iso files, find the name of the CD or DVD drive using  and use   to make the change. (qemu) info block ide0-hd0: type=hd removable=0 file=/path/to/winxp.img ide0-hd1: type=hd removable=0 file=/path/to/pagefile.raw ide1-hd1: type=hd removable=0 file=/path/to/testing_data.img ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/sr0 ro=1 drv=host_device floppy0: type=floppy removable=1 locked=0 [not inserted] sd0: type=floppy removable=1 locked=0 [not inserted] (qemu) change ide1-cd0 /path/to/my.iso (qemu) change ide1-cd0 /dev/sr0 host_device

eject
Use the  command to release the device or file connected to the removable media device specified. The  parameter can be used to force it if it initially refuses!
 * <tt>eject [-f] device</tt>

block_resize
Notify QEMU that a block device has been resized. $ info block drive-virtio-disk3 (#block790): /guest/mud_vdd (raw) $ block_resize drive-virtio-disk3  16G

usb_add
Add a host file as USB flash device ( you need to create in advance the host file: dd if=/dev/zero of=/tmp/disk.usb bs=1024k count=32 )

usb_add disk:/tmp/disk.usb

usb_del
use info usb to get the usb device list (qemu) info usb Device 0.1, Speed 480 Mb/s, Product XXXXXX Device 0.2, Speed 12 Mb/s, Product XXXXX

(qemu) usb_del 0.2 This deletes the device

mouse_move
Sends Mouse Movevment events to guest. mouse_move dx dy [dz] -- send mouse move events. Example: [qemu]mouse_move -20 20

sendkey keys
You can emulate keyboard events through sendkey command. The syntax is: sendkey keys. To get a list of keys, type <tt>sendkey [tab]</tt>. Examples:
 * <tt>sendkey a</tt>
 * <tt>sendkey shift-a</tt>
 * <tt>sendkey ctrl-u</tt>
 * <tt>sendkey ctrl-alt-f1</tt>

As of QEMU 0.12.5 there are:

screendump
Capture a screendump and save into a PPM image file.
 * <tt>screendump filename</tt>

wavcapture
Capture the sound of the vm and save it into a specified .wav file.
 * <tt>wavcapture filename</tt>

stopcapture
Stop recording the wavcapture. Index of the first wavcapture is 0.
 * <tt>stopcapture index</tt>

commit
When running QEMU with the  option, commit changes to the device, or all devices.
 * <tt>commit device</tt> or <tt>commit all</tt>

quit
Quit QEMU immediately.
 * <tt>quit</tt> or <tt>q</tt>

savevm
Save the virtual machine as the tag 'name'. Not all filesystems support this. raw does not, but qcow2 does.
 * <tt>savevm</tt> name

loadvm
Load the virtual machine tagged 'name'. This can also be done on the command line: <tt>-loadvm</tt> name
 * <tt>loadvm</tt> name

With the <tt>info snapshots</tt> command, you can request a list of available machines.

delvm
Remove the virtual machine tagged 'name'.

stop
Suspend execution of VM

cont
Reverse a previous stop command - resume execution of VM.

system_reset
This has an effect similar to the physical reset button on a PC. Warning: Filesystems may be left in an unclean state.

system_powerdown
This has an effect similar to the physical power button on a modern PC. The VM will get an ACPI shutdown request and usually shutdown cleanly.

log

 * <tt>log option</tt>

logfile
Write logs to specified file instead of the default path,.
 * <tt>logfile filename</tt>

gdbserver
Starts a remote debugger session for the GNU debugger (gdb). To connect to it from the host machine, run the following commands: shell$ gdb qemuKernelFile (gdb) target remote localhost:1234

x
x /format address

Displays memory at the specified virtual address using the specified format.

Refer to the xp section for details on format and address.

xp
xp /format address

Displays memory at the specified physical address using the specified format.

format: Used to specify the output format the displayed memory. The format is broken down as ''/[count][data_format][size]
 * count: number of item to display (base 10)
 * data_format: 'x' for hex, 'd' for decimal, 'u' for unsigned decimal, 'o' for octal, 'c' for char and 'i' for (disassembled) processor instructions
 * size: 'b' for 8 bits, 'h' for 16 bits, 'w' for 32 bits or 'g' for 64 bits. On x86 'h' and 'w' can select instruction disassembly code formats.

address:
 * Direct address, for example: 0x20000
 * Register, for example: $eip

Example - Display 3 instructions on an x86 processor starting at the current instruction: (qemu) xp /3i $eip

Example - Display the last 20 words on the stack for an x86 processor: (qemu) xp /20wx $esp

print
Print (or p), evaluates and prints the expression given to it. The result will be printed in hexadecimal, but decimal can also be used in the expression. If the result overflows it will wrap around. To use a the value in a CPU register use $. The name of the register should be lower case. You can see registers with the info registers command.

Example of qemu simulating an i386. (qemu) print 16 0x10 (qemu) print 16 + 0x10 0x20 (qemu) print $eax 0xc02e4000 (qemu) print $eax + 2 0xc02e4002 (qemu) print ($eax + 2) * 2 0x805c8004 (qemu) print 0x80000000 * 2 0

More information on the architecture specific register names can be found from the below qemu source file

http://git.qemu.org/?p=qemu.git;a=blob;f=monitor.c;h=1266ba06fb032cb0e7c9dbaa1b6d22cd9047c6b4;hb=HEAD#l3044

sum
Usage: sum Computes the checksum of the specified memory region

memsave
Usage: memsave

Links
Monitor in QEMU documentation: https://www.qemu.org/docs/master/system/monitor.html