[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] Hypercall to modify IDT - rootkit development

To: xen-api@xxxxxxxxxxxxxxxxxxx
From: Elena <elena.junk@xxxxxxxxx>
Date: Tue, 9 Feb 2010 20:31:51 +0100
Delivery-date: Tue, 09 Feb 2010 11:31:49 -0800
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=f7VBWq6lMdJEpFXxrev0vKckM15IdKZwCa37fdIDXnb8H1Q6omq4Ns455yfyv8xc5j C4Bq5bfrE3iTKQdjFzd2EQlMk69JzL0JHUxtC54tmUIyTGC0YUZDK/hFOOZYOCwI65fC iEObFXQW5GCNl+RBZpwF//epp3QyU4ojwLOb4=
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>

Hi,

I'd like to try a construct a simple rootkit for guest paravirtualized VM in Xen (linux 2.6.18.8 kernel and xen 3.2.1).
I'd like to do a Interrupt Hooking, like modifying the first few instructions of the interrupt handler.
I know that in a guest paravirtualization it is a virtual IDT, but I don't know how to modify it.
What hypercall is involved to do this?

In other words I'd like testing my hypercall interception from dom0, with a final aim to detect those type of rootkit.

Thanks in advance and sorry for my English :-)
Elena

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api

Prev by Date: [Xen-API] [PATCH] consider host liveness when forwarding VDI.copy
Next by Date: [Xen-API] Re: Xen-API SDK - VM create
Previous by thread: [Xen-API] [PATCH] consider host liveness when forwarding VDI.copy
Next by thread: [Xen-API] Re: Xen-API SDK - VM create
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.