[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-users] XenAccess Library: Introspection for Xen
Would XenAccess implementation and functionality be the same for both paravirtualized and fully virtualized (using VT) guests? I imagine that the changes for VT guests would range somewhere from none to minimal. However, I haven't actually used XenAccess on VT hardware yet, so I can't say for sure. If you try it out, please let me know what you find. Would the only difference between introspection on a Linux vs Windows guestbe the closed and undocumented nature of the Windows kernel? Pretty much. The nice thing is that memory access is more hardware dependent than OS dependent. Therefore, you should be able to access virtual addresses on windows just like you can on linux. The trick is knowing which address to access :-) On linux you can leverage the source code, system map file, etc to see how things are laid out in memory. On windows, it's going to be a little tricker to figure out which addresses to access. I'm more knowledgeable with linux than I am with windows. So perhaps there's some information out there that I'm not aware of that would help with this situation. But, even without extra information, one should be able to discern quite a bit of information through reverse engineering techniques. How difficult would it be to get a look at a running guest's file system?Linux seems easy, but I believe Windows guests use vmx images; can the Windows file system be viewed naturally from the outside? Having not used VT hardware, I'm not familiar with the vmx image files. But, assuming that the format is well known, you should be able to access its contents from dom0. Another option is to tap the device access between the frontend and backend drivers, which would allow you to view data as it is being accessed. Are there any other potential obstacles or difficulties that would make various introspection techniques on Windows impossible, difficult, or merelya nuisance? I believe that introspection with Windows should be very doable. In fact, if you look at the XenAccess source code, you'll see that I've already started breaking out OS-specific code. My plan is to work on support for other OSes once linux is up and running. Of course, if you have any success with windows first, I'd be happy to integrate the code into subversion. If you have other questions, feel free to drop me a line and/or post to the XenAccess mailing list. Cheers, bryan - Bryan D. Payne Graduate Student, Computer Science Georgia Tech Information Security Center http://www.bryanpayne.org Attachment:
smime.p7s _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |