[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Acquire memory image of domU over network

To: xen-users@xxxxxxxxxxxxx
From: Stratos Skleparis <stratos.911@xxxxxxxxx>
Date: Sun, 13 Sep 2015 02:10:32 +0300
Delivery-date: Sun, 13 Sep 2015 12:40:28 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

Hello all,

I am trying to dump a memory image from a XEN guest (Ubuntu 12.04 x64 - domU) in order to analyze it on dom0 (Ubuntu server 12.04 x64) with volatility and find some information about the guest virtual machine. For this purpose I am using LiME ( Linux Memory Extractor ) since volatility supports lime format memory dumps. .

Thing is I have to log into XEN guest VM (domU) via gvncviewer or via ssh or even place static IP on guest .cfg file and type some commands on terminal and then with netcat on the host (dom0) acquire the memory dump over a TCP port .

Is there any possible way to do that over network without logging in the guest (domU) ?Â
xm memory dump produces .core image file that's not compatible with volatility framework and it also pauses the guest Virtual Machine , I don't want this to happen !

Assuming that I don't know the IP address of domU and I want to discover it through the memory dump + other information about the guest VM ..

Thanks in advance

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Prev by Date: [Xen-users] Issue with booting domU
Next by Date: Re: [Xen-users] "xl create" hangs
Previous by thread: [Xen-users] Issue with booting domU
Next by thread: [Xen-users] [RESEARCH] Security patch delivery delay
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.