Re: [Xen-devel] Xen interfaces / hooks

[Ian Campbell <Ian.Campbell@xxxxxxxxxx>]

On Wed, 2011-12-21 at 16:40 +0000, Muhammed Aydin wrote:
> Hi Ian,
> 
> Thanks for the response.
> 
> > Perhaps if you explain your actual end goal you can be better
> advised.
> 
> What we are planning to do is to insert some code which can
> automatically utilise some instructions from forensics investigation
> tools (such as a command line tools like Sleuthkit), and to do this
> automatically upon starting up and shutdown / suspension of a virtual
> machine running on the Xen hypervisor in order to aid forensic
> investigations. Nothing complicated being added but we need to know
> exactly where we would need to put these commands.
> 
> My understanding is that because this would be performed on the domain
> U guest operating systems this change would need to be at the
> hypervisor level rather than the dom 0. Could you advise on how to go
> about this please? What I have been looking for is anything which
> could help me to do this to Xen, such as a tutorial or a guide, and
> couldn't find anything. 

Without knowing the precise details for "some instructions from
forensics investigation tools" I can't say for sure but this sounds on
the face of it like something which can be done from dom0 by using the
usual privileged operations to examine guest state.

Perhaps the "xenaccess" library (now apparently called LibVMI) will help
you to achieve your goals. I believe this uses the Memory Access API
added in Xen 4.1 although I'm not personally familiar with the
specifics.

There are no hooks for doing anything on domain startup/shutdown/suspend
but the generic functionality of running something on these events seems
like a plausibly useful generic addition to the xl toolstack (see
tools/libxl).

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel