[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Mem_event API and MEM_EVENT_REASON_SINGLESTEP



Hello,

I'm interested in using the mem_event API (or it's LibVMI wrapper), but I'm interested in capturing write events anywhere in a domU guest's memory, _and_ not just once for each page write, but every time a page is being written to.

To this end, I've looked at the xen-access.c example, where at first all the pages are being monitored:

xc_hvm_set_mem_access(xch, domain_id, HVMMEM_access_rx, ~0ull, 0);
xc_hvm_set_mem_access(xch, domain_id, HVMMEM_access_rx, 0, xenaccess->domain_info->max_pages);

Then, after an event is received:

xc_hvm_set_mem_access(xch, domain_id, HVMMEM_access_rwx, req.gfn, 1);

thus allowing 'rwx' access to 1 page starting at req.gfn.

This strategy indeed allows me to inspect writes to any page of the guest OS, however I can only do this once per page. Once the page is allowed HVMMEM_access_rwx access, any subsequent writes to it become unavailable to my dom0 userspace tool (I'm "unregistering" for that page-specific event).

The author of LibVMI's events code has suggested that I might enable writes to that page, single step past the write instruction, and then disable writes again.

Two questions:

1. I haven't been able to find an example of how single-stepping via the mem_event API might work. Can you point me to some code that does this (or a paper, etc.)?

2. Is there any other way to achieve what I'm after?

Thanks,
Razvan Cojocaru

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.