[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] how can I find hypercall page address?



On 11/08/15 03:44, big strong wrote:
My goal is to intercept hyprcalls to detect malicious calls. So I need firstly find where the hypercalls are.

As I have said before, a guest may have an arbitrary number of hypercall pages. Furthermore, the hypercall page is merely a convenience; nothing prevents a guest manually issuing hypercalls.

My plan is to locate hypercall page first, then walk through the hypercall page to get address of hyperccalls. If there is any other solutions, please let me know. Thanks very much.

It sounds like you want VM introspection, but it doesn't work like this. try http://libvmi.com/ as a starting point.

~Andrew


2015-08-10 23:04 GMT+08:00 Dario Faggioli <dario.faggioli@xxxxxxxxxx>:
On Sat, 2015-08-08 at 08:02 +0800, big strong wrote:
> I think I've stated clearly what I want to do.
>
Well...
>
> |I want to locate the hypercall page address when creating a new domU,
> so as to locate hypercalls.
>
Ok. What for?

Dario

--
<<This happens because I choose it to happen!>> (Raistlin Majere)
-----------------------------------------------------------------
Dario Faggioli, Ph.D, http://about.me/dario.faggioli
Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.