[Xen-devel] Xendbg: a full-featured debugger for both PV & HVM Xen guests

[Spencer Michaels <spmichaels.work@xxxxxxxxx>]

Hello everyone,

I'm Spencer Michaels, creator of Xendbg, a recently-released full-featured

debugger for both HVM and PV Xen guests. I developed Xendbg under the auspices

of my company, NCC Group, and released it via a post on their blog about two

months ago. Andrew Cooper kindly pointed out to me today that I neglected to

cross-post to xen-devel, which in retrospect is obviously the best place for a

Xen debugger release announcement! So, I thought I should do so now; my

apologies for not thinking of this sooner.

The original release blog post can be found here:

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/january/xendbg-a-full-featured-debugger-for-the-xen-hypervisor/

The source is on Github (MIT licensed):

https://github.com/nccgroup/xendbg

A talk on unikernel security I gave late last year also has a bit about Xendbg,

with a demo of an earlier prototype:

https://youtu.be/b68VFuB_y5M?t=1933

The blog post explains why and how I created Xendbg, and some of the

difficulties I faced in doing so. Basically, I was researching Xen-based

unikernels and ended up needing a full-featured debugger (gdbsx wasn't

sufficient); when I failed to find any, I ended up writing one myself. As

Andrew pointed out to me today, I had a few theoretical misconceptions about

Xen's architecture when I wrote the original post; in particular, I didn't

describe dom0 as being a Xen VM itself. On the whole, though, I think the post

is a decent intro to what it's like to develop tooling based on the Xen VMI

APIs, and I hope Xendbg can serve as a reference implementation for others who

want to do so as well.

In the near future, I will likely be contributing documentation on the VMI APIs

I figured out how to use while developing Xendbg (most of which are totally

undocumented). I think this would be a big help for people like myself who want

to write Xen debugging tools but don't know where to start.

Finally, I should note that while writing Xendbg, some of my questions about

the VMI APIs were answered on this very list by Andrew Cooper and Tamas

Lengyel, so special thanks to the both of you! Much of the page table

reading/writing functionality was built with their help.

If you have any questions about Xendbg or my experience with the Xen VMI APIs,

I'd be happy to answer them.

Thanks,

Spencer

P.S. For those interested, the unikernel security whitepaper on which the talk

I mentioned above is based is going to be published this coming Monday on our

blog (link below). It's not about Xen specifically, but it is relatively heavily

Xen-related because the unikernels I looked at were both Xen-based, so some

people here may be interested in it. Some of the test results were obtained

using Xendbg.

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel