This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-research] Intercepting memory operations of a guest

To: <xen-research@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-research] Intercepting memory operations of a guest
From: "Sina Bahram" <sbahram@xxxxxxxxx>
Date: Mon, 8 Dec 2008 11:54:57 -0500
Delivery-date: Mon, 08 Dec 2008 08:55:08 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1e16a9ed0812080715j7b6c4311j3141cbf9c639a852@xxxxxxxxxxxxxx>
List-help: <mailto:xen-research-request@lists.xensource.com?subject=help>
List-id: Research Issues on Xen <xen-research.lists.xensource.com>
List-post: <mailto:xen-research@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-research>, <mailto:xen-research-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-research>, <mailto:xen-research-request@lists.xensource.com?subject=unsubscribe>
Organization: Sina Bahram
References: <A2A4EB83B92E47CEA18E21773EE7D8E9@neutrino> <1e16a9ed0812080715j7b6c4311j3141cbf9c639a852@xxxxxxxxxxxxxx>
Sender: xen-research-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AclZR8PXAnyr4X1/RvOE5Ayr8jAwvAADTfEw
Hi Todd,

I've subscribed to that list now, and I'll send my message there as well.

Thanks for the suggestion.

Take care,
-----Original Message-----
From: Todd Deshane [mailto:deshantm@xxxxxxxxx] 
Sent: Monday, December 08, 2008 10:15 AM
To: Sina Bahram
Cc: xen-research@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-research] Intercepting memory operations of a guest

On Sun, Dec 7, 2008 at 8:57 PM, Sina Bahram <sbahram@xxxxxxxxx> wrote:
> Hi all,
> Sorry for any cross posting. I sent this to the xen-devel list and the
> xen-se list as well.
> I'm wanting to modify some xen source code for the purposes of some
> research, exploration, and testing of some security concepts.
> I have a few questions after looking through the source.
> All of the below applies to 32-bit guests.
> #1: Is there anyway possible to trap/insert some code at/hook into, any
> modification of a PV guest's page table. Anything like a hypercall handler
> can plugin to, a function or series of functions that always gets called,
> something I can provide a call back to, or anything else?
> #2: For some research purposes, I plan on replicating portions of the page
> table of a guest, only those pages of the guest's kernel. I hope to do
> by the supervisory bit being set; however, I welcome any suggestions of a
> better approach to detecting when kernel pages are being modified?
> In general, to explain any questions I haven't specifically asked above;
> looking for the appropriate place in xen to intercept any writes, reads,
> executes of a guest's memory.
> Also, would such activities be easier or more difficult with hvm guests?
> Since xen has to provide hvm guests an individual CR3, would such a place
> much easier to hook into because of any abstraction layers that already
> exist for such things?
> The only reason I picked pv guests was that the semantics of what is a
> kernel page and what is not might not be as easy to determine in an hvm
> guest, but perhaps this is not the case?

You may want to take a look at the Xen Introspection Project:


Todd Deshane

Xen-research mailing list

<Prev in Thread] Current Thread [Next in Thread>