[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Guest memory access hooking

To: xen-devel@xxxxxxxxxxxxxxxxxxx
From: Cutter 409 <cutter409@xxxxxxxxx>
Date: Tue, 13 Nov 2012 10:56:01 -0500
Delivery-date: Tue, 13 Nov 2012 15:56:17 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hello all,

I'm trying to do some research with malware, and I'm trying to get notifications on arbitrary guest page accesses (similar to what Ether does.) I've noticed the mem-event API and it seems like it might be close to what I need, but I can't find much documentation about how it works or how to use it.

I know that that mem-event API works only with EPT, but is the code to change permissions modifying the guest page tables, or does it work via EPT? (Can the guest detect it?) Is there any documentation about usage, besides the xen-access.c test ?

I'm also interested monitoring arbitrary page access via the shadow page tables. I've been reading through the code, but if anyone has any insight or some kind of push in the right direction, I'd really appreciate it.

Thank you!

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Prev by Date: Re: [Xen-devel] VM memory allocation speed with cs 26056
Next by Date: [Xen-devel] [PATCH] qemu-stubdom: prevent useless medium change
Previous by thread: [Xen-devel] [PATCH v2 0/7] xen/arm: run on real hardware
Next by thread: [Xen-devel] [PATCH] qemu-stubdom: prevent useless medium change
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.