On 11/08/15 03:44, big strong wrote: > My goal is to intercept hyprcalls to detect malicious calls. So I need > firstly find where the hypercalls are.
As I have said before, a guest may have an arbitrary number of hypercall pages. Furthermore, the hypercall page is merely a convenience; nothing prevents a guest manually issuing hypercalls. > My plan is to locate hypercall page first, then walk through the > hypercall page to get address of hyperccalls. If there is any other > solutions, please let me know. Thanks very much. It sounds like you want VM introspection, but it doesn't work like this. try http://libvmi.com/ as a starting point. ~Andrew > > 2015-08-10 23:04 GMT+08:00 Dario Faggioli <dario.faggi...@citrix.com > <mailto:dario.faggi...@citrix.com>>: > > On Sat, 2015-08-08 at 08:02 +0800, big strong wrote: > > I think I've stated clearly what I want to do. > > > Well... > > > > |I want to locate the hypercall page address when creating a new > domU, > > so as to locate hypercalls. > > > Ok. What for? > > Dario > > -- > <<This happens because I choose it to happen!>> (Raistlin Majere) > ----------------------------------------------------------------- > Dario Faggioli, Ph.D, http://about.me/dario.faggioli > Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK) > >
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
