Hi all, Can dom0 have enough privilege to access domu''s kernel memory using Libvmi functions? Libvmi use xenaccess functions in fact, and as it is a user space library I''m asking this. I wanna read system call table of domu through dom0. Thanks _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
On Mon, Jul 8, 2013 at 9:25 AM, Mina Jafari <ai.minajafari@gmail.com> wrote:> > Hi all, > Can dom0 have enough privilege to access domu''s kernel memory using Libvmi > functions? > Libvmi use xenaccess functions in fact, and as it is a user space library > I''m asking this. > > I wanna read system call table of domu through dom0. > > Thanks >Mina, Use of LibVMI in this manner should provide the basic foundational components that you require: Domain 0 has implicit privilege to access domU memory as a consequence of being the privileged management domain, and LibVMI operations from dom0 should work without changes to your Xen configuration. I would recommend that you begin observation in dom0 as a path of least resistance. It is possible to use LibVMI within a domU to examine other domUs, but only via a XSM policy. Such a policy must grant to the observing domU ability to invoke a variety of privileged operations upon the target domU. This is really only viable with Xen 4.3 and a recent kernel in the observing domU -- the XSM wiki page has more information. Always keep in mind that you are inspecting untrusted, potentially malicious memory; be very cautious with the data LibVMI provides. Steve _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Steve, So as you said, Libvmi can have access to memory of domu.yes? I''m just not sure about this, because when I''m using libvmi functions to access Memory of domu it returns failure.I thought it''s because of illegal access. Thanks On Mon, Jul 8, 2013 at 7:05 PM, Steven Maresca <steve@zentific.com> wrote:> > On Mon, Jul 8, 2013 at 9:25 AM, Mina Jafari <ai.minajafari@gmail.com>wrote: > >> >> Hi all, >> Can dom0 have enough privilege to access domu''s kernel memory using >> Libvmi functions? >> Libvmi use xenaccess functions in fact, and as it is a user space library >> I''m asking this. >> >> I wanna read system call table of domu through dom0. >> >> Thanks >> > > Mina, > > Use of LibVMI in this manner should provide the basic foundational > components that you require: Domain 0 has implicit privilege to access domU > memory as a consequence of being the privileged management domain, and > LibVMI operations from dom0 should work without changes to your Xen > configuration. I would recommend that you begin observation in dom0 as a > path of least resistance. > > It is possible to use LibVMI within a domU to examine other domUs, but > only via a XSM policy. Such a policy must grant to the observing domU > ability to invoke a variety of privileged operations upon the target domU. > This is really only viable with Xen 4.3 and a recent kernel in the > observing domU -- the XSM wiki page has more information. > > Always keep in mind that you are inspecting untrusted, potentially > malicious memory; be very cautious with the data LibVMI provides. > > Steve >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
It''s difficult to determine what is wrong without seeing an error or similar. I am definitely sure that a LibVMI application running on dom0 should have no problem accessing domU memory; this is an operation I perform regularly. It might be beneficial to check out the LibVMI mailing list at http://groups.google.com/group/vmitools/ - it''s a fairly helpful group. Steve _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel