[vbox-dev] doubt regarding API support.

raghavan m raghavan.mit at gmail.com
Tue Dec 2 14:28:04 GMT 2008 

Hi,     I could understand it would be a challenging task.It would be great
if someone cud guide me of how i have to proceed
what are the basics shud i learn ?
to understand virtual box architecture ... and add this component which is
capable of inspecting the kernel data structures of created guest virtual
machines.

On Tue, Nov 25, 2008 at 6:21 PM, Klaus Espenlaub <Klaus.Espenlaub at sun.com>wrote:

> raghavan m wrote:
> >
> > hi
> > I am a newbie to Virtual box .  I am doing a project on Host Based
> > Intrusion detection based on hypervisor based introspection for virtual
> > machines.
> > Hypervisor based introspection is checking integrity of various kernel
> > data strcutures from outside the kernel thru APIs provided by hypervisor.
> > Is it possible with virtual box API to fetch  certain Kernel data
> > structures and files of the virtual machine ?
> > i would be running a process outside the hypervisor . This process must
> > be able to fetch content about a file or a kernel data structure of a
> > guest virtual OS running on hypervisor ... is it possible ?
>
> The hypervisor knows nothing about what executes in it, so it is
> difficult to inspect kernel data structures (whether that's process
> tables, files or what not). I'm not saying it's impossible, but it's
> certainly a challenge.
>
> VirtualBox doesn't require modifications to the guests, which as a
> consequence means that the knowledge of what the guest is doing is
> extremely limited. The "OS type" selection is purely for selecting
> appropriate defaults for setting up the VM. But apart from that it's
> purely informational. The hypervisor actually doesn't get the value, it
> just gets the individual VM settings.
>
> To summarize: There is definitely no API which can do out of the box
> what you're hinting at.
>
> Klaus
>
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> http://vbox.innotek.de/mailman/listinfo/vbox-dev
>



-- 
Raghavan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20081202/88bb877d/attachment.html>

More information about the vbox-dev mailing list