[vbox-dev] doubt regarding API support.

raghavan m raghavan.mit at gmail.com
Wed Dec 24 18:54:11 GMT 2008

Hi,     I could understand it would be a challenging task.It would be great
> if someone cud guide me of how i have to proceed
> what are the basics shud i learn ?
> to understand virtual box architecture ... and add this component which is
> capable of inspecting the kernel data structures of created guest virtual
> machines.
Can anyone guide me of wat all basics of Virtual box  shud i know to
accomplish the task of adding a module which cud check the integrity of the
running kernel's sensitive data structures

> On Tue, Nov 25, 2008 at 6:21 PM, Klaus Espenlaub <Klaus.Espenlaub at sun.com>wrote:
>> raghavan m wrote:
>> >
>> > hi
>> > I am a newbie to Virtual box .  I am doing a project on Host Based
>> > Intrusion detection based on hypervisor based introspection for virtual
>> > machines.
>> > Hypervisor based introspection is checking integrity of various kernel
>> > data strcutures from outside the kernel thru APIs provided by
>> hypervisor.
>> > Is it possible with virtual box API to fetch  certain Kernel data
>> > structures and files of the virtual machine ?
>> > i would be running a process outside the hypervisor . This process must
>> > be able to fetch content about a file or a kernel data structure of a
>> > guest virtual OS running on hypervisor ... is it possible ?
>> The hypervisor knows nothing about what executes in it, so it is
>> difficult to inspect kernel data structures (whether that's process
>> tables, files or what not). I'm not saying it's impossible, but it's
>> certainly a challenge.
>> VirtualBox doesn't require modifications to the guests, which as a
>> consequence means that the knowledge of what the guest is doing is
>> extremely limited. The "OS type" selection is purely for selecting
>> appropriate defaults for setting up the VM. But apart from that it's
>> purely informational. The hypervisor actually doesn't get the value, it
>> just gets the individual VM settings.
>> To summarize: There is definitely no API which can do out of the box
>> what you're hinting at.
>> Klaus
>> _______________________________________________
>> vbox-dev mailing list
>> vbox-dev at virtualbox.org
>> http://vbox.innotek.de/mailman/listinfo/vbox-dev
> --
> Raghavan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20081225/53a566c2/attachment.html>

More information about the vbox-dev mailing list