[vbox-dev] doubt regarding API support.
raghavan.mit at gmail.com
Tue Dec 2 06:28:04 PST 2008
Hi, I could understand it would be a challenging task.It would be great
if someone cud guide me of how i have to proceed
what are the basics shud i learn ?
to understand virtual box architecture ... and add this component which is
capable of inspecting the kernel data structures of created guest virtual
On Tue, Nov 25, 2008 at 6:21 PM, Klaus Espenlaub <Klaus.Espenlaub at sun.com>wrote:
> raghavan m wrote:
> > hi
> > I am a newbie to Virtual box . I am doing a project on Host Based
> > Intrusion detection based on hypervisor based introspection for virtual
> > machines.
> > Hypervisor based introspection is checking integrity of various kernel
> > data strcutures from outside the kernel thru APIs provided by hypervisor.
> > Is it possible with virtual box API to fetch certain Kernel data
> > structures and files of the virtual machine ?
> > i would be running a process outside the hypervisor . This process must
> > be able to fetch content about a file or a kernel data structure of a
> > guest virtual OS running on hypervisor ... is it possible ?
> The hypervisor knows nothing about what executes in it, so it is
> difficult to inspect kernel data structures (whether that's process
> tables, files or what not). I'm not saying it's impossible, but it's
> certainly a challenge.
> VirtualBox doesn't require modifications to the guests, which as a
> consequence means that the knowledge of what the guest is doing is
> extremely limited. The "OS type" selection is purely for selecting
> appropriate defaults for setting up the VM. But apart from that it's
> purely informational. The hypervisor actually doesn't get the value, it
> just gets the individual VM settings.
> To summarize: There is definitely no API which can do out of the box
> what you're hinting at.
> vbox-dev mailing list
> vbox-dev at virtualbox.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vbox-dev