[vbox-dev] doubt regarding API support.

Klaus Espenlaub Klaus.Espenlaub at Sun.COM
Tue Nov 25 12:51:26 GMT 2008

raghavan m wrote:
> hi 
> I am a newbie to Virtual box .  I am doing a project on Host Based 
> Intrusion detection based on hypervisor based introspection for virtual 
> machines.
> Hypervisor based introspection is checking integrity of various kernel 
> data strcutures from outside the kernel thru APIs provided by hypervisor.
> Is it possible with virtual box API to fetch  certain Kernel data 
> structures and files of the virtual machine ? 
> i would be running a process outside the hypervisor . This process must 
> be able to fetch content about a file or a kernel data structure of a 
> guest virtual OS running on hypervisor ... is it possible ? 

The hypervisor knows nothing about what executes in it, so it is 
difficult to inspect kernel data structures (whether that's process 
tables, files or what not). I'm not saying it's impossible, but it's 
certainly a challenge.

VirtualBox doesn't require modifications to the guests, which as a 
consequence means that the knowledge of what the guest is doing is 
extremely limited. The "OS type" selection is purely for selecting 
appropriate defaults for setting up the VM. But apart from that it's 
purely informational. The hypervisor actually doesn't get the value, it 
just gets the individual VM settings.

To summarize: There is definitely no API which can do out of the box 
what you're hinting at.


More information about the vbox-dev mailing list