[vbox-dev] doubt regarding API support.
Klaus.Espenlaub at Sun.COM
Tue Nov 25 04:51:26 PST 2008
raghavan m wrote:
> I am a newbie to Virtual box . I am doing a project on Host Based
> Intrusion detection based on hypervisor based introspection for virtual
> Hypervisor based introspection is checking integrity of various kernel
> data strcutures from outside the kernel thru APIs provided by hypervisor.
> Is it possible with virtual box API to fetch certain Kernel data
> structures and files of the virtual machine ?
> i would be running a process outside the hypervisor . This process must
> be able to fetch content about a file or a kernel data structure of a
> guest virtual OS running on hypervisor ... is it possible ?
The hypervisor knows nothing about what executes in it, so it is
difficult to inspect kernel data structures (whether that's process
tables, files or what not). I'm not saying it's impossible, but it's
certainly a challenge.
VirtualBox doesn't require modifications to the guests, which as a
consequence means that the knowledge of what the guest is doing is
extremely limited. The "OS type" selection is purely for selecting
appropriate defaults for setting up the VM. But apart from that it's
purely informational. The hypervisor actually doesn't get the value, it
just gets the individual VM settings.
To summarize: There is definitely no API which can do out of the box
what you're hinting at.
More information about the vbox-dev