[vbox-dev] IDT kernel patching
skarbat at gmail.com
Wed Oct 8 03:43:36 PDT 2008
My apologies if this is not the correct newsgroup for the following
I am patiently migrating the rr0d kernel debugger (
to run smoothly inside a windows xp guest. The host system is a Debian
running virtualbox 1.6.2.
Video direct memory access seems to be partially fine, but the biggest
problem seems to be the interrupt table patching.
It would appear that Virtualbox doesn't like anybody from touching the
kernel supervisor arena,
even from ring 0. Is this a limitation of the software? Or is the debugger
really doing something nasty?
The debugger code calls the mnemonic sidt to obain the base address to the
IDT (which works fine) and then patches several entries to get control over
certain interrupts (int 0, 3, 13 and a few others)
During this operation, I get the following entries in the virtualbox log
FATAL ERROR: trpmgcShadowIDTWriteHandler: eip=F4226AD2
CheckPageFault: write to hypervisor region f700f46c
FATAL ERROR: trpmgcShadowIDTWriteHandler: eip=F4226AF3
Any suggestions greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vbox-dev