Thanks Andrew,
I'll certainly follow your suggestion of getting used to coding into Xen
context.
I've just got started programming into Xen, and this will be crucial to my
goal.
Right now, my approach to detect a dom0 memory page is to walk across all
pages in memory and identify one that holds
On 02/01/2021 19:20, Charles Gonçalves wrote:
> Sure.
>
> The goal is to emulate a scenario where a compromised guest attacks
> another
> tenant in the same physical host reading/changing the memory content.
> E.g., extract the RSA key.
>
> I'll be in the domU kernel space. I'm assuming that
Sure.
The goal is to emulate a scenario where a compromised guest attacks another
tenant in the same physical host reading/changing the memory content.
E.g., extract the RSA key.
I'll be in the domU kernel space. I'm assuming that the guest is able to
exploit
any vulnerability possible.
On 02/01/2021 17:02, Charles Gonçalves wrote:
> Hi,
>
> I'm building some attack loads targeting Xen to my PhD and need to
> identify the pages for a specific guest.
> Assuming that I'm able to traverse the pages in memory, how do I
> identify a guest (by ID or Name)?
>
> The dom0 is easy
Hi,
I'm building some attack loads targeting Xen to my PhD and need to
identify the pages for a specific guest.
Assuming that I'm able to traverse the pages in memory, how do I identify a
guest (by ID or Name)?
The dom0 is easy since I can inspect the start_info looking for
SIF_INITDOMAIN but I
