raghavan m wrote: > > hi > I am a newbie to Virtual box . I am doing a project on Host Based > Intrusion detection based on hypervisor based introspection for virtual > machines. > Hypervisor based introspection is checking integrity of various kernel > data strcutures from outside the kernel thru APIs provided by hypervisor. > Is it possible with virtual box API to fetch certain Kernel data > structures and files of the virtual machine ? > i would be running a process outside the hypervisor . This process must > be able to fetch content about a file or a kernel data structure of a > guest virtual OS running on hypervisor ... is it possible ?
The hypervisor knows nothing about what executes in it, so it is difficult to inspect kernel data structures (whether that's process tables, files or what not). I'm not saying it's impossible, but it's certainly a challenge. VirtualBox doesn't require modifications to the guests, which as a consequence means that the knowledge of what the guest is doing is extremely limited. The "OS type" selection is purely for selecting appropriate defaults for setting up the VM. But apart from that it's purely informational. The hypervisor actually doesn't get the value, it just gets the individual VM settings. To summarize: There is definitely no API which can do out of the box what you're hinting at. Klaus _______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
