Hi, I could understand it would be a challenging task.It would be great if someone cud guide me of how i have to proceed what are the basics shud i learn ? to understand virtual box architecture ... and add this component which is capable of inspecting the kernel data structures of created guest virtual machines.
On Tue, Nov 25, 2008 at 6:21 PM, Klaus Espenlaub <[EMAIL PROTECTED]>wrote: > raghavan m wrote: > > > > hi > > I am a newbie to Virtual box . I am doing a project on Host Based > > Intrusion detection based on hypervisor based introspection for virtual > > machines. > > Hypervisor based introspection is checking integrity of various kernel > > data strcutures from outside the kernel thru APIs provided by hypervisor. > > Is it possible with virtual box API to fetch certain Kernel data > > structures and files of the virtual machine ? > > i would be running a process outside the hypervisor . This process must > > be able to fetch content about a file or a kernel data structure of a > > guest virtual OS running on hypervisor ... is it possible ? > > The hypervisor knows nothing about what executes in it, so it is > difficult to inspect kernel data structures (whether that's process > tables, files or what not). I'm not saying it's impossible, but it's > certainly a challenge. > > VirtualBox doesn't require modifications to the guests, which as a > consequence means that the knowledge of what the guest is doing is > extremely limited. The "OS type" selection is purely for selecting > appropriate defaults for setting up the VM. But apart from that it's > purely informational. The hypervisor actually doesn't get the value, it > just gets the individual VM settings. > > To summarize: There is definitely no API which can do out of the box > what you're hinting at. > > Klaus > > > _______________________________________________ > vbox-dev mailing list > [email protected] > http://vbox.innotek.de/mailman/listinfo/vbox-dev > -- Raghavan
_______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
