Hi, I could understand it would be a challenging task.It would be great > if someone cud guide me of how i have to proceed > what are the basics shud i learn ? > to understand virtual box architecture ... and add this component which is > capable of inspecting the kernel data structures of created guest virtual > machines. > Can anyone guide me of wat all basics of Virtual box shud i know to accomplish the task of adding a module which cud check the integrity of the running kernel's sensitive data structures
> > > On Tue, Nov 25, 2008 at 6:21 PM, Klaus Espenlaub > <[email protected]>wrote: > >> raghavan m wrote: >> > >> > hi >> > I am a newbie to Virtual box . I am doing a project on Host Based >> > Intrusion detection based on hypervisor based introspection for virtual >> > machines. >> > Hypervisor based introspection is checking integrity of various kernel >> > data strcutures from outside the kernel thru APIs provided by >> hypervisor. >> > Is it possible with virtual box API to fetch certain Kernel data >> > structures and files of the virtual machine ? >> > i would be running a process outside the hypervisor . This process must >> > be able to fetch content about a file or a kernel data structure of a >> > guest virtual OS running on hypervisor ... is it possible ? >> >> The hypervisor knows nothing about what executes in it, so it is >> difficult to inspect kernel data structures (whether that's process >> tables, files or what not). I'm not saying it's impossible, but it's >> certainly a challenge. >> >> VirtualBox doesn't require modifications to the guests, which as a >> consequence means that the knowledge of what the guest is doing is >> extremely limited. The "OS type" selection is purely for selecting >> appropriate defaults for setting up the VM. But apart from that it's >> purely informational. The hypervisor actually doesn't get the value, it >> just gets the individual VM settings. >> >> To summarize: There is definitely no API which can do out of the box >> what you're hinting at. >> >> Klaus >> >> >> _______________________________________________ >> vbox-dev mailing list >> [email protected] >> http://vbox.innotek.de/mailman/listinfo/vbox-dev >> > > > > -- > Raghavan > -- Raghavan
_______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
