Hello, Thank you for your replies to my previous question "VBox CSAM/PATM in VMX mode".
I think I should probably make my intentions clearer. My ultimate goal is to be able to intercept, from inside the hypervisor, all kernel-level executions of CALL and RET instructions performed by a guest OS. I understand the performance implications of this. Considering the role that CSAM/PATM already play, it seemed natural to me that these could be extended so that kernel CALL and RET instructions could be dynamically "patched" (as already done with sensitive operations) with code which would trap to the hypervisor upon execution. If CSAM/PATM are not used in VMX mode, I can live without VMX. The question really is to what extent would CSAM/PATM need to be modified to implement this kind of CALL/RET tracing. I'm not expecting a step-by-step guide, of course; rather an estimate from more experienced Vbox developers (as I'm not myself very experienced) as to what amount of effort would be involved in this addition and any possible pitfalls that I should watch out for when modifying the code. Thanks again, -- Martim _______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
