> -----Original Message----- > From: halfdog [mailto:m...@halfdog.net] > Sent: Monday, March 18, 2013 3:05 PM > To: Community mailing list of VirtualBox users > Subject: Re: [VBox-users] guest ram contents accessible in host > > Gregory Nowak wrote: > > Hi everyone, > > I have a straight forward question. Can data stored in a guest's > > portion of ram be accessed somehow on the host while the guest is > > running? > > Yes, there are many (see > http://www.halfdog.net/Misc/TipsAndTricks/VirtualBox.html#ExtractGuestP > hysicalMemory > for one): > > >From my opinion, the way most suitable for automation would be: > > nsResultCode=debugger->vtbl->ReadVirtualMemory(debugger, 0, > offset, > length, &length, &charPtr); > > nsResultCode=debugger->vtbl->ReadPhysicalMemory(debugger, > offset, > length, &length, &charPtr); > > from IMachineDebugger, but although specified, documented and > implementation in the interface, these calls are not yet implemented in > the vbox memory management layer. But I heard rumors there exists an > unofficial patch providing those functions in the wild. > > Another way is to run the vbox guest within the vbox debugger, which > allows interactive analysis. Last time I checked, I failed to automate > that. > > The dump method from the link above gives you the whole memory, but it > is not trivial to get from the physacal to virtual pages. Took me hours > to get through segmentation and page table. But perhaps there are tools > other than manual search using the Intel processor spec. > > Another way is to attach with gdb to the virtualbox process. > > > Am I correct in assuming that such data can be accessed once the > guest > > is halted, and that portion of ram wasn't allocated to another > > program? Thanks. > > When the guest is suspended and halted, you can extract the RAM data > from your disk using code parts from vbox to read the storage files. Hi, halfdog.
Would you expound on this idea for me because I am having a wee bit of a problem connecting the dots? Or perhaps you can point to a link that explains the procedure in greater depth? I am not nearly as versed in debugging as you, but this is an important topic in connection with security concerns, and I want to get a better understanding of it. Thanks. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ VBox-users-community mailing list VBox-users-community@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vbox-users-community _______________________________________________ Unsubscribe: mailto:vbox-users-community-requ...@lists.sourceforge.net?subject=unsubscribe
