Hi, I'd like to try a construct a simple rootkit for guest paravirtualized VM in Xen (linux 2.6.18.8 kernel and xen 3.2.1). I'd like to do a Interrupt Hooking, like modifying the first few instructions of the interrupt handler. I know that in a guest paravirtualization it is a virtual IDT, but I don't know how to modify it. What hypercall is involved to do this?
In other words I'd like testing my hypercall interception from dom0, with a final aim to detect those type of rootkit. Thanks in advance and sorry for my English :-)* *Elena* <[email protected]>*
_______________________________________________ xen-api mailing list [email protected] http://lists.xensource.com/mailman/listinfo/xen-api
