Sure. The goal is to emulate a scenario where a compromised guest attacks another tenant in the same physical host reading/changing the memory content. E.g., extract the RSA key.
I'll be in the domU kernel space. I'm assuming that the guest is able to exploit any vulnerability possible. Effectively I'll be changing Xen's code (at least possible) to *emulate* a vulnerability (e.g., undo a patch). Atenciosamente, *Charles Ferreira Gonçalves * On Sat, Jan 2, 2021 at 7:06 PM Andrew Cooper <andrew.coop...@citrix.com> wrote: > On 02/01/2021 17:02, Charles Gonçalves wrote: > > Hi, > > > > I'm building some attack loads targeting Xen to my PhD and need to > > identify the pages for a specific guest. > > Assuming that I'm able to traverse the pages in memory, how do I > > identify a guest (by ID or Name)? > > > > The dom0 is easy since I can inspect the start_info looking > > for SIF_INITDOMAIN but I have no idea to identify a specific domU. > > Hello, > > Could you provide rather more details about what exactly you're trying > to do? > > In particular, what context are you in when trying to identify the pages? > > ~Andrew >
