Am Donnerstag, den 26.10.2006, 16:23 +0900 schrieb KazuyaMatsunaga: > Hello, > > It is impolite to write an unexpected letter. I am a college student in > Japan. I belong to information processing system laboratory, and I work on > intrusion detection system. We are developing intrusion detection system > using system calls. Now, it operates only on Linux. I would like to operate > it in more platforms. I think it is possible to found guest OS’s > abnormality by observing it from the hostOS. I would be extremely happy if > it could be operated on the Qemu. Do you think that it is possible? Now, my > system uses only processID and frequency of system calls. In a word, I would > like to know how to get gestOS’s information (processID and frequency of > system calls). > > > > Any help would be greatly appreciated. > > > > Regards, > > kazuya hello kazuya!
some people here commented on the system call problems. i'd like to say some words about processIDs: You might want to consider useing the Page Directory Base Register (PDBR aka cr3 or in qemu-x86 env->cr[3]) to idenify differnet processes. afaik it is then OS-dependant how to get the corresponding PID. I did this for windows and i assume it's a lot easier to do the same for linux/*BSD (as the source is available). Since you probably will need to check for the current process quite often, the shorter access times for this information might come in handy. cheers m. _______________________________________________ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
