Re: Accessing guest memory from the host

2009-02-06 Thread Gioacchino Mendola 
cpu_physical_memory_read(target_phys_addr_t addr, uint8_t *buf, int len)

requires as input parameter the "physical"? memory address...

My goal is to be able to scan the --entire-- guest kernel memory
in search for particular content patterns.

How would you proceed?
Where can I get start and end addresses that are of interest to me?
I doubt a -linear- scan between those addresses would work for my goals?
Am I wrong?

thanks in advance for any hint,

GM

From: Avi Kivity

Date: 2009/2/4
    Subject: Re: Accessing guest memory from the host
To: Gioacchino Mendola 


Gioacchino Mendola wrote:

I would like,
with security in mind (see lkcd.sourceforge.net),
to be able to access guest -kernel- memory content from the host
(x86_64 Intel VT).

As far as I know on x86 you can only r/w access memory if you can map
it with the pagetables
(i.e. no direct physical addressing is possible).

If I am correct, I need some "sort" of pagetable mapping/translation
and I hope to be able to find some (even just partially)
useful function inside kvm/qemu.



You can read any memory you like from withing qemu with
cpu_physical_memory_read(), without touching page tables at all.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Accessing guest memory from the host

2009-02-02 Thread Avi Kivity 

Gioacchino Mendola wrote:

hello everyone,

I'm trying to access guest memory from the host machine (x86_64).
In particular I would like to be able to find
the "physical" memory addresses the host machine allocates for the guest vm.
Is there any function in KVM that allows me to do that?
Could any of you please help me clarify the subject
or point me to some detailed documentation?
  


There is no direct mapping between guest physical addresses to host 
physical addresses.  kvm allocates memory on demand (when the guest 
first accesses it), so when a VM is started no memory is allocated to 
it.  Further, kvm can swap guest memory, so the host address can 
disappear or move.


What are you trying to accomplish?

--
error compiling committee.c: too many arguments to function

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html