frederic.beck at loria
Feb 23, 2009, 5:47 AM
Post #1 of 1
Memory mapping in hypervisor
I don't know if this is the right place for this kind of questions, or
if my questions are a little bit stupid (it's the first time i'm trying
to do something like that), which is why i apologize for the noise.
For research purpose, i'm trying to log all syscalls issued in a DomU.
I sent a few mail on the xen-devel list and got some help over there,
but i reached a point where i'm getting lost.
I disabled direct_trap in the hypervisor and print out (later on i'll
log the info via the tracing facility) some spu registers like EAX,
EIP, ESP and so on... Now i'm trying to link this syscall to a PID in
In a regular Linux system, by applying the 0xFFFFE000 mask on the ESP i
get the address of a thread_info which contains a task_struct which
contains the PID. I implemented that on a regular Linux system (in the
Dom0) and i get the same offsets than the find_linux_offsets tool from
however, in the hypervisor, these structures are not available. I tried
to wlak through the memory and deduce a way to get the PID with the
offsets, but i couldn't find any way to do it. Thus, i decided to took
a look at XenAccess and see how it obtains the info, and correlate the
address given by the hypervisor (ESP & 0xFFFFE000) and the address of
the task_struct found by process-list. But I have troubles with
XenAccess, as it seems that the value of the cr3 register is corrupted.
I'll try on another computer, or maybe even on a 64 bits host (as the
structures are available on the 64 bits version of the hypervisor), but
meanwhile i do not want to give up on my first thought.
When i print outhe memory between ESP & 0xFFFFE000 and ESP, I have many
null values at the beginning of the memory, which i do not explain to
I guess that there is some mapping between the address seen by the DomU
and the address in the hypervisor where i should read the memory, but i
do not get how to perform that mapping.
Any help, hints or pointers to some doc will be welcomed.
Xen-introspect mailing list
Xen-introspect [at] lists