[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] How to get guestOS's information

From: maestro
Subject: Re: [Qemu-devel] How to get guestOS's information
Date: Fri, 27 Oct 2006 00:00:05 +0200

Am Donnerstag, den 26.10.2006, 16:23 +0900 schrieb KazuyaMatsunaga:
> Hello,
> It is impolite to write an unexpected letter. I am a college student in 
> Japan. I belong to information processing system laboratory, and I work on 
> intrusion detection system. We are developing intrusion detection system 
> using system calls. Now, it operates only on Linux. I would like to operate 
> it in more platforms. I think it is possible to found guest OS’s 
> abnormality by observing it from the hostOS. I would be extremely happy if 
> it could be operated on the Qemu. Do you think that it is possible? Now, my 
> system uses only processID and frequency of system calls. In a word, I would 
> like to know how to get gestOS’s information (processID and frequency of 
> system calls).
> Any help would be greatly appreciated.
> Regards,
> kazuya
hello kazuya!

some people here commented on the system call problems. i'd like to say
some words about processIDs:
You might want to consider useing the Page Directory Base Register (PDBR
aka cr3 or in qemu-x86 env->cr[3]) to idenify differnet processes. afaik
it is then OS-dependant how to get the corresponding PID. I did this for
windows and i assume it's a lot easier to do the same for linux/*BSD (as
the source is available). Since you probably will need to check for the
current process quite often, the shorter access times for this
information might come in handy.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]