From mboxrd@z Thu Jan 1 00:00:00 1970 From: Razvan Cojocaru Subject: Mem_event API and MEM_EVENT_REASON_SINGLESTEP Date: Thu, 29 Nov 2012 16:38:45 +0200 Message-ID: <50B77375.9070904@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: "xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org Hello, I'm interested in using the mem_event API (or it's LibVMI wrapper), but I'm interested in capturing write events anywhere in a domU guest's memory, _and_ not just once for each page write, but every time a page is being written to. To this end, I've looked at the xen-access.c example, where at first all the pages are being monitored: xc_hvm_set_mem_access(xch, domain_id, HVMMEM_access_rx, ~0ull, 0); xc_hvm_set_mem_access(xch, domain_id, HVMMEM_access_rx, 0, xenaccess->domain_info->max_pages); Then, after an event is received: xc_hvm_set_mem_access(xch, domain_id, HVMMEM_access_rwx, req.gfn, 1); thus allowing 'rwx' access to 1 page starting at req.gfn. This strategy indeed allows me to inspect writes to any page of the guest OS, however I can only do this once per page. Once the page is allowed HVMMEM_access_rwx access, any subsequent writes to it become unavailable to my dom0 userspace tool (I'm "unregistering" for that page-specific event). The author of LibVMI's events code has suggested that I might enable writes to that page, single step past the write instruction, and then disable writes again. Two questions: 1. I haven't been able to find an example of how single-stepping via the mem_event API might work. Can you point me to some code that does this (or a paper, etc.)? 2. Is there any other way to achieve what I'm after? Thanks, Razvan Cojocaru