From: maestro <maestro82@gmail.com>
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] How to get guestOS's information
Date: Fri, 27 Oct 2006 00:00:05 +0200 [thread overview]
Message-ID: <1161900005.29751.60.camel@localhost.localdomain> (raw)
In-Reply-To: <001501c6f8cf$b2659bc0$37cb1585@s5pc49>
Am Donnerstag, den 26.10.2006, 16:23 +0900 schrieb KazuyaMatsunaga:
> Hello,
>
> It is impolite to write an unexpected letter. I am a college student in
> Japan. I belong to information processing system laboratory, and I work on
> intrusion detection system. We are developing intrusion detection system
> using system calls. Now, it operates only on Linux. I would like to operate
> it in more platforms. I think it is possible to found guest OS’s
> abnormality by observing it from the hostOS. I would be extremely happy if
> it could be operated on the Qemu. Do you think that it is possible? Now, my
> system uses only processID and frequency of system calls. In a word, I would
> like to know how to get gestOS’s information (processID and frequency of
> system calls).
>
>
>
> Any help would be greatly appreciated.
>
>
>
> Regards,
>
> kazuya
hello kazuya!
some people here commented on the system call problems. i'd like to say
some words about processIDs:
You might want to consider useing the Page Directory Base Register (PDBR
aka cr3 or in qemu-x86 env->cr[3]) to idenify differnet processes. afaik
it is then OS-dependant how to get the corresponding PID. I did this for
windows and i assume it's a lot easier to do the same for linux/*BSD (as
the source is available). Since you probably will need to check for the
current process quite often, the shorter access times for this
information might come in handy.
cheers
m.
next prev parent reply other threads:[~2006-10-26 22:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-26 7:23 [Qemu-devel] How to get guestOS's information KazuyaMatsunaga
2006-10-26 16:21 ` Rob Landley
2006-10-26 17:53 ` andrzej zaborowski
2006-10-26 18:06 ` andrzej zaborowski
2006-10-26 22:00 ` maestro [this message]
2006-10-26 22:08 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1161900005.29751.60.camel@localhost.localdomain \
--to=maestro82@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).