From mboxrd@z Thu Jan 1 00:00:00 1970 From: Wei Liu Subject: Re: Help in fixing a issue Date: Fri, 5 Feb 2016 11:08:38 +0000 Message-ID: <20160205110838.GV23178@citrix.com> References: <20160205104802.GA13808@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aReFq-0000kg-Uc for xen-devel@lists.xenproject.org; Fri, 05 Feb 2016 11:08:47 +0000 Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: PREETI MISHRA <2013rcp9523@mnit.ac.in> Cc: Xen-devel , Wei Liu List-Id: xen-devel@lists.xenproject.org Add back xen-devel, please use "reply-all" in the future. And please don't top-post. On Fri, Feb 05, 2016 at 10:01:57PM +1100, PREETI MISHRA wrote: > Thanks for the reply, > > actually, I have a virtual machine in which some processes are running. I > want to analysis their behavior using VMI at xen. > Have you checked out libvmi in this case? > My tool has two components:i) xen patch running at hypervisor ii) analyzing > component running at Dom0 > > 1. Xen patch is responsible for collecting the system call information of a > monitored process. It can be syscall no and process id. > - how to take this information? //particularly i want to trap any > execution of monitored programs. > - how to store this information in buffer? > -how to send alert to my another daemon (analyzing component) > running in Dom0. See xentrace / xenanalyze in xen.git. > 2. On receiving alert, analyzing component perform analysis over the > collected data. > - how to send the buffer information (pid and system call no) to > analyzing component? > Anyway, I'm not expert on this. I will let other people to have a look. My gut feeling is that libvmi should be the way to go. Wei.