From: Heiko Wundram <modelnine@modelnine.org>
To: xen-devel@lists.xensource.com
Subject: Re: Logging Access to HDD
Date: Tue, 19 Apr 2011 12:02:04 +0200 [thread overview]
Message-ID: <4DAD5D9C.1020105@modelnine.org> (raw)
In-Reply-To: <4DAD5968.1030408@seceng.informatik.tu-darmstadt.de>
Am 19.04.2011 11:44, schrieb Sebastian Biedermann:
> I dont need to log every single byte, it would be enough to know which
> file is accessed by the domU inside its image.
> So when I use HVM I need to modify qemu and not the xen source?
Won't work: the outer layer only sees block accesses, and not "actual"
file accesses, so you're only able to log (if patching qemu) which
blocks of the virtualized hard disk of your Windows system are accessed.
You'd need to correlate this to additional data that's stored on the
disk itself to find out which file a block that's accessed by the system
belongs to.
Doing this kind of correlation from the outside is hard, and it should
be much easier to plug a device driver into Windows itself which
intercepts the filesystem calls in NTFS.sys (which implements the VFS
for NTFS accesses under windows) to retrieve the accessed files from the
system itself (namely at the layer which knows about the filesystem
structure of an NTFS filesystem, which qemu as hardware virtualizer does
not).
--
--- Heiko.
next prev parent reply other threads:[~2011-04-19 10:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-19 9:15 Logging Access to HDD Sebastian Biedermann
2011-04-19 9:35 ` James Harper
2011-04-19 9:44 ` Sebastian Biedermann
2011-04-19 9:54 ` Michal Novotny
2011-04-19 12:52 ` Sebastian Biedermann
2011-04-19 10:02 ` Heiko Wundram [this message]
2011-04-19 10:08 ` Michal Novotny
2011-04-19 10:18 ` Laszlo Ersek
2011-04-19 10:22 ` Michal Novotny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DAD5D9C.1020105@modelnine.org \
--to=modelnine@modelnine.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).