WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-api

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-API] Hypercall to modify IDT - rootkit development

from [Elena] [Permanent Link][Original]
To: xen-api@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-API] Hypercall to modify IDT - rootkit development
From: Elena <elena.junk@xxxxxxxxx>
Date: Tue, 9 Feb 2010 20:31:51 +0100
Delivery-date: Tue, 09 Feb 2010 11:31:49 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=A2qwS5yZwzNNYh5UkrjKRPHQFSbQ5kVIQ2EZ1w4Otqs=; b=ftSCOQlCSFdHl5S2auxp1yxY6+p+i9nr+k82duIWrDarEHZbT6qRbK/HJkxX0mQSCh rPvp9xiEWLusR8pFv9SMwtoKS9zYw8eNlFbJ0igAdKBOxW3168+woz2EnFnXJZC5e91u jFxVjRMyNdWcqHAYHVUp+8/oD//h/RxhkP8AM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=f7VBWq6lMdJEpFXxrev0vKckM15IdKZwCa37fdIDXnb8H1Q6omq4Ns455yfyv8xc5j C4Bq5bfrE3iTKQdjFzd2EQlMk69JzL0JHUxtC54tmUIyTGC0YUZDK/hFOOZYOCwI65fC iEObFXQW5GCNl+RBZpwF//epp3QyU4ojwLOb4=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
Hi,

I'd like to try a construct a simple rootkit for guest paravirtualized VM in Xen (linux 2.6.18.8 kernel and xen 3.2.1).
I'd like to do a Interrupt Hooking, like modifying the first few instructions of the interrupt handler.
I know that in a guest paravirtualization it is a virtual IDT, but I don't know how to modify it.
What hypercall is involved to do this?

In other words I'd like testing my hypercall interception from dom0, with a final aim to detect those type of rootkit.

Thanks in advance and sorry for my English :-)
Elena
 
_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-API] Hypercall to modify IDT - rootkit development, Elena <=
Previous by Date:  [Xen-API] [PATCH] consider host liveness when forwarding VDI.copy, David Scott
Next by Date:  [Xen-API] Re: Xen-API SDK - VM create, Chonduy Nguyen
Previous by Thread:  [Xen-API] [PATCH] consider host liveness when forwarding VDI.copy, David Scott
Next by Thread:  [Xen-API] Re: Xen-API SDK - VM create, Chonduy Nguyen
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy