WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Logging Access to HDD

from [Heiko Wundram] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Logging Access to HDD
From: Heiko Wundram <modelnine@xxxxxxxxxxxxx>
Date: Tue, 19 Apr 2011 12:02:04 +0200
Delivery-date: Tue, 19 Apr 2011 03:03:17 -0700
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=modelnine.org; s=modelnine1012; t=1303207325; bh=8QVzIXTU7+Go1ScIlds+aYJ2APQh4SvTLbZXTCMeV3I=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=kGMhDsY/LRBZ9VhTyCIvuQp5aRrrow/RMYl5sQDviiSGyVKH+pXb4JynApKRiPwJn RLo1rGqu692ndk4duLLTIFrdFWC66BeJenvM1dOZAe4ZNGhk8GSyRcwgcjwqu7BqCi xjsrz8/vQEv5hRawtMZEOyfJ1tjdWcA/rdw1+ViI=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4DAD5968.1030408@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4DAD5296.70204@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <AEC6C66638C05B468B556EA548C1A77D01CC8B2B@trantor> <4DAD5968.1030408@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 
Am 19.04.2011 11:44, schrieb Sebastian Biedermann:
> I dont need to log every single byte, it would be enough to know which
> file is accessed by the domU inside its image.
> So when I use HVM I need to modify qemu and not the xen source?

Won't work: the outer layer only sees block accesses, and not "actual"
file accesses, so you're only able to log (if patching qemu) which
blocks of the virtualized hard disk of your Windows system are accessed.
You'd need to correlate this to additional data that's stored on the
disk itself to find out which file a block that's accessed by the system
belongs to.

Doing this kind of correlation from the outside is hard, and it should
be much easier to plug a device driver into Windows itself which
intercepts the filesystem calls in NTFS.sys (which implements the VFS
for NTFS accesses under windows) to retrieve the accessed files from the
system itself (namely at the layer which knows about the filesystem
structure of an NTFS filesystem, which qemu as hardware virtualizer does
not).

-- 
--- Heiko.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Logging Access to HDD, Michal Novotny
Next by Date:  Re: [Xen-devel] Logging Access to HDD, Michal Novotny
Previous by Thread:  Re: [Xen-devel] Logging Access to HDD, Sebastian Biedermann
Next by Thread:  Re: [Xen-devel] Logging Access to HDD, Michal Novotny
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy