cpu_physical_memory_read(target_phys_addr_t addr, uint8_t *buf, int len)
requires as input parameter the "physical"? memory address...
My goal is to be able to scan the --entire-- guest kernel memory
in search for particular content patterns.
How would you proceed?
Where can I get start and end addresses that are of interest to me?
I doubt a -linear- scan between those addresses would work for my goals?
Am I wrong?
thanks in advance for any hint,
GM
From: Avi Kivity
Date: 2009/2/4
Subject: Re: Accessing guest memory from the host
To: Gioacchino Mendola <gioacchino.mendola@xxxxxxxxx>
Gioacchino Mendola wrote:
I would like,
with security in mind (see lkcd.sourceforge.net),
to be able to access guest -kernel- memory content from the host
(x86_64 Intel VT).
As far as I know on x86 you can only r/w access memory if you can map
it with the pagetables
(i.e. no direct physical addressing is possible).
If I am correct, I need some "sort" of pagetable mapping/translation
and I hope to be able to find some (even just partially)
useful function inside kvm/qemu.
You can read any memory you like from withing qemu with
cpu_physical_memory_read(), without touching page tables at all.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
